recordbreaker | 516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e | Triage

Sharing

General

Target

516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e
Size

55KB
MD5

7894ab366f0b984ce78d7ef9724cec0d
SHA1

48ca383575fdc914ed3436d40201eae6bac55007
SHA256

516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e
SHA512

bf2ecf43f4ce7451489aa9d16acfe3c9d528ec0d0b924b864630a058e38147626e4f4815cd540f9da7df507af4242e6623d645a20ed46ec1d1020dfe7cec7155
SSDEEP

1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDXANyCa:wwshK8yMexbW9vJVDXANs

Score

10^/10

recordbreaker

Malware Config

Extracted

Family

recordbreaker

C2

http://51.195.166.184/

Signatures

Raccoon ver2 1 IoCs

Raccoon ver2.

Processes:

resource	yara_rule
sample	raccoon_v2

Recordbreaker family
recordbreaker

Files

516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e
.exe windows x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ