recordbreaker | f051b93953919cbf673b16ba995a3c1aa58e59dcc256b9eaf1cdd2f6b3c7dfd2

Analysis

Target

f051b93953919cbf673b16ba995a3c1aa58e59dcc256b9eaf1cdd2f6b3c7dfd2.exe
Size

179KB
MD5

335d53c4f8fa48cc51f314596dca71e5
SHA1

b5c27e15c1fb752e444a45f8a8cc9ffb92cf6895
SHA256

f051b93953919cbf673b16ba995a3c1aa58e59dcc256b9eaf1cdd2f6b3c7dfd2
SHA512

f0bb636803472826dca5f373e467e5826fecb073323f2758d2942934ec290d029d459f82acc2e0d9c57a1c13f63508dc62657b28b4e6a30a51c702505b9cad44

Score

10^/10

Family

recordbreaker

http://37.1.206.174/

Raccoon ver2 1 IoCs

Raccoon ver2.

resource	yara_rule
behavioral1/memory/776-57-0x0000000000400000-0x00000000008F7000-memory.dmp	raccoon_v2

RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
stealer recordbreaker

C:\Users\Admin\AppData\Local\Temp\f051b93953919cbf673b16ba995a3c1aa58e59dcc256b9eaf1cdd2f6b3c7dfd2.exe
"C:\Users\Admin\AppData\Local\Temp\f051b93953919cbf673b16ba995a3c1aa58e59dcc256b9eaf1cdd2f6b3c7dfd2.exe"
1⤵
PID:776

memory/776-54-0x00000000753B1000-0x00000000753B3000-memory.dmp

Filesize
8KB

Download
memory/776-55-0x00000000002EE000-0x00000000002F7000-memory.dmp

Filesize
36KB

Download
memory/776-56-0x00000000001B0000-0x00000000001BF000-memory.dmp

Filesize
60KB

Download
memory/776-57-0x0000000000400000-0x00000000008F7000-memory.dmp

Filesize
5.0MB

Download
memory/776-58-0x00000000002EE000-0x00000000002F7000-memory.dmp

Filesize
36KB

Download
memory/776-59-0x00000000002EE000-0x00000000002F7000-memory.dmp

Filesize
36KB

Download