General

  • Target

    6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04

  • Size

    4.1MB

  • Sample

    220621-df8a2scaa9

  • MD5

    361082e2534e6bf2faa27de1fd76492a

  • SHA1

    5f2f00698de0a9f6f5b31bf495cf12597c510f7c

  • SHA256

    6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04

  • SHA512

    43b9ba0e2636f6f2ad726fe4d71b2e44e96e4ecf413c1f544bd245ba64f1cca7056372602b9bfd6f1f0174e05bcc2894cfbfdbf451e007d6d96e566d44a2d436

Malware Config

Extracted

Family

recordbreaker

C2

http://185.227.111.81/

Targets

    • Target

      6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04

    • Size

      4.1MB

    • MD5

      361082e2534e6bf2faa27de1fd76492a

    • SHA1

      5f2f00698de0a9f6f5b31bf495cf12597c510f7c

    • SHA256

      6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04

    • SHA512

      43b9ba0e2636f6f2ad726fe4d71b2e44e96e4ecf413c1f544bd245ba64f1cca7056372602b9bfd6f1f0174e05bcc2894cfbfdbf451e007d6d96e566d44a2d436

    • Raccoon ver2

      Raccoon ver2.

    • RecordBreaker

      RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks