Overview

overview

10

Static

static

048c011323...59.exe

windows7_x64

10

048c011323...59.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059

  • Size

    55KB

  • Sample

    220609-ztaslagec8

  • MD5

    1d7d285f77ed5460fe9aada4c04dcfcf

  • SHA1

    9c6e393d8b2eac432720518f8991c86ad8fa94b7

  • SHA256

    048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059

  • SHA512

    cfcd38cd8c12a80ad7d26442979bb5ac44541866810951eaf8d2fc709d1e9cb3cbe187065ff547717d3babe8abf9f98c2b04562dca992b63ff54c5465746f5e4

Score
10/10
recordbreakerdiscoveryspywarestealersuricata

Malware Config

Targets

    • Target

      048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059

    • Size

      55KB

    • MD5

      1d7d285f77ed5460fe9aada4c04dcfcf

    • SHA1

      9c6e393d8b2eac432720518f8991c86ad8fa94b7

    • SHA256

      048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059

    • SHA512

      cfcd38cd8c12a80ad7d26442979bb5ac44541866810951eaf8d2fc709d1e9cb3cbe187065ff547717d3babe8abf9f98c2b04562dca992b63ff54c5465746f5e4

    Score
    10/10
    recordbreakerdiscoveryspywarestealersuricata

    • RecordBreaker

      RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

      stealerrecordbreaker

    • suricata: ET MALWARE Generic Stealer Config Download Request

      suricata: ET MALWARE Generic Stealer Config Download Request

      suricata

    • suricata: ET MALWARE Generic Stealer Sending System Information M1

      suricata: ET MALWARE Generic Stealer Sending System Information M1

      suricata

    • suricata: ET MALWARE Recordbreaker Stealer CnC Checkin

      suricata: ET MALWARE Recordbreaker Stealer CnC Checkin

      suricata

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks