MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd3f9ee2a7b4e35be97140818562dc4470f90705cbd959e87c07ed983692e33d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 13

Intelligence 13 IOCs 1 YARA File information Comments

SHA256 hash:	fd3f9ee2a7b4e35be97140818562dc4470f90705cbd959e87c07ed983692e33d
SHA3-384 hash:	89d9675721c69e20f06f7da033d08d26a221339d416866ee5dfc49c6bf4288822318354da8aa86afc8984ed0e396af0f
SHA1 hash:	a33c992ed05eade6a43d433dee758cb96e973035
MD5 hash:	78a23c74a462c03d21a258bc0756e2cb
humanhash:	beryllium-chicken-cola-lactose
File name:	78a23c74a462c03d21a258bc0756e2cb.exe
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	7'824'384 bytes
First seen:	2022-10-24 17:35:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	55b10b9a68cf4c9445f709a0442d415e (6 x RecordBreaker)
ssdeep	196608:GdGjQbuqQV8FhlrU0NGt4JsWeaupDAXAZtpPbxpLQFm9:Zjzz8FLUTt4JsWeFpMADpC
Threatray	120 similar samples on MalwareBazaar
TLSH	T10276239323214595E4F64C72A523FCB531F2CEAB59825C7960FABCC778375B12A0BA43
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	e6a2b2cccc5192e0 (1 x RecordBreaker)
Reporter	abuse_ch
Tags:	exe recordbreaker

abuse_ch

RecordBreaker C2:
http://217.182.36.132/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://217.182.36.132/	https://threatfox.abuse.ch/ioc/924909/

Intelligence

File Origin

# of uploads :

# of downloads :

194

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

raccoon

ID:

File name:

78a23c74a462c03d21a258bc0756e2cb.exe

Verdict:

Malicious activity

Analysis date:

2022-10-24 17:37:43 UTC

Tags:

trojan raccoon recordbreaker

Link:

https://app.any.run/tasks/e6ad3f4e-143c-4163-9831-a3ca761ac2ea

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RaccoonV2

Link:

https://www.capesandbox.com/analysis/323542/

Detection(s):

SecuriteInfo.com.Trojan.Generic.31875096.26273.18207.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/45088/overview

Behaviour

MalwareBazaar

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/2d20c297-3bd6-4b69-a015-e95b41725c4b

Result

Threat name:

Raccoon Stealer v2

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1097000

Signature

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Snort IDS alert for network traffic

Tries to detect virtualization through RDTSC time measurements

Yara detected Raccoon Stealer v2

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fd3f9ee2a7b4e35be97140818562dc4470f90705cbd959e87c07ed983692e33d/

Threat name:

Win32.Spyware.Raccoonstealer

Status:

Suspicious

First seen:

2022-10-18 13:17:19 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

20 of 26 (76.92%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7u7z5yvhwtrvx2lricaykyw4irypsbyfzpmvt2d4a7wzqnus4m6q._file

Verdict:

malicious

Label(s):

raccoon

RecordBreaker

4671293ca0aceab6572cb9396bfef9371d51ec2505885b8bf453d693300dafb0

RecordBreaker

4d70a2e9f63fea018db99bef6cecbf094255c52f6e2bd9d1d7458e637efb9172

RecordBreaker

4e73230986aab0ad40dbd475ca56fe0f207ff5d935f766a46cd4675e6bc27229

RecordBreaker

6b8dac8326076b76369a8eb4e316a86a7663b597aeffe89b35e86c02aa5df4c0

RecordBreaker

72b24e99cdd46d7cee31af6d8858782b775db1753d4ed954774a2b1306d5dd89

RecordBreaker

8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0

RecordBreaker

ba9b4ed1a5f1e4f658430f393969f1b6a602c5534d745ad3f12fae35cf2a64d1

RecordBreaker

eddbfe52ba633950c388e0303d5a04453f9ba9e3a3cdc60f9a1355707cd209e6

RecordBreaker

+ 110 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:e10a3ab78165c8b55a0e79cd632b9439 stealer

Link:

https://tria.ge/reports/221024-v6lcmshhb6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Raccoon

Malware Config

C2 Extraction:

http://217.182.36.132

Unpacked files

SH256 hash:

be30e11f0085e714ddd39d2f1fe572729ca649f9206a4106b54a748de364d77d

MD5 hash:

9a44442ec7aa60fb60f31c3496f793ca

SHA1 hash:

39b1552a6c09de8c2160bd66a7093b1aaedd3e63

Detections:

raccoonstealer

Link:

https://www.unpac.me/results/96d5332e-0e5b-4d5e-ab69-320766ca187b/

SH256 hash:

fd3f9ee2a7b4e35be97140818562dc4470f90705cbd959e87c07ed983692e33d

MD5 hash:

78a23c74a462c03d21a258bc0756e2cb

SHA1 hash:

a33c992ed05eade6a43d433dee758cb96e973035

Link:

https://www.unpac.me/results/96d5332e-0e5b-4d5e-ab69-320766ca187b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fd3f9ee2a7b4e35be97140818562dc4470f90705cbd959e87c07ed983692e33d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/323542/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample