recordbreaker | a1cabc41c47bc8c55ec51ecd17dbcd1e43db85dc00450872cbfeccc7b1932d45 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

a1cabc41c47bc8c55ec51ecd17dbcd1e43db85dc00450872cbfeccc7b1932d45
Size

227KB
Sample

220628-a81vwsebhn
MD5

50d681b70823812ed7a9bed0e0c7da16
SHA1

cdbae43b6289b7f1b7c8f34dc68aafacd44162da
SHA256

a1cabc41c47bc8c55ec51ecd17dbcd1e43db85dc00450872cbfeccc7b1932d45
SHA512

057684fd30e543a439325eadc2cbf1705eb0a4db9e756c8ca3c817ce22e7fe58a5bfd7408e52949bb2ea876797f7ed29559c2a33346f20bd73bb65af7601d662

Score

10^/10

recordbreaker redline mario2 infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

a1cabc41c47bc8c55ec51ecd17dbcd1e43db85dc00450872cbfeccc7b1932d45.exe

Resource

win10v2004-20220414-en

recordbreaker redline mario2 infostealer spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mario2

C2

193.106.191.129:80

Attributes

auth_value
4ef7e3fec3a418b2f0233b604d0560d9

Targets

- Target
  
  a1cabc41c47bc8c55ec51ecd17dbcd1e43db85dc00450872cbfeccc7b1932d45
- Size
  
  227KB
- MD5
  
  50d681b70823812ed7a9bed0e0c7da16
- SHA1
  
  cdbae43b6289b7f1b7c8f34dc68aafacd44162da
- SHA256
  
  a1cabc41c47bc8c55ec51ecd17dbcd1e43db85dc00450872cbfeccc7b1932d45
- SHA512
  
  057684fd30e543a439325eadc2cbf1705eb0a4db9e756c8ca3c817ce22e7fe58a5bfd7408e52949bb2ea876797f7ed29559c2a33346f20bd73bb65af7601d662
Score

10^/10

recordbreaker redline mario2 infostealer spyware stealer suricata
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

recordbreakerredlinemario2infostealerspywarestealersuricata

© 2018-2024

Terms | Privacy