recordbreaker | ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce | Triage

Submit
Reports

Overview

overview

Static

static

7

winprofile

windows7_x64

winprofile

windows10_x64

Sharing

General

Target

ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce
Size

5.4MB
Sample

220621-eaachaafhl
MD5

298a8a69908571fb0aa37db11f042180
SHA1

e127b71a42428afccb723ef357492df9b20dfe28
SHA256

ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce
SHA512

1188c79240ddb3720fa3db360f4425fb351d7caa2e721c3e3e5dfc18bad75f8c1f47c94a87eada54f95217729829a18f320e41bd700ea84b19d7a29f013b67b2

Score

10^/10

recordbreaker evasion stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce.exe

Resource

win7-20220414-en

recordbreaker evasion stealer themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce.exe

Resource

win10-20220414-en

recordbreaker evasion stealer themida trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

recordbreaker

C2

http://tech-lover.xyz/

http://bevare-shame.xyz/

Targets

- Target
  
  ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce
- Size
  
  5.4MB
- MD5
  
  298a8a69908571fb0aa37db11f042180
- SHA1
  
  e127b71a42428afccb723ef357492df9b20dfe28
- SHA256
  
  ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce
- SHA512
  
  1188c79240ddb3720fa3db360f4425fb351d7caa2e721c3e3e5dfc18bad75f8c1f47c94a87eada54f95217729829a18f320e41bd700ea84b19d7a29f013b67b2
Score

10^/10

recordbreaker evasion stealer themida trojan
- Raccoon ver2
  Raccoon ver2.
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

recordbreakerevasionstealerthemidatrojan

behavioral2

recordbreakerevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy