recordbreaker

General

Target

Monolith Free D Crack d357d2295de5586d.7z
Size

9.3MB
Sample

220618-r4ce6scab5
MD5

af8bf4ab609f7e7350cb28805b4b9599
SHA1

94eb4d4941a392b935e24347b1870f6fcc676ee1
SHA256

466b9f78da8c4071e08c0cc02ab02e2ea56d512ea42ce2db18cff4a4bb760025
SHA512

f8299e196ae93ac8690d7f80e77841f0e3c57dac33c450d3154d18610c6fad3d64daf7fc8a606ad53c0b1d35f597a1ca4865de806f5b871e1f2671be5c7244fa

Score

10^/10

Malware Config

Extracted

Family

recordbreaker

C2

http://146.19.247.52/

http://77.91.102.115/

Targets

- Target
  
  3e2d0c1798a20041337629893cb2b2ea.exe.vir
- Size
  
  465.0MB
- MD5
  
  d15cd2b908be614284c9f1ed91761313
- SHA1
  
  35d1fc993d109c42393808c58d9c4222edc0991d
- SHA256
  
  aab6ee6b868c8b96ef1e19a63d40b9f3bf4353866c970e2adf627151c6326fce
- SHA512
  
  e1d65e205703c8b5185b162f49c4e5c2c72ecb3798a1e1143830cbe7e2ac991a3a269b0a2566483b67bba7252414f7595b48a2bcc69bdc64f4c8c8243bc6086c
Score

10^/10

recordbreaker evasion stealer themida trojan
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  e729c14e3ba0a6eff92196a8047c3a08.exe.vir
- Size
  
  465.0MB
- MD5
  
  7e399798abc1a7b3c58a814de3f021bd
- SHA1
  
  dd11c9c4bfffe0685509aa0f05786c8ce417a38f
- SHA256
  
  aed97d020745e4ddca304da24873a349e626b35934fb60201233040799dc4e29
- SHA512
  
  578f88ce33b91a7928500a050c5223ec3d6439e494533b30863b50f59ff6be2bcbd90ad3427e447689b491ea838c9de6ae7c357897761b940b040ff4f932900b
Score

10^/10

recordbreaker discovery evasion spyware stealer suricata themida trojan
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- suricata: ET MALWARE Generic .bin download from Dotted Quad
  suricata: ET MALWARE Generic .bin download from Dotted Quad
  suricata
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
  suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
  suricata
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4