MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e92b4f323c469808f029e3d970b30684c4a23d652fa1c7da324e14cbd6d04709. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 17


Intelligence 17 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e92b4f323c469808f029e3d970b30684c4a23d652fa1c7da324e14cbd6d04709
SHA3-384 hash: 0fcd19040a7d16dcf501d675ace8eda50d992a51d58cb20b99d97eb838322257fffc62d43c989659d1e056611ed2e3e6
SHA1 hash: bd17c8fcecb2c448a647e23f17998561662604e3
MD5 hash: 4e4bd491a86e7c94714b3fa69d774e9f
humanhash: golf-ohio-pasta-venus
File name:4e4bd491a86e7c94714b3fa69d774e9f.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:7'785'344 bytes
First seen:2022-10-22 11:15:39 UTC
Last seen:2022-10-22 12:13:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 55b10b9a68cf4c9445f709a0442d415e (6 x RecordBreaker)
ssdeep 196608:6ihTG5fek6W1f6G0BdyqJ7ON9xdtYHgLkbL+PbjiXPr0i:7hTG5fAkiDdxixdUHufi/Ii
Threatray 112 similar samples on MalwareBazaar
TLSH T1C176FF5E22D48045D89DCC356126F9F461A93E1E4EC098796FBB3DAD36237A3870E933
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 00c09eeef47979b2 (2 x RecordBreaker)
Reporter abuse_ch
Tags:exe recordbreaker


Avatar
abuse_ch
RecordBreaker C2:
http://45.153.242.180/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://45.153.242.180/ https://threatfox.abuse.ch/ioc/915881/

Intelligence

File Origin
# of uploads :
2
# of downloads :
238
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
Stemix.bin
Verdict:
Malicious activity
Analysis date:
2022-10-19 00:54:27 UTC
Tags:
trojan raccoon recordbreaker loader stealer
Link:
https://app.any.run/tasks/bd1e6bef-8c15-46d4-b791-0deaf60f4125

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RaccoonV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/322626/
Detection(s):
SecuriteInfo.com.Trojan.Siggen18.61624.15341.26405.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending an HTTP POST request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/44400/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware overlay packed raccoon raccoonstealer racealer
Link:
https://www.filescan.io/uploads/6353d0f366721ebd9b2f6c82/reports/443e9325-d8b9-438f-89a2-4c577dcd2563/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/eb7167ab-daa4-4155-9e16-f2afc29e655c
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1095467
Signature
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Snort IDS alert for network traffic
Tries to detect virtualization through RDTSC time measurements
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e92b4f323c469808f029e3d970b30684c4a23d652fa1c7da324e14cbd6d04709/
Threat name:
Win32.Spyware.Raccoonstealer
Create hunting rule
Status:
Suspicious
First seen:
2022-10-19 02:26:47 UTC
File Type:
PE (Exe)
Extracted files:
19
AV detection:
23 of 42 (54.76%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5evu6mr4i2mar4bj4pmxbmygqtckeplff6q4pwrsjykmxvwqi4eq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
43b95532737d0ccc0b957d1ab3e6ba4310b4618eec3fa485736b8f0a35cb157c
RecordBreaker
4e73230986aab0ad40dbd475ca56fe0f207ff5d935f766a46cd4675e6bc27229
RecordBreaker
6b8dac8326076b76369a8eb4e316a86a7663b597aeffe89b35e86c02aa5df4c0
RecordBreaker
774fa8863d2cb1747c338ef9023103d535715b30b6d5450a9ee146663d77c89b
RecordBreaker
83303bd8432e42ddbc86aa5f2fba7b07ded48ef47ec39d42f62b410081b14090
RecordBreaker
ba9b4ed1a5f1e4f658430f393969f1b6a602c5534d745ad3f12fae35cf2a64d1
RecordBreaker
+ 102 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:7c8382f6564c7ad3408fc5d9a1df98c2 stealer
Link:
https://tria.ge/reports/221022-nc5e4acham/
Behaviour
Suspicious behavior: EnumeratesProcesses
Raccoon
Malware Config
C2 Extraction:
http://45.153.242.180/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/9fb561ad-66cd-43ac-b871-7ebfea3c3ec0
Unpacked files
SH256 hash:
824588e22d5bb59e7bd1cb3052a797aa2848d261e8685fdb9a389a5fde910d56
MD5 hash:
2e47f6a02b0c0b24ae80318416cf84ac
SHA1 hash:
e83a40de60a0d1b40773d52e21b30e85f18392dd
Detections:
raccoonstealer
Create hunting rule
Link:
https://www.unpac.me/results/ddf96c84-e484-428a-91ec-ad7cae41a5e5/
SH256 hash:
e92b4f323c469808f029e3d970b30684c4a23d652fa1c7da324e14cbd6d04709
MD5 hash:
4e4bd491a86e7c94714b3fa69d774e9f
SHA1 hash:
bd17c8fcecb2c448a647e23f17998561662604e3
Link:
https://www.unpac.me/results/ddf96c84-e484-428a-91ec-ad7cae41a5e5/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e92b4f323c46/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e92b4f323c469808f029e3d970b30684c4a23d652fa1c7da324e14cbd6d04709

File information

The table below shows additional information about this malware sample such as delivery method and external references.

RecordBreaker

Executable exe e92b4f323c469808f029e3d970b30684c4a23d652fa1c7da324e14cbd6d04709

(this sample)

RecordBreaker

Executable exe 6d56fef8303cf1e45a9cab5964a82c9264d902c5ba7c8480613f2357db61f0b0

Cape
Cape
https://www.capesandbox.com/analysis/322626/
  
Dropping
SHA256 6d56fef8303cf1e45a9cab5964a82c9264d902c5ba7c8480613f2357db61f0b0
  
Dropping
MD5 c83a27859a197277ecff8561db6d4831

Comments