recordbreaker | 905fcb65077aa07005af8f7f7cbc3392205c56576f0b30ba407f78f72edaba2a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

905fcb65077aa07005af8f7f7cbc3392205c56576f0b30ba407f78f72edaba2a
Size

218KB
Sample

220628-px7avshdhp
MD5

387af1d8f0c82fa1111931c2cad2f912
SHA1

7dc4b93f1c6031512ea2f232741740292f0d3232
SHA256

905fcb65077aa07005af8f7f7cbc3392205c56576f0b30ba407f78f72edaba2a
SHA512

d72c4a04ff54c3d9c22e0c22eb843f420ee7ba423ebc9ed77e72bf6477fbbcbfc756c2e8003bcae63e2ef63330dc878f482cf300877841484be8d31437696d31

Score

10^/10

recordbreaker redline mario2 infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

905fcb65077aa07005af8f7f7cbc3392205c56576f0b30ba407f78f72edaba2a.exe

Resource

win10v2004-20220414-en

recordbreaker redline mario2 infostealer spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mario2

C2

193.106.191.129:80

Attributes

auth_value
4ef7e3fec3a418b2f0233b604d0560d9

Targets

- Target
  
  905fcb65077aa07005af8f7f7cbc3392205c56576f0b30ba407f78f72edaba2a
- Size
  
  218KB
- MD5
  
  387af1d8f0c82fa1111931c2cad2f912
- SHA1
  
  7dc4b93f1c6031512ea2f232741740292f0d3232
- SHA256
  
  905fcb65077aa07005af8f7f7cbc3392205c56576f0b30ba407f78f72edaba2a
- SHA512
  
  d72c4a04ff54c3d9c22e0c22eb843f420ee7ba423ebc9ed77e72bf6477fbbcbfc756c2e8003bcae63e2ef63330dc878f482cf300877841484be8d31437696d31
Score

10^/10

recordbreaker redline mario2 infostealer spyware stealer suricata
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

recordbreakerredlinemario2infostealerspywarestealersuricata

© 2018-2024

Terms | Privacy