recordbreaker | 7503d528db92b909ad05d65379e6aae008dfaa3664bcac252d34d7a9f25b2db9

Analysis

max time kernel
150s
max time network
178s
platform
windows10_x64
resource
win10-20220414-en
submitted
21-06-2022 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7503d528db92b909ad05d65379e6aae008dfaa3664bcac252d34d7a9f25b2db9.exe
Size

181KB
MD5

ef18473cf2e8162c5671981437cf00a6
SHA1

0c85d6bf85611292c76331d7cc6690014a869fb6
SHA256

7503d528db92b909ad05d65379e6aae008dfaa3664bcac252d34d7a9f25b2db9
SHA512

fce1eb3ef6679ef97d7b1f76192c1195925e3c288c0097dda4ace87e0d610c1fc9cf5fcc7fd148986d5770e1e63ff2803e8072b4e1624007f12e60184cad0375

Score

10^/10

recordbreaker discovery spyware stealer suricata

Malware Config

Extracted

Family

recordbreaker

http://77.91.73.162/

Signatures

Raccoon ver2 2 IoCs

Raccoon ver2.

Processes:

resource	yara_rule
behavioral2/memory/4704-151-0x0000000000400000-0x00000000008F8000-memory.dmp	raccoon_v2
behavioral2/memory/4704-174-0x0000000000400000-0x00000000008F8000-memory.dmp	raccoon_v2

RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
stealer recordbreaker
suricata: ET MALWARE Generic Stealer Config Download Request
suricata: ET MALWARE Generic Stealer Config Download Request
suricata
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\7503d528db92b909ad05d65379e6aae008dfaa3664bcac252d34d7a9f25b2db9.exe
"C:\Users\Admin\AppData\Local\Temp\7503d528db92b909ad05d65379e6aae008dfaa3664bcac252d34d7a9f25b2db9.exe"
1⤵
PID:4704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4704-117-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-118-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-120-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-119-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-121-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-122-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-123-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-124-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-125-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-126-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-127-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-128-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-129-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-130-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-131-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-132-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-134-0x0000000000900000-0x00000000009AE000-memory.dmp

Filesize
696KB

Download
memory/4704-135-0x0000000000C30000-0x0000000000C3F000-memory.dmp

Filesize
60KB

Download
memory/4704-136-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-137-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-138-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-139-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-140-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-141-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-142-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-143-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-144-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-145-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-146-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-147-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-148-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-149-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-150-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-151-0x0000000000400000-0x00000000008F8000-memory.dmp

Filesize
5.0MB

Download
memory/4704-152-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-153-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-154-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-155-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-156-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-157-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-158-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-159-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-160-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-161-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-162-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-163-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-164-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-165-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-166-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-167-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-168-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-169-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-170-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-171-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-172-0x0000000000900000-0x00000000009AE000-memory.dmp

Filesize
696KB

Download
memory/4704-173-0x0000000000C30000-0x0000000000C3F000-memory.dmp

Filesize
60KB

Download
memory/4704-174-0x0000000000400000-0x00000000008F8000-memory.dmp

Filesize
5.0MB

Download