General
-
Target
setup.zip
-
Size
11.5MB
-
Sample
220618-xe1pcsafap
-
MD5
9b93818d604d5acf071ba0d8ccf55238
-
SHA1
3c7eae22dc42bf796060ad7a1fafc2b377d7c666
-
SHA256
0b62937b27d7826f2a514e230b5ab508df220f422b2ecca38be0f32647a65c98
-
SHA512
88c1e463587fdabe5fa8796c29ffede824e77031cc4130e0d64eb7f97c710d3c67cd964aa63e946c7bd7637261e7406f99507c5e06b70ea1cf38bb1bc81c84bb
Malware Config
Extracted
recordbreaker
http://45.133.216.170/
http://146.19.247.52/
Targets
-
-
Target
setup/Pre-Activated-Setup.exe
-
Size
428.2MB
-
MD5
15173dce1e7f34b1982d13504a38348a
-
SHA1
d60ba35d66b68d12464bcaf1eb50dc560df477f0
-
SHA256
98786bd9bbeb954b930d591750cdbc3b4a58556bb5dd42ce1c018748becca9a3
-
SHA512
f4d303cd3fdddcd6e86054309e6359bdb9c1db04c4d302c44e94295f0facf5f92703aea88f6a8bf463cf3532ad3818952ebef479cdc44b5e501db1e4ba0aca95
Score10/10-
RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
setup/Setup+Crack.exe
-
Size
428.1MB
-
MD5
2fd256b3be897b7270701dca32e52f2b
-
SHA1
4641f5ef8509457127140817386cd3ab433c701f
-
SHA256
4b03666c196e8ca7206be69a545ff119ee7b9bf121fd79e3da48a2986dd4ac35
-
SHA512
38e680be0477093ba9f0d391ed4e3d65ed888ead5538ac81beb4fb3a9d4c1a007465da51bbae24acefb518bd18e2d7ca2e68902309b0d0d819b0a5c3570acdae
Score10/10-
RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-