recordbreaker | 12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3 | Triage

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
16/06/2022, 16:33

Sharing

Report Analysis Logs

General

Target

12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3.exe
Size

7.0MB
MD5

ada1cf2fb2812726f5de2f8172da8ded
SHA1

4d04ec7384fb5c76ae17cff1280abedc4e8ebbbe
SHA256

12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3
SHA512

1806bcea0926addc3a73958c98309a3b455ad25667da42832819b4d3576321989dfc2a2ee8a52534a5e7c4a0e31204a7e34e2b3372c7dba12cfe9c293490730c

Score

10^/10

recordbreaker stealer suricata

Malware Config

Signatures

RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
stealer recordbreaker
suricata: ET MALWARE Generic Stealer Config Download Request
suricata: ET MALWARE Generic Stealer Config Download Request
suricata
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4944	12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3.exe
4944	12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3.exe

C:\Users\Admin\AppData\Local\Temp\12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3.exe
"C:\Users\Admin\AppData\Local\Temp\12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4944-130-0x0000000000E20000-0x000000000152F000-memory.dmp

Filesize
7.1MB

Download
memory/4944-131-0x0000000000E20000-0x000000000152F000-memory.dmp

Filesize
7.1MB

Download
memory/4944-132-0x0000000000E20000-0x000000000152F000-memory.dmp

Filesize
7.1MB

Download
memory/4944-133-0x0000000000E20000-0x000000000152F000-memory.dmp

Filesize
7.1MB

Download