recordbreaker

General

Target

Monolith Free D Crack d357d2295de5586d.zip
Size

9.6MB
Sample

220618-d8l9aahac5
MD5

d7c9722b9ff7816a166a39019dfa11cf
SHA1

70f5178fe7657b66187d5dc8a1b3be39c429e340
SHA256

55275f4ece4743cdbea40bb129c75ebf5f01c3135da0e9d58efa452b49756f3a
SHA512

f7320c9c5111bb096eac635fede14c082e16735a15bc3b73dcd331de595beda9532677498b976845b74b2d9831bcd71d0c754bcd92b802d02486db5f62643731

Score

10^/10

Malware Config

Extracted

Family

recordbreaker

C2

http://146.19.247.52/

http://77.91.102.115/

Targets

- Target
  
  setup/AISetup.exe
- Size
  
  465.0MB
- MD5
  
  e729c14e3ba0a6eff92196a8047c3a08
- SHA1
  
  5c27015b56dcc63b058518a5bf9d7535354ebe9b
- SHA256
  
  07cc8639fd86e1d80e664ff18a2f45f163b736f0bd28a2b166a00c0733d656dd
- SHA512
  
  45a00dc294626e68a9f2ca0a183a2c24e2aaa778eadd5d2a76ba2814d6886f73196a605e2e23fce3d5efb701da1c9af967560a8a3d01556d4ea2ad2b6540b53d
Score

10^/10

recordbreaker evasion stealer suricata themida trojan
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
  suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
  suricata
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  setup/Pre-Activated-Setup.exe
- Size
  
  465.0MB
- MD5
  
  3e2d0c1798a20041337629893cb2b2ea
- SHA1
  
  9cdecbd7cbd1ba85383e5ede6208fdd905d254b8
- SHA256
  
  00a7d52ecb3440aaceabcad78feda2eb9bb94e7431ca32a2dc799f9031b51e1c
- SHA512
  
  597e58a01f3d5e87fcb76384a8efb7af4f0e143a656506d9c572e5c73a851ec4138c0e82e36095c7dbfdf347ba0b306b1dc5cdddf5b84a2aae27d64b8be07deb
Score

10^/10

recordbreaker evasion stealer themida trojan
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Generic Stealer Config Download Request

suricata: ET MALWARE Recordbreaker Stealer CnC Checkin

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

RecordBreaker

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4