General
-
Target
IObit Driver Bo Crack 08e9d1f02a8639c61.zip
-
Size
9.8MB
-
Sample
220620-p84n4sfef7
-
MD5
acf56fefa01a37215305dfb66383d334
-
SHA1
c39ad7a1b365ef27855635b0893de29fab92ee98
-
SHA256
4ecb13484c4c0773e920e0113fbf786b093cc04938bdc542c385f887b076f0ce
-
SHA512
7a6d3eaa6c8f0f07cdb8553d1ad32e012e832ec76cd6463bf0ccbd0535612c47c6f9ffe52bc532e71e33801f4a6750d5b41071e0583f78dd4aa2b8e9a4a39f78
Malware Config
Extracted
recordbreaker
http://45.150.67.175/
http://45.133.216.170/
Targets
-
-
Target
setup/Pre-Activated-FullSetup.exe
-
Size
428.2MB
-
MD5
14027e925ba400d5d3c85269bfb85196
-
SHA1
73e374955b569a9aaa7a0cd37ffdd9b95740a2f0
-
SHA256
86d508d420ebd5516b7c9b0f339357a191340d7fd6ae47cd1fb43f3649d8a556
-
SHA512
8fbd8df47b0359694fa6d0956cc4e5fd75316313a5c7aaef5214e61c1662a0d7755ecc19a453cd43feddb3e53ea8fcfe346b5f19c2501590607d004002749fa8
Score10/10-
RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
-
suricata: ET MALWARE Generic .bin download from Dotted Quad
suricata: ET MALWARE Generic .bin download from Dotted Quad
-
suricata: ET MALWARE Generic Stealer Config Download Request
suricata: ET MALWARE Generic Stealer Config Download Request
-
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
setup/Setup-Crack.exe
-
Size
428.2MB
-
MD5
49a39ad81be36f89ba9f49f69f943e17
-
SHA1
3e56f28082e2f2fb2d96406392e6c26304f1961d
-
SHA256
c6b12597fb67318044f589badb24859544cafc6b53bba4ae9ea9f80d856c8d15
-
SHA512
36ec98255a9b277740530728adb0a21aa55192565c4ba0dd8f44e8e09bc5c1a519f5108a006baed366cdc3504d81425a44aba266f8bf43f18353d278e31115eb
Score10/10-
RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
-
suricata: ET MALWARE Generic .bin download from Dotted Quad
suricata: ET MALWARE Generic .bin download from Dotted Quad
-
suricata: ET MALWARE Generic Stealer Config Download Request
suricata: ET MALWARE Generic Stealer Config Download Request
-
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-