recordbreaker | b03a3100651c153d710c4f4778cb428c3723d936c428e757b7d17354243eacb9 | Triage

Submit
Reports

Overview

overview

Static

static

b03a310065...b9.exe

windows7_x64

b03a310065...b9.exe

windows10-2004_x64

Sharing

General

Target

b03a3100651c153d710c4f4778cb428c3723d936c428e757b7d17354243eacb9.exe
Size

991KB
Sample

220627-rbthzsbgeq
MD5

dd7c0c58450314880d48eeece29c0fd4
SHA1

ea3c53e23a5ced8a6f01c96e7837597e62899bbb
SHA256

b03a3100651c153d710c4f4778cb428c3723d936c428e757b7d17354243eacb9
SHA512

e6322a123e1783ead529049ef3b888cd8750ed3815e7725ea1c249e3c5797f0944e37eb6055df867d43db8a85845177330ef9e4b9a085034f065347c6e2d5a4b

Score

10^/10

recordbreaker stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

b03a3100651c153d710c4f4778cb428c3723d936c428e757b7d17354243eacb9.exe

Resource

win7-20220414-en

recordbreaker stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b03a3100651c153d710c4f4778cb428c3723d936c428e757b7d17354243eacb9.exe

Resource

win10v2004-20220414-en

recordbreaker stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

recordbreaker

C2

http://146.70.124.71

Targets

- Target
  
  b03a3100651c153d710c4f4778cb428c3723d936c428e757b7d17354243eacb9.exe
- Size
  
  991KB
- MD5
  
  dd7c0c58450314880d48eeece29c0fd4
- SHA1
  
  ea3c53e23a5ced8a6f01c96e7837597e62899bbb
- SHA256
  
  b03a3100651c153d710c4f4778cb428c3723d936c428e757b7d17354243eacb9
- SHA512
  
  e6322a123e1783ead529049ef3b888cd8750ed3815e7725ea1c249e3c5797f0944e37eb6055df867d43db8a85845177330ef9e4b9a085034f065347c6e2d5a4b
Score

10^/10

recordbreaker stealer suricata
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

recordbreakerstealersuricata

behavioral2

recordbreakerstealer

© 2018-2024

Terms | Privacy