recordbreaker | f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11

Analysis

max time kernel
116s
max time network
312s
platform
windows10_x64
resource
win10-20220414-en
submitted
21/06/2022, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
Size

1.4MB
MD5

6a4fe454abe491c0c24c8cfd3c759900
SHA1

0df05c838d2d73f817f25a3441dfe4dc67e26f3d
SHA256

f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11
SHA512

ec7af66871665f74c87129d2dbda8ceb2be8ecfe64143fd523bdbe97f62d6e37153d9131871c6e1fe7fbe8a71c9a10dfdc277360f1c38f51e08f61b5f8a54825

Score

10^/10

recordbreaker stealer suricata

Malware Config

Extracted

Family

recordbreaker

http://82.202.172.185/

Signatures

Raccoon ver2 2 IoCs

Raccoon ver2.

resource	yara_rule
behavioral2/memory/2548-178-0x0000000000400000-0x0000000000412000-memory.dmp	raccoon_v2
behavioral2/memory/2548-227-0x0000000000400000-0x0000000000412000-memory.dmp	raccoon_v2

RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
stealer recordbreaker
suricata: ET MALWARE Generic Stealer Config Download Request
suricata: ET MALWARE Generic Stealer Config Download Request
suricata
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4048 set thread context of 2548	4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe	68

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 2560	4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe	67
PID 4048 wrote to memory of 2560	4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe	67
PID 4048 wrote to memory of 2560	4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe	67
PID 4048 wrote to memory of 2548	4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe	68
PID 4048 wrote to memory of 2548	4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe	68
PID 4048 wrote to memory of 2548	4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe	68
PID 4048 wrote to memory of 2548	4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe	68
PID 4048 wrote to memory of 2548	4048	f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe	68

C:\Users\Admin\AppData\Local\Temp\f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe
"C:\Users\Admin\AppData\Local\Temp\f97835279804b62e667211706cce813179e2571634880770862a5f759fa17c11.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:2560
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2548-176-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2548-178-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2548-179-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/2548-180-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/2548-181-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/2548-227-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2548-186-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/2548-185-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/2548-184-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/2548-182-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-147-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-152-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-126-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-127-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-128-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-129-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-130-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-131-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-132-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-133-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-134-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-136-0x0000000000D50000-0x0000000000E95000-memory.dmp

Filesize
1.3MB

Download
memory/4048-137-0x0000000000D50000-0x0000000000E95000-memory.dmp

Filesize
1.3MB

Download
memory/4048-138-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-139-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-140-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-141-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-142-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-143-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-144-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-145-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-146-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-124-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-148-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-149-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-150-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-151-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-125-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-153-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-154-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-155-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-156-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-157-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-158-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-159-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-160-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-161-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-162-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-163-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-164-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-165-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-166-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-167-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-168-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-169-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-170-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-123-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-122-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-121-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-120-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-119-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-171-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-172-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-173-0x0000000077820000-0x00000000779AE000-memory.dmp

Filesize
1.6MB

Download
memory/4048-174-0x0000000010070000-0x0000000010151000-memory.dmp

Filesize
900KB

Download
memory/4048-175-0x0000000010070000-0x0000000010151000-memory.dmp

Filesize
900KB

Download