RecordBreaker Infostealer Disguised as a Well-known Korean Software - ASEC BLOG
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 3493a967-68d9-4623-9689-bcd1b3a27ac9
Fingerprint a51c9a678ff786b7
Analysis status DONE
Considered CTI value 2
Text language
Published May 15, 2023, 8 a.m.
Added to db May 15, 2023, 6:20 a.m.
Last updated Oct. 18, 2024, 5:04 p.m.
Headline RecordBreaker Infostealer Disguised as a Well-known Korean Software
Title RecordBreaker Infostealer Disguised as a Well-known Korean Software - ASEC BLOG
Detected Hints/Tags/Attributes 33/1/22
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/52542/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 17 ASEC https://asec.ahnlab.com/en/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 14 
read.me
Details File 3 
passkey_55551-completefilet1.rar
Details File 3 
fullsetup.rar
Details File 13 
me.txt
Details File 3 
37836632498586869767.bin
Details md5 2 
51967006b0c9cab093abcd8d920d271f
Details md5 2 
1c057fd80041bcacd09bb26ae5139570
Details md5 2 
2171d9ab9b1e6b377b498f028da895fb
Details md5 2 
2f73e418af5f3700358a8e0d7ce96718
Details md5 2 
72841262c11d15b3913684253ac34161
Details md5 2 
995459fea54ef72330251430f43e11ef
Details md5 2 
faf196f338a72d3e49eb898e3e2929a3
Details IPv4 3 
167.99.47.96
Details IPv4 2 
193.233.232.250
Details IPv4 2 
212.113.106.9
Details IPv4 3 
94.142.138.176
Details IPv4 2 
94.142.138.175
Details Url 2 
http://167.99.47.96/s5y8f9i3f1q2j6b/37836632498586869767.bin
Details Url 2 
http://193.233.232.250
Details Url 2 
http://212.113.106.9
Details Url 2 
http://94.142.138.176
Details Url 2 
http://94.142.138.175