recordbreaker

General

Target

f6d5c0f3f6c5cd498b605e06c6bf49a66c7cbbedf3480cb3a95229b4dc91e81d
Size

392.1MB
Sample

220621-dtcfjaabbr
MD5

9474e5bacc81c3c9f89ea715f5dc0386
SHA1

ec459f282e66dcd78aa6c1a669416173968261e7
SHA256

f6d5c0f3f6c5cd498b605e06c6bf49a66c7cbbedf3480cb3a95229b4dc91e81d
SHA512

4b896f41138885b0b6ef036a638c49b8025f6c7abf72dd25de645c552b0ee860c4c344ba959fa717e6d5452713e58508556b05500510433772c2ea9fdd9c134e

Score

10^/10

Malware Config

Extracted

Family

recordbreaker

C2

http://45.67.34.234/

http://your-life.site/

Targets

- Target
  
  f6d5c0f3f6c5cd498b605e06c6bf49a66c7cbbedf3480cb3a95229b4dc91e81d
- Size
  
  392.1MB
- MD5
  
  9474e5bacc81c3c9f89ea715f5dc0386
- SHA1
  
  ec459f282e66dcd78aa6c1a669416173968261e7
- SHA256
  
  f6d5c0f3f6c5cd498b605e06c6bf49a66c7cbbedf3480cb3a95229b4dc91e81d
- SHA512
  
  4b896f41138885b0b6ef036a638c49b8025f6c7abf72dd25de645c552b0ee860c4c344ba959fa717e6d5452713e58508556b05500510433772c2ea9fdd9c134e
Score

10^/10

recordbreaker evasion stealer themida trojan vmprotect suricata
- Raccoon ver2
  Raccoon ver2.
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
  suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
  suricata
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Raccoon ver2

suricata: ET MALWARE Generic Stealer Config Download Request

suricata: ET MALWARE Recordbreaker Stealer CnC Checkin

Identifies VirtualBox via ACPI registry values (likely anti-VM)

VMProtect packed file

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2