recordbreaker | b7104e1420fbcdd4a78b02069f32d4882d38203dcb5f73509b60cc1567dac437 | Triage

Submit
Reports

Overview

overview

Static

static

8

winprofile

windows7_x64

winprofile

windows10_x64

Sharing

General

Target

b7104e1420fbcdd4a78b02069f32d4882d38203dcb5f73509b60cc1567dac437
Size

392.0MB
Sample

220621-d96pbachb2
MD5

8a121fd92c5ccf804f7682de0aa4f685
SHA1

5723e27841445373e1816ef142aa80970ae1d469
SHA256

b7104e1420fbcdd4a78b02069f32d4882d38203dcb5f73509b60cc1567dac437
SHA512

368aa322e2884a75d4afa16c4c092f1cbf989f1fa8193744be224bed474c7fa13acf0996944b3bab74e72cf7fb8b53e50a6ef3a454f12c4a4c7ecb0bc80503cd

Score

10^/10

recordbreaker evasion stealer themida trojan vmprotect

Static task

static1

vmprotect themida

Behavioral task

behavioral1

Sample

b7104e1420fbcdd4a78b02069f32d4882d38203dcb5f73509b60cc1567dac437.exe

Resource

win7-20220414-en

recordbreaker evasion stealer themida trojan vmprotect

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b7104e1420fbcdd4a78b02069f32d4882d38203dcb5f73509b60cc1567dac437.exe

Resource

win10-20220414-en

recordbreaker evasion stealer themida trojan vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

recordbreaker

C2

http://violance-heck.site/

http://roll-rave.site/

Targets

- Target
  
  b7104e1420fbcdd4a78b02069f32d4882d38203dcb5f73509b60cc1567dac437
- Size
  
  392.0MB
- MD5
  
  8a121fd92c5ccf804f7682de0aa4f685
- SHA1
  
  5723e27841445373e1816ef142aa80970ae1d469
- SHA256
  
  b7104e1420fbcdd4a78b02069f32d4882d38203dcb5f73509b60cc1567dac437
- SHA512
  
  368aa322e2884a75d4afa16c4c092f1cbf989f1fa8193744be224bed474c7fa13acf0996944b3bab74e72cf7fb8b53e50a6ef3a454f12c4a4c7ecb0bc80503cd
Score

10^/10

recordbreaker evasion stealer themida trojan vmprotect
- Raccoon ver2
  Raccoon ver2.
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

vmprotectthemida

behavioral1

recordbreakerevasionstealerthemidatrojanvmprotect

behavioral2

recordbreakerevasionstealerthemidatrojanvmprotect

© 2018-2024

Terms | Privacy