recordbreaker | 115b043cff8636bde9d054c021fe78113c21217cf7b0a895fca41dcc2b2c8f74 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

115b043cff8636bde9d054c021fe78113c21217cf7b0a895fca41dcc2b2c8f74
Size

279KB
Sample

220629-avs8wsdecr
MD5

495fc2627c8267aaffc9e89de6b77e0f
SHA1

833e808a288c512845a62f6fbd3a1245bf6fbcfa
SHA256

115b043cff8636bde9d054c021fe78113c21217cf7b0a895fca41dcc2b2c8f74
SHA512

2321cda262836f262d6244c9cdaf27082fb7c90c986cc03d80c090893da83a161e8c7c536bd21edbd3a6b8cb75f72b56c84b1df06eea0b12a92b6d2a4d18cc41

Score

10^/10

recordbreaker redline mario2 collection infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

115b043cff8636bde9d054c021fe78113c21217cf7b0a895fca41dcc2b2c8f74.exe

Resource

win10-20220414-en

recordbreaker redline mario2 collection infostealer spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mario2

C2

193.106.191.129:80

Attributes

auth_value
4ef7e3fec3a418b2f0233b604d0560d9

Targets

- Target
  
  115b043cff8636bde9d054c021fe78113c21217cf7b0a895fca41dcc2b2c8f74
- Size
  
  279KB
- MD5
  
  495fc2627c8267aaffc9e89de6b77e0f
- SHA1
  
  833e808a288c512845a62f6fbd3a1245bf6fbcfa
- SHA256
  
  115b043cff8636bde9d054c021fe78113c21217cf7b0a895fca41dcc2b2c8f74
- SHA512
  
  2321cda262836f262d6244c9cdaf27082fb7c90c986cc03d80c090893da83a161e8c7c536bd21edbd3a6b8cb75f72b56c84b1df06eea0b12a92b6d2a4d18cc41
Score

10^/10

recordbreaker redline mario2 collection infostealer spyware stealer suricata
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

recordbreakerredlinemario2collectioninfostealerspywarestealersuricata

© 2018-2025

Terms | Privacy