Overview

overview

10

Static

static

10

winprofile

windows7_x64

10

winprofile

windows10_x64

10

Analysis

  • max time kernel
    55s
  • max time network
    59s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-06-2022 03:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99834c9981535b584040fef84af159e5e584927aac4a6a57001ba5ecf1e869c4.exe

  • Size

    7.4MB

  • MD5

    22d27186a79cfc261d19611645c0c4f1

  • SHA1

    a87f22dba40c522889764dfb1aeafe2096d929d3

  • SHA256

    99834c9981535b584040fef84af159e5e584927aac4a6a57001ba5ecf1e869c4

  • SHA512

    a93dff567253395f7073b49c319f5b6fefed34f6a1e0907280baf2623d6dd4ba8f1eee407620480c3a568340e6b964cad1e3e8d38c57ac4118c9d2343f05225c

Score
10/10
recordbreakerstealersuricata

Malware Config

Signatures

  • Raccoon ver2 3 IoCs

    Raccoon ver2.

  • RecordBreaker

    RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

    stealerrecordbreaker
  • suricata: ET MALWARE Generic Stealer Config Download Request

    suricata: ET MALWARE Generic Stealer Config Download Request

    suricata
  • suricata: ET MALWARE Recordbreaker Stealer CnC Checkin

    suricata: ET MALWARE Recordbreaker Stealer CnC Checkin

    suricata
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99834c9981535b584040fef84af159e5e584927aac4a6a57001ba5ecf1e869c4.exe
    "C:\Users\Admin\AppData\Local\Temp\99834c9981535b584040fef84af159e5e584927aac4a6a57001ba5ecf1e869c4.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1380-54-0x0000000000130000-0x0000000000896000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1380-55-0x0000000076C81000-0x0000000076C83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1380-56-0x0000000000130000-0x0000000000896000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1380-57-0x0000000000130000-0x0000000000896000-memory.dmp

    Filesize

    7.4MB

    Download