Extracted

• • Target

    e8dffb2b7edf8c4049e00c21917860d191edcd0b2829d409b4ddf47902161742

  • Size

    286KB

  • MD5

    9ba4abda48c03ccae1c377a750e4275b

  • SHA1

    e401e75fd992011f91a8c0cd4bf005b5c5c2b6ca

  • SHA256

    e8dffb2b7edf8c4049e00c21917860d191edcd0b2829d409b4ddf47902161742

  • SHA512

    778440b762897e0c9ba50d514fc4f448078acde559de41ddb232855da4ad2ad2b19541a8e976e6947991808282649c02114f6df0a2217abf4fa35ec0ca293423

  Score

  10^/10

  recordbreakerredlinemario2collectiondiscoveryinfostealerspywarestealersuricata

  • RecordBreaker

    RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

    stealerrecordbreaker

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine Payload

  • suricata: ET MALWARE Generic Stealer Config Download Request

    suricata: ET MALWARE Generic Stealer Config Download Request

    suricata

  • suricata: ET MALWARE Win32/RecordBreaker CnC Checkin

    suricata: ET MALWARE Win32/RecordBreaker CnC Checkin

    suricata

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1