recordbreaker | d407dea31b4e55d9955bdea84e990205f7bbea67fd39e82bb61f942dc20e9b54 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

d407dea31b4e55d9955bdea84e990205f7bbea67fd39e82bb61f942dc20e9b54
Size

523KB
Sample

220625-hc4wnshfdk
MD5

398ed7c0939e72a1df48196488ec00c8
SHA1

4f6f076492ead1416d1d64158117c8b50cac4e88
SHA256

d407dea31b4e55d9955bdea84e990205f7bbea67fd39e82bb61f942dc20e9b54
SHA512

4fb615c0aceec14063aba4da8cc105723cb1a480564eb95b70b4ebdfeb25a04cd80c0f07e47017ee5b0f2169f344e919e1f2f2a3c6f978fa074f8cf0a8439818

Score

10^/10

recordbreaker evasion persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

d407dea31b4e55d9955bdea84e990205f7bbea67fd39e82bb61f942dc20e9b54.exe

Resource

win10-20220414-en

recordbreaker evasion persistence stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

recordbreaker

C2

http://2.58.56.247

Targets

- Target
  
  d407dea31b4e55d9955bdea84e990205f7bbea67fd39e82bb61f942dc20e9b54
- Size
  
  523KB
- MD5
  
  398ed7c0939e72a1df48196488ec00c8
- SHA1
  
  4f6f076492ead1416d1d64158117c8b50cac4e88
- SHA256
  
  d407dea31b4e55d9955bdea84e990205f7bbea67fd39e82bb61f942dc20e9b54
- SHA512
  
  4fb615c0aceec14063aba4da8cc105723cb1a480564eb95b70b4ebdfeb25a04cd80c0f07e47017ee5b0f2169f344e919e1f2f2a3c6f978fa074f8cf0a8439818
Score

10^/10

recordbreaker evasion persistence stealer trojan
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Looks for VirtualBox Guest Additions in registry
  evasion
- Nirsoft
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Account Manipulation

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

recordbreakerevasionpersistencestealertrojan

© 2018-2024

Terms | Privacy