Analysis
-
max time kernel
79s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
16/06/2022, 16:33
General
-
Target
0661dbb6a0ff7d84c25ae7dd840cefd470279346bd476f1cff5d766f0902a277.exe
-
Size
7.6MB
-
MD5
0c0c7081c72000e7912d89567b90b866
-
SHA1
55809cce167d93dc3e98d85d98040bd393be0a66
-
SHA256
0661dbb6a0ff7d84c25ae7dd840cefd470279346bd476f1cff5d766f0902a277
-
SHA512
c6a43e19d126f3449195b40237fa2b9eb3f2750974dfe8738fe9d8eaf9d6c642d70db1f8746b698ee06a7a94cc2e05826a2b4a70b6e86b1cd1066ec78e903f52
Score
10/10
Malware Config
Signatures
-
RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
-
suricata: ET MALWARE Generic Stealer Config Download Request
suricata: ET MALWARE Generic Stealer Config Download Request
-
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0661dbb6a0ff7d84c25ae7dd840cefd470279346bd476f1cff5d766f0902a277.exe"C:\Users\Admin\AppData\Local\Temp\0661dbb6a0ff7d84c25ae7dd840cefd470279346bd476f1cff5d766f0902a277.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.6MB
-
Filesize
7.6MB