Extracted

• • Target

    3858faa819b97f8e672808e42174be9aeb02164263eb19c49188ad2683feca98

  • Size

    532KB

  • MD5

    17e42c69e38c12825667935eecc7862a

  • SHA1

    8f83539a42af7df78b47c6a8548be119e2a3a994

  • SHA256

    3858faa819b97f8e672808e42174be9aeb02164263eb19c49188ad2683feca98

  • SHA512

    0b8f6f64875acb7fd50f3cf857c0f1f556e3904caacc1ea45310f52932b06a25fcf899915c349589fb0683920b712b67ab6f70c3974168d9d77c17ff08aef90e

  Score

  10^/10

  recordbreakerspywarestealersuricata

  • RecordBreaker

    RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

    stealerrecordbreaker

  • suricata: ET MALWARE Generic Stealer Config Download Request

    suricata: ET MALWARE Generic Stealer Config Download Request

    suricata

  • suricata: ET MALWARE Win32/RecordBreaker CnC Checkin

    suricata: ET MALWARE Win32/RecordBreaker CnC Checkin

    suricata

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2