General
-
Target
Setup.exe
-
Size
387.1MB
-
Sample
220621-q38ljsgba4
-
MD5
563eb6fe83d4f1fe97d20fb20c672601
-
SHA1
83ef3ab94232bdbac57ca383fe2860fe67cbd00f
-
SHA256
e8fcd67a323af737214206338dc25679de1e4afa55c4a3ffe775f9b4a578413a
-
SHA512
ca054706ec64c6c322e2e5e038a5b3446f0932850d08cc18ae1c64754ba8122f551f54af77a1e9cc27d7713433500039477814f826efe403a9f02ad9f80a4324
Malware Config
Extracted
recordbreaker
http://45.133.216.249/
http://146.19.75.8/
Targets
-
-
Target
Setup.exe
-
Size
387.1MB
-
MD5
563eb6fe83d4f1fe97d20fb20c672601
-
SHA1
83ef3ab94232bdbac57ca383fe2860fe67cbd00f
-
SHA256
e8fcd67a323af737214206338dc25679de1e4afa55c4a3ffe775f9b4a578413a
-
SHA512
ca054706ec64c6c322e2e5e038a5b3446f0932850d08cc18ae1c64754ba8122f551f54af77a1e9cc27d7713433500039477814f826efe403a9f02ad9f80a4324
Score10/10-
RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
-
suricata: ET MALWARE Generic Stealer Config Download Request
suricata: ET MALWARE Generic Stealer Config Download Request
-
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-