RecordBreaker Malware Analizi

Dosya Ozellikleri

SHA256: 77546e4fdc3323633d7ab065dd65e48869799e715015d760424fa43af1c4b3c4

MD5: 736a8adcae73352be7b0d86c5f21518b

Dosya Tipi: exe

Boyut: 585,728 byte

Ilk Gorulme: 2022-12-09

AV Imzasi: RecordBreaker

Imphash: 4cea7ae85c87ddc7295d39ff9cda31d1

Raporlayan: abuse_ch

Etiketler: exe, recordbreaker

Statik analiz: metadata tabanli (ornek indirilmedi)

RecordBreaker — Malware Profile

RecordBreaker Raccoon 2.0 stealer. BABYKEYXOE XOR key hidden message. 72-char uppercase encrypted config. press developer debug PDB. MD5 decryptor.

Malware Type
Infostealer
Programming Language
C++
C2 Protocol
HTTP
Target Systems
Windows
Also Known As (AKA)
Raccoon2

Technical Details

Infostealer ailesi: TCP C2 protokolu, kalicilik mekanizmasi (Registry/Task Scheduler), keylogger, ekran goruntüsü, uzak kabuk, dosya yoneticisi, process manager, anti-analiz kontrolleri

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (1 indicators)

IOC — RecordBreaker
# FILEPATH 77546e4fdc3323633d7ab065dd65e48869799e715015d760424fa43af1c4b3c4
TypeValueNote
filepath 77546e4fdc3323633d7ab065dd65e48869799e715015d760424fa43af1c4b3c4 PDB

C2 Servers (2 recorded servers for this family)

Address Type Port Protocol Status Country
188.120.241.201 ip 80 HTTP active RU
103.124.105.230 ip 443 HTTPS inactive IN

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
exerecordbreaker