Overview

overview

10

Static

static

winprofile

windows7_x64

10

winprofile

windows10_x64

10

Analysis

  • max time kernel
    51s
  • max time network
    56s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-06-2022 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7503d528db92b909ad05d65379e6aae008dfaa3664bcac252d34d7a9f25b2db9.exe

  • Size

    181KB

  • MD5

    ef18473cf2e8162c5671981437cf00a6

  • SHA1

    0c85d6bf85611292c76331d7cc6690014a869fb6

  • SHA256

    7503d528db92b909ad05d65379e6aae008dfaa3664bcac252d34d7a9f25b2db9

  • SHA512

    fce1eb3ef6679ef97d7b1f76192c1195925e3c288c0097dda4ace87e0d610c1fc9cf5fcc7fd148986d5770e1e63ff2803e8072b4e1624007f12e60184cad0375

Score
10/10
recordbreakerdiscoveryspywarestealersuricata

Malware Config

Extracted

Family

recordbreaker

C2

http://77.91.73.162/

Signatures

  • Raccoon ver2 1 IoCs

    Raccoon ver2.

  • RecordBreaker

    RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

    stealerrecordbreaker
  • suricata: ET MALWARE Generic Stealer Config Download Request

    suricata: ET MALWARE Generic Stealer Config Download Request

    suricata
  • suricata: ET MALWARE Recordbreaker Stealer CnC Checkin

    suricata: ET MALWARE Recordbreaker Stealer CnC Checkin

    suricata
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7503d528db92b909ad05d65379e6aae008dfaa3664bcac252d34d7a9f25b2db9.exe
    "C:\Users\Admin\AppData\Local\Temp\7503d528db92b909ad05d65379e6aae008dfaa3664bcac252d34d7a9f25b2db9.exe"
    1⤵
      PID:1984

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1984-55-0x00000000752D1000-0x00000000752D3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1984-56-0x0000000000230000-0x0000000000330000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1984-57-0x00000000003A0000-0x00000000003AF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1984-58-0x0000000000400000-0x00000000008F8000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/1984-59-0x0000000000230000-0x0000000000330000-memory.dmp

      Filesize

      1024KB

      Download