Overview

overview

10

Static

static

8

winprofile

windows7_x64

10

winprofile

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6d5c0f3f6c5cd498b605e06c6bf49a66c7cbbedf3480cb3a95229b4dc91e81d

  • Size

    392.1MB

  • Sample

    220621-dtcfjaabbr

  • MD5

    9474e5bacc81c3c9f89ea715f5dc0386

  • SHA1

    ec459f282e66dcd78aa6c1a669416173968261e7

  • SHA256

    f6d5c0f3f6c5cd498b605e06c6bf49a66c7cbbedf3480cb3a95229b4dc91e81d

  • SHA512

    4b896f41138885b0b6ef036a638c49b8025f6c7abf72dd25de645c552b0ee860c4c344ba959fa717e6d5452713e58508556b05500510433772c2ea9fdd9c134e

Score
10/10
recordbreakerevasionstealersuricatathemidatrojanvmprotect

Malware Config

Extracted

Family

recordbreaker

C2

http://45.67.34.234/

http://your-life.site/

Targets

    • Target

      f6d5c0f3f6c5cd498b605e06c6bf49a66c7cbbedf3480cb3a95229b4dc91e81d

    • Size

      392.1MB

    • MD5

      9474e5bacc81c3c9f89ea715f5dc0386

    • SHA1

      ec459f282e66dcd78aa6c1a669416173968261e7

    • SHA256

      f6d5c0f3f6c5cd498b605e06c6bf49a66c7cbbedf3480cb3a95229b4dc91e81d

    • SHA512

      4b896f41138885b0b6ef036a638c49b8025f6c7abf72dd25de645c552b0ee860c4c344ba959fa717e6d5452713e58508556b05500510433772c2ea9fdd9c134e

    Score
    10/10
    recordbreakerevasionstealerthemidatrojanvmprotectsuricata

    • Raccoon ver2

      Raccoon ver2.

    • RecordBreaker

      RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

      stealerrecordbreaker

    • suricata: ET MALWARE Generic Stealer Config Download Request

      suricata: ET MALWARE Generic Stealer Config Download Request

      suricata

    • suricata: ET MALWARE Recordbreaker Stealer CnC Checkin

      suricata: ET MALWARE Recordbreaker Stealer CnC Checkin

      suricata

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks