recordbreaker | fd0fadecf054fd384b0964b72331387a79d621a90383706838713f086d12ee74 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Resubmissions

29-06-2022 01:00

220629-bcr4jsfdd9 10

28-06-2022 23:36

220628-3lnw2adbgm 10

Sharing

General

Target

fd0fadecf054fd384b0964b72331387a79d621a90383706838713f086d12ee74
Size

279KB
Sample

220628-3lnw2adbgm
MD5

e8a3b9038499e57efa0fac179995c4eb
SHA1

4584bea5ef3c4d6dd4de7bc1162ab5a3000cf6d1
SHA256

fd0fadecf054fd384b0964b72331387a79d621a90383706838713f086d12ee74
SHA512

063874174ab32f003a26bdf2ee7651e7ff08eeac21bcc8f122a25b840f8901fbcf6ed8289f321e817bc507a86cc54b9c8e715ccc00de12735022723175d28b13

Score

10^/10

recordbreaker redline mario2 infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

fd0fadecf054fd384b0964b72331387a79d621a90383706838713f086d12ee74.exe

Resource

win10v2004-20220414-en

recordbreaker redline mario2 infostealer spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mario2

C2

193.106.191.129:80

Attributes

auth_value
4ef7e3fec3a418b2f0233b604d0560d9

Targets

- Target
  
  fd0fadecf054fd384b0964b72331387a79d621a90383706838713f086d12ee74
- Size
  
  279KB
- MD5
  
  e8a3b9038499e57efa0fac179995c4eb
- SHA1
  
  4584bea5ef3c4d6dd4de7bc1162ab5a3000cf6d1
- SHA256
  
  fd0fadecf054fd384b0964b72331387a79d621a90383706838713f086d12ee74
- SHA512
  
  063874174ab32f003a26bdf2ee7651e7ff08eeac21bcc8f122a25b840f8901fbcf6ed8289f321e817bc507a86cc54b9c8e715ccc00de12735022723175d28b13
Score

10^/10

recordbreaker redline mario2 infostealer spyware stealer suricata
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

recordbreakerredlinemario2infostealerspywarestealersuricata

© 2018-2024

Terms | Privacy