recordbreaker

General

Target

7648666163.zip
Size

4.2MB
Sample

220629-rxelysbhd4
MD5

35e60749380182dbaa31a0975d1dd2b6
SHA1

150f3be9efc84b473b6e5c056fa2b0fee80bc6d0
SHA256

ebd1d7a8456315b3d50a1e2f1e52b56bdeccdd061246a30684001530cda9709c
SHA512

d499a0f16fbc51fb9fadf1bb0b6a31d9ee4bf5d2afca2469856cc4e27d62ff47209a6ba027f2ec4996f06245e3e99868f5d865f2e91f421d5095815594520e6f

Score

10^/10

Malware Config

Extracted

Family

recordbreaker

C2

http://45.142.215.92/

http://violance-rave.site/

Targets

- Target
  
  02452298625f72e589fa74702ebc03ef85339c3ff0c48f3e61198853193abe6e
- Size
  
  4.3MB
- MD5
  
  6435d1210d21dea895dac8af278ca03a
- SHA1
  
  04dd34212a8b20c0fe73143e297f257dc565776d
- SHA256
  
  02452298625f72e589fa74702ebc03ef85339c3ff0c48f3e61198853193abe6e
- SHA512
  
  4c3e8d8a11b809c9883c88d3cf97da4cb594ac590b8752295a2a350fd35bd1f294985bcafe76da4d5aa5823abe9fc3b127d64406254cde116c5d64691a88effe
Score

10^/10

recordbreaker evasion stealer themida trojan vmprotect suricata
- RecordBreaker
  RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.
  stealer recordbreaker
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Generic Stealer Config Download Request

suricata: ET MALWARE Win32/RecordBreaker CnC Checkin

Identifies VirtualBox via ACPI registry values (likely anti-VM)

VMProtect packed file

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2