Dosya Kimliği
| SHA256 | fa6b29b3dc5d47fd549c0cde37077d1b6cb9cfa888ee89a3b5c2e7d1f4a0b8e6 |
|---|---|
| Boyut | 84.480 byte |
| String Sayisi | 1.207 |
MetaMask Kripto Cuzdan Hedefi
metamask.io -- MetaMask kripto cuzdan hedef domaini webextension@metamask.io -- MetaMask tarayici eklentisi email SOFTWARE\Microsoft\Cryptography -- Windows Kripto API wallet.dat, wallets -- Kripto cuzdan dosyasi hedefleri
Tarayici Kimlik Bilgisi Calma
Login Data -- Chrome/Edge sifreli sifre veritabani User Data -- Tarayici profil klasoru \cookies.txt -- Cerez dosyasi hedefi InternetOpenUrlW, InternetOpenUrlA -- WinInet C2 iletisimi
RecordBreaker Hakkinda
RecordBreaker (Raccoon Stealer v2), Raccoon Stealer'in 2022'deki guncellenmis versiyonudur. C++ ile yazilmistir. Tarayici sifreleri, kripto cuzdanlar, Discord, Steam, Telegram ve 30+ uygulama hedefler. MetaMask gibi kripto cuzdan tarayici eklentilerini ozellikle hedefler. MaaS (Malware-as-a-Service) olarak satilir.
IOC
| SHA256 | fa6b29b3dc5d47fd549c0cde37077d1b6cb9cfa888ee89a3b5c2e7d1f4a0b8e6 |
|---|---|
| Hedef | MetaMask (metamask.io) |
| Hedef Dosya | wallet.dat, Login Data, Cookies |
RecordBreaker — Malware Profile
RecordBreaker Raccoon 2.0 stealer. BABYKEYXOE XOR key hidden message. 72-char uppercase encrypted config. press developer debug PDB. MD5 decryptor.
Technical Details
Infostealer ailesi: TCP C2 protokolu, kalicilik mekanizmasi (Registry/Task Scheduler), keylogger, ekran goruntüsü, uzak kabuk, dosya yoneticisi, process manager, anti-analiz kontrolleri
Capabilities & Behavior
IOC List (1 indicators)
# SHA256
fa6b29b3dc5d47fd549c0cde37077d1b6cb9cfa888ee89a3b5c2e7d1f4a0b8e6
| Type | Value | Note |
|---|---|---|
| sha256 | fa6b29b3dc5d47fd549c0cde37077d1b6cb9cfa888ee89a3b5c2e7d1f4a0b8e6 |
C2 Servers (2 recorded servers for this family)
| Address | Type | Port | Protocol | Status | Country |
|---|---|---|---|---|---|
| 188.120.241.201 | ip | 80 | HTTP | active | RU |
| 103.124.105.230 | ip | 443 | HTTPS | inactive | IN |
C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.