recordbreaker | 2ced9b36b931b73b1d325bececd01f0e4fa6bd0fff98f8b76f2f45b473311cd0 | Triage

Sharing

General

Target

ghjkl.exe
Size

768KB
Sample

220626-f9rlhaage6
MD5

63645a9e1f5e77ba3c75366f3a14ab87
SHA1

ed1497c47dc283118bbc57d49cd9f354785cf73d
SHA256

2ced9b36b931b73b1d325bececd01f0e4fa6bd0fff98f8b76f2f45b473311cd0
SHA512

4efce16194322c1288603ccd4ab6507fa5905debb137ce9b200e7a76e2c041c2d2aa720061b0679f2dfb5c21a668e12fe5eeb5fe99542f5a88d4bcdf103296f0

Score

10^/10

recordbreaker stealer

Malware Config

Extracted

Family

recordbreaker

C2

http://136.244.65.99/

http://140.82.52.55/

Targets

- Target
  
  ghjkl.exe
- Size
  
  768KB
- MD5
  
  63645a9e1f5e77ba3c75366f3a14ab87
- SHA1
  
  ed1497c47dc283118bbc57d49cd9f354785cf73d
- SHA256
  
  2ced9b36b931b73b1d325bececd01f0e4fa6bd0fff98f8b76f2f45b473311cd0
- SHA512
  
  4efce16194322c1288603ccd4ab6507fa5905debb137ce9b200e7a76e2c041c2d2aa720061b0679f2dfb5c21a668e12fe5eeb5fe99542f5a88d4bcdf103296f0
Score

10^/10

recordbreaker stealer
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

recordbreakerstealer

behavioral2

recordbreakerstealer