recordbreaker | 67d5bd624c4acc28929e75a96b3db6ebf46844cca982f8f583c3afb3019b55d5 | Triage

Submit
Reports

Overview

overview

Static

static

SetupsCrakedz1.exe

windows7_x64

5

SetupsCrakedz1.exe

windows10-2004_x64

Sharing

General

Target

PA$$w0rds_1234__NewFiles1--D7.rar
Size

7.0MB
Sample

220624-ndcfpseff5
MD5

5c9500d898d976d9243898b0ba67b21f
SHA1

8833235be13ef8a0595d4be071ac9ed5c98d2d0a
SHA256

67d5bd624c4acc28929e75a96b3db6ebf46844cca982f8f583c3afb3019b55d5
SHA512

8a9a1089d5e453159c73eae4e7f223da75509282fc224f1adee96c51f47fd003f8528146d53e9993518635e636e48452b64348fabbfaaa50c47d3d0e32464aae

Score

10^/10

recordbreaker discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

SetupsCrakedz1.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SetupsCrakedz1.exe

Resource

win10v2004-20220414-en

recordbreaker discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SetupsCrakedz1.exe
- Size
  
  727.1MB
- MD5
  
  c3ab6595139a19d01767138ce83473db
- SHA1
  
  a984f9b78958f6269fb6750dd8e0af1e5be069fa
- SHA256
  
  bf6e8f78cea552f66a1185d3ca271d48f36f1a3e8573a18c28c8c780c51fa2d3
- SHA512
  
  b145f47232823b4a9303e3330903f44d0df955d1258ce506cf382d6b8d16eb0cb73bd813c81fc82bda9b6195ef49e9a57a689ea7dbb3364d7157e9a4f32314e8
Score

10^/10

recordbreaker discovery spyware stealer suricata
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

recordbreakerdiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy