MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc89f7167628e95935070f6a72c859da69a91655e72c4d8c8e31fbac73c2d379. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc89f7167628e95935070f6a72c859da69a91655e72c4d8c8e31fbac73c2d379
SHA3-384 hash: 0c9b2c46f50f518e842a6e5d2ea4548d249d18ab0200b26fdaa8d4ee77cbaf5134c242550d51308f821d826346beb508
SHA1 hash: 2503a1d824af32214f3102d6e0d2e52d439b91f8
MD5 hash: bc338e23e5411697561306eabb29bd9c
humanhash: lion-jupiter-michigan-whiskey
File name:fc89f7167628e95935070f6a72c859da69a91655e72c4.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:113'152 bytes
First seen:2023-03-28 16:25:54 UTC
Last seen:2023-03-28 20:32:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 97d41417e1c898a9dc85fb4d98655fda (4 x RecordBreaker)
ssdeep 1536:/ja4qX8uFJQvccqJ4QFn8XwcWwH7Yq8BG8TcdayFtvhV732+oOl8s4PBqZ1zObEg:/jYPQRQmr8YLNL6dzjPAvZjy5g
Threatray 1'250 similar samples on MalwareBazaar
TLSH T16EB3C90D96D2B81AC354A8759243E8736B164D7CBCE95DDEADCB8E3221F64502CACFC1
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4505/5/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe recordbreaker


Avatar
abuse_ch
RecordBreaker C2:
http://213.226.100.108/

Intelligence

File Origin
# of uploads :
2
# of downloads :
280
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
fc89f7167628e95935070f6a72c859da69a91655e72c4.exe
Verdict:
Malicious activity
Analysis date:
2023-03-28 16:27:22 UTC
Tags:
raccoon recordbreaker trojan loader
Link:
https://app.any.run/tasks/e9efd47a-1359-490f-b00b-6fa95ccb3c26

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/378231/
Detection(s):
SecuriteInfo.com.Variant.Agiala.32.32476.9628.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/75462/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed raccoon
Link:
https://www.filescan.io/uploads/6423151b6ed02dd52de5ad92/reports/c4dca63d-17c6-49bc-8cca-be80edd8a232/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/fc89f7167628e95935070f6a72c859da69a91655e72c4d8c8e31fbac73c2d379
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/054532a0-6816-4de1-a612-4fa250833408
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1203656
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Found potential ransomware demand text
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc89f7167628e95935070f6a72c859da69a91655e72c4d8c8e31fbac73c2d379/
Threat name:
Win32.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2023-03-28 03:48:58 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7se7oftwfduvsnihb5vhfscz3ju2sfsv44we3deogh52y46c2n4q._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
25139b1e194865c93db98514375b74971e11a690d53b6030014830d019458313
RecordBreaker
3427583e84dda3d92aab9f9b9050d7cfe9bcb43094acc08f02f0166f310702cc
RecordBreaker
4ef70b979f1256128e03458bca91eb840c141ca488d40249a79a7f5b41bb9115
RecordBreaker
9f6b69057e19a7fd08aab0b2df861a65337207dcfac2d6fbd0d1c0a2b75670e7
RecordBreaker
d78277798307b83a9a1c0d695abec585b290fe1fe69556f62e6bec7e1ba37e26
RecordBreaker
d7dbd00ed7ac7cc441643b96aa96a1bc994f64ad20fe2d894f5a51b3d50ab53a
RecordBreaker
d80111cba6cb72d44025721523aaf389f6da96751582caa79cc4bb52287008aa
RecordBreaker
e7924441cf355557372d5d058eeb30341f9bb4be80f54449ea66b288d183b928
RecordBreaker
f3d62ca6b2dfd77bd362dc1f4ec6e99bb43302e82583e6e8dce38df9ea1f6fe5
RecordBreaker
+ 1'240 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:301867536c206e3dae52e6d17c16cc9b
Link:
https://tria.ge/reports/230328-txhdysca26/
Malware Config
C2 Extraction:
http://213.226.100.108/
Unpacked files
SH256 hash:
fc89f7167628e95935070f6a72c859da69a91655e72c4d8c8e31fbac73c2d379
MD5 hash:
bc338e23e5411697561306eabb29bd9c
SHA1 hash:
2503a1d824af32214f3102d6e0d2e52d439b91f8
Link:
https://www.unpac.me/results/89c35557-b3a1-4d7e-9278-9cd84ff11079/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fc89f7167628e95935070f6a72c859da69a91655e72c4d8c8e31fbac73c2d379

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe fc89f7167628e95935070f6a72c859da69a91655e72c4d8c8e31fbac73c2d379

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/378231/
  
URLhaus
https://urlhaus.abuse.ch/url/2589179/
  
Delivery method
Distributed via web download

Comments