recordbreaker | 0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262

Analysis

max time kernel
100s
max time network
182s
platform
windows10_x64
resource
win10-20220414-en
submitted
21/06/2022, 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe
Size

1.4MB
MD5

3489c407c7328f4976d5b490aad8b145
SHA1

992a53af7a34ed38ebdac5517e067ac029a4bdb2
SHA256

0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262
SHA512

e3c479f3c46e5bb036129fe14e2eb42b0bfa4d0fd80af0617a953f7f86f1deb13af778272d07c4ec24785469681ca3d748f676ab8597c46e944f09bf8ad25e2f

Score

10^/10

recordbreaker stealer suricata

Malware Config

Extracted

Family

recordbreaker

http://51.195.166.184/

Signatures

Raccoon ver2 1 IoCs

Raccoon ver2.

resource	yara_rule
behavioral2/memory/4284-320-0x0000000000400000-0x0000000000412000-memory.dmp	raccoon_v2

RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
stealer recordbreaker
suricata: ET MALWARE Generic Stealer Config Download Request
suricata: ET MALWARE Generic Stealer Config Download Request
suricata
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4780 set thread context of 4908	4780	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	69
PID 4908 set thread context of 4284	4908	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	70

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 4908	4780	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	69
PID 4780 wrote to memory of 4908	4780	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	69
PID 4780 wrote to memory of 4908	4780	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	69
PID 4780 wrote to memory of 4908	4780	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	69
PID 4780 wrote to memory of 4908	4780	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	69
PID 4780 wrote to memory of 4908	4780	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	69
PID 4780 wrote to memory of 4908	4780	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	69
PID 4780 wrote to memory of 4908	4780	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	69
PID 4908 wrote to memory of 4284	4908	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	70
PID 4908 wrote to memory of 4284	4908	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	70
PID 4908 wrote to memory of 4284	4908	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	70
PID 4908 wrote to memory of 4284	4908	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	70
PID 4908 wrote to memory of 4284	4908	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	70
PID 4908 wrote to memory of 4284	4908	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	70
PID 4908 wrote to memory of 4284	4908	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	70
PID 4908 wrote to memory of 4284	4908	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	70
PID 4908 wrote to memory of 4284	4908	0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe	70

C:\Users\Admin\AppData\Local\Temp\0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe
"C:\Users\Admin\AppData\Local\Temp\0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Users\Admin\AppData\Local\Temp\0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe
  "C:\Users\Admin\AppData\Local\Temp\0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Users\Admin\AppData\Local\Temp\0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe
    "C:\Users\Admin\AppData\Local\Temp\0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe"
    3⤵
    PID:4284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262.exe.log

Filesize
1KB

MD5
4c83e2909de0fa862b2a74822ccd412f

SHA1
235284ce2282b0a6bfeebd608760711ab734e771

SHA256
fc5fdf72d992f88bce9acc3bd7d74ca8cdede2e474b360f357d7de73c4d4ba10

SHA512
bc38789043d623ff420dff0783e52ef60c2437d8417f0bb96bd311ef5338a00da43126b6dade832cb1f772746238a9aab0eacef6296e98dace12b33e229964d0

Download Submit
memory/4284-320-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/4780-114-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-115-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-116-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-117-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-118-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-119-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-120-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-121-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-122-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-123-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-124-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-125-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-126-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-128-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-127-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-129-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-130-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-131-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-132-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-134-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-133-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-135-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-136-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-137-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-138-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-139-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-140-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-141-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-142-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-143-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-144-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-145-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-146-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-147-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-148-0x0000000000C60000-0x0000000000DC2000-memory.dmp

Filesize
1.4MB

Download
memory/4780-149-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-150-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-151-0x0000000007FA0000-0x000000000849E000-memory.dmp

Filesize
5.0MB

Download
memory/4780-152-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-153-0x0000000007B40000-0x0000000007BD2000-memory.dmp

Filesize
584KB

Download
memory/4780-154-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-155-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-156-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-157-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-158-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-159-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-160-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-161-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-162-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-163-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-164-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-165-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-166-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-167-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-168-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-169-0x0000000007AE0000-0x0000000007AEA000-memory.dmp

Filesize
40KB

Download
memory/4780-170-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-171-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-172-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-173-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-174-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-175-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-176-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-177-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-178-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-179-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-180-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-181-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

Filesize
1.6MB

Download
memory/4780-184-0x000000000AF60000-0x000000000AF72000-memory.dmp

Filesize
72KB

Download
memory/4780-185-0x000000000B1A0000-0x000000000B23C000-memory.dmp

Filesize
624KB

Download
memory/4780-186-0x000000000B5E0000-0x000000000B6F4000-memory.dmp

Filesize
1.1MB

Download
memory/4780-187-0x000000000B780000-0x000000000B7E6000-memory.dmp

Filesize
408KB

Download
memory/4780-192-0x0000000002EE0000-0x0000000002EE6000-memory.dmp

Filesize
24KB

Download
memory/4780-193-0x000000000B840000-0x000000000B8FC000-memory.dmp

Filesize
752KB

Download
memory/4908-230-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4908-263-0x000000000B100000-0x000000000B172000-memory.dmp

Filesize
456KB

Download
memory/4908-268-0x000000000AD60000-0x000000000AD74000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads