General
-
Target
ghjkl.exe
-
Size
768KB
-
Sample
220626-f9rlhaage6
-
MD5
63645a9e1f5e77ba3c75366f3a14ab87
-
SHA1
ed1497c47dc283118bbc57d49cd9f354785cf73d
-
SHA256
2ced9b36b931b73b1d325bececd01f0e4fa6bd0fff98f8b76f2f45b473311cd0
-
SHA512
4efce16194322c1288603ccd4ab6507fa5905debb137ce9b200e7a76e2c041c2d2aa720061b0679f2dfb5c21a668e12fe5eeb5fe99542f5a88d4bcdf103296f0
Static task
static1
Behavioral task
behavioral1
Sample
ghjkl.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ghjkl.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
recordbreaker
http://136.244.65.99/
http://140.82.52.55/
Targets
-
-
Target
ghjkl.exe
-
Size
768KB
-
MD5
63645a9e1f5e77ba3c75366f3a14ab87
-
SHA1
ed1497c47dc283118bbc57d49cd9f354785cf73d
-
SHA256
2ced9b36b931b73b1d325bececd01f0e4fa6bd0fff98f8b76f2f45b473311cd0
-
SHA512
4efce16194322c1288603ccd4ab6507fa5905debb137ce9b200e7a76e2c041c2d2aa720061b0679f2dfb5c21a668e12fe5eeb5fe99542f5a88d4bcdf103296f0
Score10/10-
RecordBreaker
RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-