recordbreaker | 8df8a2af174557e9a199b6a35519d510f70c38731a23e38a8586f7f55ba2390a | Triage

Sharing

General

Target

Full__Pass__1234.rar
Size

6.4MB
Sample

220629-hpszyahbf5
MD5

1ffa6d25eea70c7b6ebdb3b8211c00c7
SHA1

9f06a221db2fc309e9449f1f5e9b12ee432b8d5f
SHA256

8df8a2af174557e9a199b6a35519d510f70c38731a23e38a8586f7f55ba2390a
SHA512

03c85ee9da345aef846da0f110cae45db3ac2645b3aa4bcfd10530a153c7d0877d57512bed347f206028067a2bb4eb96dcf7aa7968746750d1b15e074b9c618d

Score

10^/10

recordbreaker evasion stealer trojan

Malware Config

Extracted

Family

recordbreaker

C2

http://45.133.216.200/

http://45.133.216.71/

Targets

- Target
  
  Setup.exe
- Size
  
  398.7MB
- MD5
  
  d2b043039a563c5afaf364cd56db06b6
- SHA1
  
  ffebe93fff541050f8ed8e11c7ef09679ffac7f8
- SHA256
  
  5eccc045f3cb0a80d82e02ff81fd20ac178c106d44a7751edeaac5d4625d8c0a
- SHA512
  
  8899d80ec655967de1ca6b70f49df4f537a37357682fbe017a6f88bd146e7d9096e52d06d6463ea83069dea060f29572b4ea47d9f8526477e1c210790bf0c56e
Score

10^/10

recordbreaker evasion stealer trojan
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

recordbreakerevasionstealertrojan

behavioral2

recordbreakerevasionstealertrojan