recordbreaker | aba77fcc24b7172206eda1a7f47eff0e0f2fe6ad988536d995ab38ee1a28e783 | Triage

Submit
Reports

Overview

overview

Static

static

ProtonVPN.msi

windows7_x64

8

ProtonVPN.msi

windows10-2004_x64

Sharing

General

Target

ProtonVPN.msi
Size

1.5MB
Sample

220621-s7jjbshfa4
MD5

926ec22b8ba727571a2f85148489fd85
SHA1

e6cb03d143489f3af01575de4ea917b680109105
SHA256

aba77fcc24b7172206eda1a7f47eff0e0f2fe6ad988536d995ab38ee1a28e783
SHA512

c1a344377997ebb354d2bf0c916744a28723aa0845a4cb4a6b59eb6be4317f205386628b4a7bba5baba47203a628c843190de64532dc5496c8396a738da8407a

Score

10^/10

recordbreaker discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

ProtonVPN.msi

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ProtonVPN.msi

Resource

win10v2004-20220414-en

recordbreaker discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

recordbreaker

C2

http://142.132.229.12/

http://164.92.172.4/

Targets

- Target
  
  ProtonVPN.msi
- Size
  
  1.5MB
- MD5
  
  926ec22b8ba727571a2f85148489fd85
- SHA1
  
  e6cb03d143489f3af01575de4ea917b680109105
- SHA256
  
  aba77fcc24b7172206eda1a7f47eff0e0f2fe6ad988536d995ab38ee1a28e783
- SHA512
  
  c1a344377997ebb354d2bf0c916744a28723aa0845a4cb4a6b59eb6be4317f205386628b4a7bba5baba47203a628c843190de64532dc5496c8396a738da8407a
Score

10^/10

discovery recordbreaker spyware stealer suricata
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
  suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

recordbreakerdiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy