MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79103532395036c14b755d90f9cacfdec6b588f1b031a7cba936c1b9d2ef3b51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 12


Intelligence 12 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79103532395036c14b755d90f9cacfdec6b588f1b031a7cba936c1b9d2ef3b51
SHA3-384 hash: 0cb861bc6581edb6a0daac4992070ff949f4e689566ba9dd9edb6eee7ca4483ee0e000b16db819efd9449c5534900cb6
SHA1 hash: 0a5d1730dbd7c2d925c88bf1bd3c726ba6f62e2d
MD5 hash: d9c650fdcc961cfb86baaff737d8c7bd
humanhash: virginia-speaker-uniform-pizza
File name:d9c650fdcc961cfb86baaff737d8c7bd.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:1'024'000 bytes
First seen:2022-06-26 07:43:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6715d450ebf6ee95bf798a46601f6874 (2 x RecordBreaker, 1 x AZORult, 1 x Formbook)
ssdeep 24576:w9Ys50MWTjAqZW9v9Vs50MOTjI1qObDv2hGYX4Dv2hG2Xt:bs5WTjRsNs5OTj32v2Sv23
Threatray 3'151 similar samples on MalwareBazaar
TLSH T13E2512117AAB4033E14546709AE5E7C987BEAF3772854D1FFB8C36181B726400AA17BB
TrID 63.5% (.EXE) Win32 Executable MS Visual C++ 5.0 (60687/85)
11.0% (.EXE) Win64 Executable (generic) (10523/12/4)
6.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
5.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
4.7% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:exe recordbreaker

Intelligence

File Origin
# of uploads :
1
# of downloads :
255
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/283302/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Creating a file in the %temp% directory
Creating a process from a recently created file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm babar greyware hacktool obfuscated packed sinowal wacatac
Link:
https://www.filescan.io/uploads/62b80e7f1fcdba4e1a5a7464/reports/7999eca3-ed35-45d1-b038-d8b9cee0f97f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
REMCOS
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bea61eae-2181-4f3a-8e57-a1fd4a6974c7
Result
Threat name:
Azorult, Clipboard Hijacker, Record Stea
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1019909
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Detected unpacking (creates a PE file in dynamic memory)
DLL side loading technique detected
Encrypted powershell cmdline option found
Found C&C like URL pattern
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Yara detected Azorult
Yara detected Azorult Info Stealer
Yara detected Clipboard Hijacker
Yara detected Costura Assembly Loader
Yara detected Record Stealer
Yara detected Remcos RAT
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 652406 Sample: 8TAeJ7kOCe.exe Startdate: 26/06/2022 Architecture: WINDOWS Score: 100 116 tuekisaa.ac.ug 2->116 118 parthaha.ac.ug 2->118 120 2 other IPs or domains 2->120 130 Snort IDS alert for network traffic 2->130 132 Malicious sample detected (through community Yara rule) 2->132 134 Antivirus detection for URL or domain 2->134 136 15 other signatures 2->136 11 8TAeJ7kOCe.exe 2 2->11         started        15 oobeldr.exe 2->15         started        17 oobeldr.exe 2->17         started        19 2 other processes 2->19 signatures3 process4 file5 106 C:\Users\user\AppData\Local\Temp\sdame.exe, PE32 11->106 dropped 162 Maps a DLL or memory area into another process 11->162 21 8TAeJ7kOCe.exe 30 11->21         started        26 sdame.exe 11->26         started        28 oobeldr.exe 15->28         started        30 oobeldr.exe 17->30         started        32 InstallUtil.exe 19->32         started        signatures6 process7 dnsIp8 122 193.106.191.146, 49728, 80 BOSPOR-ASRU Russian Federation 21->122 124 wiwirdo.ac.ug 21->124 98 C:\Users\user\AppData\Local\...\Rnd07ej6.exe, PE32 21->98 dropped 100 C:\Users\user\AppData\Local\...\6wa6vXiF.exe, PE32 21->100 dropped 102 C:\Users\user\AppData\Local\...\2WSW8WYK.exe, PE32+ 21->102 dropped 104 8 other files (none is malicious) 21->104 dropped 154 Tries to harvest and steal browser information (history, passwords, etc) 21->154 156 Tries to steal Crypto Currency Wallets 21->156 34 WO5r36Sh.exe 1 21->34         started        36 Rnd07ej6.exe 21->36         started        40 6wa6vXiF.exe 21->40         started        42 2WSW8WYK.exe 1 21->42         started        158 Detected unpacking (creates a PE file in dynamic memory) 26->158 160 Maps a DLL or memory area into another process 26->160 44 sdame.exe 4 81 26->44         started        47 schtasks.exe 28->47         started        file9 signatures10 process11 dnsIp12 49 InstallUtil.exe 34->49         started        90 C:\Users\user\AppData\Roaming\...\Qerdo.exe, PE32 36->90 dropped 142 Encrypted powershell cmdline option found 36->142 144 Writes to foreign memory regions 36->144 146 Injects a PE file into a foreign processes 36->146 54 InstallUtil.exe 36->54         started        56 powershell.exe 36->56         started        58 InstallUtil.exe 36->58         started        148 Uses schtasks.exe or at.exe to add and modify task schedules 40->148 60 6wa6vXiF.exe 40->60         started        62 powershell.exe 42->62         started        126 werido.ug 45.143.201.4, 49729, 49730, 49731 PATENT-MEDIA-ASRU Russian Federation 44->126 128 wiwirdo.ac.ug 44->128 92 C:\Users\user\AppData\Local\...\azne[1].exe, PE32 44->92 dropped 94 C:\Users\user\AppData\Local\...\rc[1].exe, PE32 44->94 dropped 96 C:\Users\user\AppData\Local\...\pm[1].exe, PE32+ 44->96 dropped 150 Tries to harvest and steal browser information (history, passwords, etc) 44->150 152 Tries to steal Crypto Currency Wallets 44->152 64 cmd.exe 1 44->64         started        66 conhost.exe 47->66         started        file13 signatures14 process15 dnsIp16 108 phila.ac.ug 49->108 80 C:\Users\user\AppData\...\vcruntime140.dll, PE32 49->80 dropped 82 C:\Users\user\AppData\Local\Temp\...\nss3.dll, PE32 49->82 dropped 84 C:\Users\user\AppData\Local\...\msvcp140.dll, PE32 49->84 dropped 88 45 other files (1 malicious) 49->88 dropped 138 DLL side loading technique detected 49->138 110 nikahuve.ac.ug 194.5.98.107, 49736, 49737, 49738 DANILENKODE Netherlands 54->110 112 tuekisaa.ac.ug 54->112 114 2 other IPs or domains 54->114 140 Installs a global keyboard hook 54->140 68 conhost.exe 56->68         started        86 C:\Users\user\AppData\Roaming\...\oobeldr.exe, PE32 60->86 dropped 70 schtasks.exe 60->70         started        72 conhost.exe 62->72         started        74 conhost.exe 64->74         started        76 timeout.exe 1 64->76         started        file17 signatures18 process19 process20 78 conhost.exe 70->78         started       
Detection:
remcos
Create hunting rule
Link:
https://mwdb.cert.pl/sample/79103532395036c14b755d90f9cacfdec6b588f1b031a7cba936c1b9d2ef3b51/
Threat name:
Win32.Trojan.Sinowal
Create hunting rule
Status:
Malicious
First seen:
2022-06-25 15:08:09 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
23 of 40 (57.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=peidkmrzka3mcs3vlwiptswp33dllchrway2ps5jg3a3tuxphniq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
remcos
Create hunting rule
Similar samples:
03661d07de24c7fdc11e12bc022f0f1b5a54ef2d6e578e2d34403b35d51fb44d
RecordBreaker
38210d71449f0b7d9f390c954672147b155d7314bc0a045b8f256ae60495de3a
RecordBreaker
5a80d33725dc44720c5bf641ba8adc05c49194bed8f073b4efccaeec17e8d871
RecordBreaker
5a979874ae91da8eac2f9b25898b1836ee4b50781560d83168c8ca35a061d522
RecordBreaker
89fd50a006af9537d9181a8d2dd4872cd29639150ef2ed96a93ed1c3ad1967a4
RecordBreaker
9a6542e7da5c82465fd053f020d82161a8995c3353b58ac9b3e085d70d9ecf8d
RecordBreaker
a1098873c94184cf24edd24c3883f4be52224575da34f0469ad4a525c852ef28
RecordBreaker
dc54dbd72838084b3707ff4859365733c3f6ee284a7095a6cc958e793bffe9a9
RecordBreaker
+ 3'141 additional samples on MalwareBazaar
Result
Malware family:
remcos
Create hunting rule
Score:
  10/10
Tags:
family:arkei family:azorult family:recordbreaker family:remcos botnet:06192022 botnet:default discovery infostealer persistence rat spyware stealer suricata trojan
Link:
https://tria.ge/reports/220626-jksztacaf8/
Behaviour
Checks processor information in registry
Creates scheduled task(s)
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Checks installed software on the system
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Executes dropped EXE
Arkei
Azorult
RecordBreaker
Remcos
suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
suricata: ET MALWARE Generic Stealer Config Download Request
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M13
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M4
suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
Malware Config
C2 Extraction:
http://193.106.191.146/
http://185.215.113.89/
http://195.245.112.115/index.php
nikahuve.ac.ug:6968
kalskala.ac.ug:6968
tuekisaa.ac.ug:6968
parthaha.ac.ug:6968
Unpacked files
SH256 hash:
48e1fb9801261bfe6d59bce75aadef4859f6002a4e83bc11b0b112b4d24138f7
MD5 hash:
aa015b7dc3a250dd9dac0b0203c3df96
SHA1 hash:
38c73ec3596c273969e1902a322267d763a0df28
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
f2748ccd402a3a263beb7167dba993847caf25a57f50e4cad4d2e0abbb8b152c
MD5 hash:
d07c5b3c88a4be1675e77777f5025124
SHA1 hash:
32b7d2844c82b5a41fabdca397d749a06f14f02c
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
29da1f0ef92d9fa0827b4d48a14b14a3d68f07b2f8225b05e07f0faac8e3ff79
MD5 hash:
a8dc457d4e5e4d457db515c68f959947
SHA1 hash:
57f48ab049f79e4de34dba289d366439bf02cbaa
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
f2748ccd402a3a263beb7167dba993847caf25a57f50e4cad4d2e0abbb8b152c
MD5 hash:
d07c5b3c88a4be1675e77777f5025124
SHA1 hash:
32b7d2844c82b5a41fabdca397d749a06f14f02c
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
cae1c9962a12d42d5c0bd21fdd5bd0ef482f9d89b0b73706dec65a74b47be5b0
MD5 hash:
39b00e8bdbac7b925b6d9a24ce37c47a
SHA1 hash:
5ccc2fa5a41319a5697e91db274d47ca4e7f3944
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
67ebb792378a8c2559941e562dffbf46bca42741f65306977c8a9f6424131cce
MD5 hash:
8c6070373706fa90c779287adc960025
SHA1 hash:
f44393fd2d10e5b800043c72a604c8a771a50399
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
1c68f56d3a1548e57d4e006d1e2da6c5555d5c8d25faded22ac5d7b5b3c93c2c
MD5 hash:
48a0172e6db6efc03b13652fb02d69df
SHA1 hash:
3b7798595d512c5cdb1681991b4dc9036bb657db
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
67ebb792378a8c2559941e562dffbf46bca42741f65306977c8a9f6424131cce
MD5 hash:
8c6070373706fa90c779287adc960025
SHA1 hash:
f44393fd2d10e5b800043c72a604c8a771a50399
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
1b28d571d9bce1b66c67c00e29524f7b869fa9b75ea75bcf354c98bd23abfd3d
MD5 hash:
2aa7cecd0563328460160e4419f0b243
SHA1 hash:
12ac09a4dc82e6504a346a55f7e4de3b268a2b93
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
41143b3c45b9ec3b56ca9f332a2847711ba5f8480876b62f22e9e73c174a3546
MD5 hash:
8f43ab4f432345a05fedc256cd392b08
SHA1 hash:
37b8117366e9cce2feb2d66b213c37f1b5334939
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
3630a024fb809612371dd380ab36dc4549c8d189b77d641001d03cc5ab794005
MD5 hash:
5c54c803addb3d527c8b50754594e62b
SHA1 hash:
5d2e8fac77453610fb61a042c9e6cad2523f2012
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
41143b3c45b9ec3b56ca9f332a2847711ba5f8480876b62f22e9e73c174a3546
MD5 hash:
8f43ab4f432345a05fedc256cd392b08
SHA1 hash:
37b8117366e9cce2feb2d66b213c37f1b5334939
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
656f87aea2aa7b4f74b4103c9f9036c213d45488ae6fd5dedced3f656eafc188
MD5 hash:
79ccc23c026fdccac094da1329f164ff
SHA1 hash:
33747b24cce57a6f9b4da8fcd42b066338a6400d
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
35f2f66d87867f88b02c8307ae4e38725110b54ef6a947fb752dd26f96d5d2ed
MD5 hash:
519bc5e3a27c3c0f76f0f7fa031f56fb
SHA1 hash:
147a1a60d1921778765b467fdee76137b9a51cc8
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
d928c814f513f8c318dab308559679f3dac756a50f0cd2dc7ee36158c7be1bb1
MD5 hash:
87c73e50e4c86579d252cfe61070d368
SHA1 hash:
be35b48fe6d769da3c136d35ec53c7c3c0ecee35
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
d2a32cd77d9a2df1c5e4e5ce3a7079d7f32721acecaafe3923d75069e44a47b1
MD5 hash:
c63d6e2c238d484a20ab459fa7ce8691
SHA1 hash:
bd26e9575eb3626b35c11439eb268f3e8d0738fc
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
3ac9123fb8ea37793868322d92558d1d03f6748591ed18f1d82e96f7ffa89a7b
MD5 hash:
75d342dfa6c773e98196e9ccf389da2d
SHA1 hash:
997f9b0169caa7abe60077b6e0e6f46bd333085e
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
0a7a9aa566f14d564a3dbe3d1f340d92dacb84e6cac21576c5758af3627c1a20
MD5 hash:
0798d420458eacaa33fe7cac6eb32da6
SHA1 hash:
688885f1954749b4ce3dee9757cfb5fca08197f2
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
035af24c5af0592e6c94813439342a245980ea2c494529ac2884c1020c214a55
MD5 hash:
49dee3f33b34a1a208b6ee1bff972f1b
SHA1 hash:
cf8e73378f8a857c2860d6cba1f6a73f877ae7fd
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
7786b2b52f6f159a082613afd537d3da54877178d8fed179fb4ccc80243ea6c9
MD5 hash:
0958517794b5d8abc81603b4df41c061
SHA1 hash:
460ce61d36ee29cd621edefc8d7a51d261ed625e
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
48e1fb9801261bfe6d59bce75aadef4859f6002a4e83bc11b0b112b4d24138f7
MD5 hash:
aa015b7dc3a250dd9dac0b0203c3df96
SHA1 hash:
38c73ec3596c273969e1902a322267d763a0df28
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
f2748ccd402a3a263beb7167dba993847caf25a57f50e4cad4d2e0abbb8b152c
MD5 hash:
d07c5b3c88a4be1675e77777f5025124
SHA1 hash:
32b7d2844c82b5a41fabdca397d749a06f14f02c
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
29da1f0ef92d9fa0827b4d48a14b14a3d68f07b2f8225b05e07f0faac8e3ff79
MD5 hash:
a8dc457d4e5e4d457db515c68f959947
SHA1 hash:
57f48ab049f79e4de34dba289d366439bf02cbaa
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
f2748ccd402a3a263beb7167dba993847caf25a57f50e4cad4d2e0abbb8b152c
MD5 hash:
d07c5b3c88a4be1675e77777f5025124
SHA1 hash:
32b7d2844c82b5a41fabdca397d749a06f14f02c
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
cae1c9962a12d42d5c0bd21fdd5bd0ef482f9d89b0b73706dec65a74b47be5b0
MD5 hash:
39b00e8bdbac7b925b6d9a24ce37c47a
SHA1 hash:
5ccc2fa5a41319a5697e91db274d47ca4e7f3944
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
67ebb792378a8c2559941e562dffbf46bca42741f65306977c8a9f6424131cce
MD5 hash:
8c6070373706fa90c779287adc960025
SHA1 hash:
f44393fd2d10e5b800043c72a604c8a771a50399
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
1c68f56d3a1548e57d4e006d1e2da6c5555d5c8d25faded22ac5d7b5b3c93c2c
MD5 hash:
48a0172e6db6efc03b13652fb02d69df
SHA1 hash:
3b7798595d512c5cdb1681991b4dc9036bb657db
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
67ebb792378a8c2559941e562dffbf46bca42741f65306977c8a9f6424131cce
MD5 hash:
8c6070373706fa90c779287adc960025
SHA1 hash:
f44393fd2d10e5b800043c72a604c8a771a50399
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
1b28d571d9bce1b66c67c00e29524f7b869fa9b75ea75bcf354c98bd23abfd3d
MD5 hash:
2aa7cecd0563328460160e4419f0b243
SHA1 hash:
12ac09a4dc82e6504a346a55f7e4de3b268a2b93
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
41143b3c45b9ec3b56ca9f332a2847711ba5f8480876b62f22e9e73c174a3546
MD5 hash:
8f43ab4f432345a05fedc256cd392b08
SHA1 hash:
37b8117366e9cce2feb2d66b213c37f1b5334939
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
3630a024fb809612371dd380ab36dc4549c8d189b77d641001d03cc5ab794005
MD5 hash:
5c54c803addb3d527c8b50754594e62b
SHA1 hash:
5d2e8fac77453610fb61a042c9e6cad2523f2012
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
41143b3c45b9ec3b56ca9f332a2847711ba5f8480876b62f22e9e73c174a3546
MD5 hash:
8f43ab4f432345a05fedc256cd392b08
SHA1 hash:
37b8117366e9cce2feb2d66b213c37f1b5334939
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
656f87aea2aa7b4f74b4103c9f9036c213d45488ae6fd5dedced3f656eafc188
MD5 hash:
79ccc23c026fdccac094da1329f164ff
SHA1 hash:
33747b24cce57a6f9b4da8fcd42b066338a6400d
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
35f2f66d87867f88b02c8307ae4e38725110b54ef6a947fb752dd26f96d5d2ed
MD5 hash:
519bc5e3a27c3c0f76f0f7fa031f56fb
SHA1 hash:
147a1a60d1921778765b467fdee76137b9a51cc8
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
d928c814f513f8c318dab308559679f3dac756a50f0cd2dc7ee36158c7be1bb1
MD5 hash:
87c73e50e4c86579d252cfe61070d368
SHA1 hash:
be35b48fe6d769da3c136d35ec53c7c3c0ecee35
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
d2a32cd77d9a2df1c5e4e5ce3a7079d7f32721acecaafe3923d75069e44a47b1
MD5 hash:
c63d6e2c238d484a20ab459fa7ce8691
SHA1 hash:
bd26e9575eb3626b35c11439eb268f3e8d0738fc
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
3ac9123fb8ea37793868322d92558d1d03f6748591ed18f1d82e96f7ffa89a7b
MD5 hash:
75d342dfa6c773e98196e9ccf389da2d
SHA1 hash:
997f9b0169caa7abe60077b6e0e6f46bd333085e
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
0a7a9aa566f14d564a3dbe3d1f340d92dacb84e6cac21576c5758af3627c1a20
MD5 hash:
0798d420458eacaa33fe7cac6eb32da6
SHA1 hash:
688885f1954749b4ce3dee9757cfb5fca08197f2
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
035af24c5af0592e6c94813439342a245980ea2c494529ac2884c1020c214a55
MD5 hash:
49dee3f33b34a1a208b6ee1bff972f1b
SHA1 hash:
cf8e73378f8a857c2860d6cba1f6a73f877ae7fd
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
7786b2b52f6f159a082613afd537d3da54877178d8fed179fb4ccc80243ea6c9
MD5 hash:
0958517794b5d8abc81603b4df41c061
SHA1 hash:
460ce61d36ee29cd621edefc8d7a51d261ed625e
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
SH256 hash:
79103532395036c14b755d90f9cacfdec6b588f1b031a7cba936c1b9d2ef3b51
MD5 hash:
d9c650fdcc961cfb86baaff737d8c7bd
SHA1 hash:
0a5d1730dbd7c2d925c88bf1bd3c726ba6f62e2d
Link:
https://www.unpac.me/results/18e7a662-e7dc-45b9-9a93-892b27b8337a/
Malware family:
Remcos
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/791035323950/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.25
Link:
https://yomi.yoroi.company/submissions/79103532395036c14b755d90f9cacfdec6b588f1b031a7cba936c1b9d2ef3b51

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Lokibot_Stealer
Create hunting rule
Description:Detects Lokibot Stealer Variants
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:Recordbreaker
Create hunting rule
Author:@_FirehaK <yara@firehak.com>
Description:Recordbreaker is an information stealer capable of downloading and executing secondary payloads. It has been spreading through fake software cracks and keygens since May 2022.
Reference:https://twitter.com/_FirehaK/status/1534997159937982464
Rule name:Redline_Stealer_Monitor
Create hunting rule
Description:Detects RedLine Stealer Variants
Rule name:Windows_Trojan_Clipbanker
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe 79103532395036c14b755d90f9cacfdec6b588f1b031a7cba936c1b9d2ef3b51

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1746813/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/437013/
  
URLhaus
https://urlhaus.abuse.ch/url/2223026/
  
URLhaus
https://urlhaus.abuse.ch/url/1539388/
  
URLhaus
https://urlhaus.abuse.ch/url/1746809/
  
URLhaus
https://urlhaus.abuse.ch/url/2202207/
  
URLhaus
https://urlhaus.abuse.ch/url/265919/
Cape
Cape
https://www.capesandbox.com/analysis/283302/

Comments