General
-
Target
6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04
-
Size
4.1MB
-
Sample
220621-df8a2scaa9
-
MD5
361082e2534e6bf2faa27de1fd76492a
-
SHA1
5f2f00698de0a9f6f5b31bf495cf12597c510f7c
-
SHA256
6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04
-
SHA512
43b9ba0e2636f6f2ad726fe4d71b2e44e96e4ecf413c1f544bd245ba64f1cca7056372602b9bfd6f1f0174e05bcc2894cfbfdbf451e007d6d96e566d44a2d436
Static task
static1
Behavioral task
behavioral1
Sample
6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04.exe
Resource
win10-20220414-en
Malware Config
Extracted
recordbreaker
http://185.227.111.81/
Targets
-
-
Target
6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04
-
Size
4.1MB
-
MD5
361082e2534e6bf2faa27de1fd76492a
-
SHA1
5f2f00698de0a9f6f5b31bf495cf12597c510f7c
-
SHA256
6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04
-
SHA512
43b9ba0e2636f6f2ad726fe4d71b2e44e96e4ecf413c1f544bd245ba64f1cca7056372602b9bfd6f1f0174e05bcc2894cfbfdbf451e007d6d96e566d44a2d436
Score10/10-
Raccoon ver2
Raccoon ver2.
-
RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-