Overview

overview

10

Static

static

8

0245229862...6e.exe

windows7_x64

10

0245229862...6e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7648666163.zip

  • Size

    4.2MB

  • Sample

    220629-rxelysbhd4

  • MD5

    35e60749380182dbaa31a0975d1dd2b6

  • SHA1

    150f3be9efc84b473b6e5c056fa2b0fee80bc6d0

  • SHA256

    ebd1d7a8456315b3d50a1e2f1e52b56bdeccdd061246a30684001530cda9709c

  • SHA512

    d499a0f16fbc51fb9fadf1bb0b6a31d9ee4bf5d2afca2469856cc4e27d62ff47209a6ba027f2ec4996f06245e3e99868f5d865f2e91f421d5095815594520e6f

Score
10/10
recordbreakerevasionstealersuricatathemidatrojanvmprotect

Malware Config

Extracted

Family

recordbreaker

C2

http://45.142.215.92/

http://violance-rave.site/

Targets

    • Target

      02452298625f72e589fa74702ebc03ef85339c3ff0c48f3e61198853193abe6e

    • Size

      4.3MB

    • MD5

      6435d1210d21dea895dac8af278ca03a

    • SHA1

      04dd34212a8b20c0fe73143e297f257dc565776d

    • SHA256

      02452298625f72e589fa74702ebc03ef85339c3ff0c48f3e61198853193abe6e

    • SHA512

      4c3e8d8a11b809c9883c88d3cf97da4cb594ac590b8752295a2a350fd35bd1f294985bcafe76da4d5aa5823abe9fc3b127d64406254cde116c5d64691a88effe

    Score
    10/10
    recordbreakerevasionstealerthemidatrojanvmprotectsuricata

    • RecordBreaker

      RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

      stealerrecordbreaker

    • suricata: ET MALWARE Generic Stealer Config Download Request

      suricata: ET MALWARE Generic Stealer Config Download Request

      suricata

    • suricata: ET MALWARE Win32/RecordBreaker CnC Checkin

      suricata: ET MALWARE Win32/RecordBreaker CnC Checkin

      suricata

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks