asyncrat

Target

201001-nyhbt4p25j_pw_infected.rar
Size

114.9MB
Sample

201001-cgj9prs442
MD5

7a7face67d38a7e6fd5279ed9effd860
SHA1

c851f2828df6d94aea77c5338254eac951185294
SHA256

3a27b002eab25417e6ef4cdeb35edd40755a0a20f6c701842f10bfa9448e5c89
SHA512

51494d908cb91759bb125b9d2d176a0bcc326f92bd16d6220078d9048ea2e8fd2cb59a62c7914e2f24091b36dcee9d69253ae3ef43a23f6a5b3665380adc5eae

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://bit.do/fqhHT

exe.dropper

http://bit.do/fqhHT

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://zxvbcrt.ug/zxcvb.exe

exe.dropper

http://zxvbcrt.ug/zxcvb.exe

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://pdshcjvnv.ug/zxcvb.exe

exe.dropper

http://pdshcjvnv.ug/zxcvb.exe

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://bit.do/fqhJv

exe.dropper

http://bit.do/fqhJv

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://bit.do/fqhJD

exe.dropper

http://bit.do/fqhJD

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://rbcxvnb.ug/zxcvb.exe

exe.dropper

http://rbcxvnb.ug/zxcvb.exe

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note

[Raccoon Stealer] - v1.5.13-af-hotfix Release Build compiled on Mon Jul 6 14:33:02 2020 Launched at: 2020.10.01 - 21:17:22 GMT Bot_ID: 992575D9-3ACE-4400-98F7-F39D82F3369F_Admin Running on a desktop =R=A=C=C=O=O=N= - Cookies: 0 - Passwords: 0 - Files: 0 System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.51 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: ELJKIHEZ - Username: Admin - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (459 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note

[Raccoon Stealer] - v1.5.13-af-hotfix Release Build compiled on Mon Jul 6 14:33:02 2020 Launched at: 2020.10.01 - 23:24:29 GMT Bot_ID: 750D7400-3B08-415E-A8B0-2695D81425F5_Admin Running on a desktop =R=A=C=C=O=O=N= - Cookies: 0 - Passwords: 0 - Files: 0 System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.13 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: UCQFZDUI - Username: Admin - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (457 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note

[Raccoon Stealer] - v1.5.13-af-hotfix Release Build compiled on Mon Jul 6 14:33:02 2020 Launched at: 2020.10.01 - 23:24:00 GMT Bot_ID: 18823CA4-5761-4226-8787-CF36135F1C68_Admin Running on a desktop =R=A=C=C=O=O=N= - Cookies: 0 - Passwords: 5 - Files: 0 System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.13 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: LZUKLIOU - Username: Admin - Windows version: NT 10.0 - Product name: Windows 10 Pro - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 4095 MB (832 MB used) - Screen resolution: 1280x720 - Display devices: 0) Microsoft Basic Display Adapter ============

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note

[Raccoon Stealer] - v1.5.13-af-hotfix Release Build compiled on Mon Jul 6 14:33:02 2020 Launched at: 2020.10.01 - 23:24:34 GMT Bot_ID: 750D7400-3B08-415E-A8B0-2695D81425F5_Admin Running on a desktop =R=A=C=C=O=O=N= - Cookies: 0 - Passwords: 0 - Files: 0 System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.13 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: UCQFZDUI - Username: Admin - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (514 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Targets

- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (10) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware stealer raccoon trojan modiloader infostealer azorult discovery evasion oski rat asyncrat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (10).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware discovery evasion trojan modiloader infostealer azorult oski stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (100) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware stealer raccoon spyware evasion trojan infostealer oski discovery modiloader azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (101) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware evasion trojan stealer raccoon infostealer oski discovery modiloader azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (102) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware evasion trojan infostealer azorult stealer raccoon modiloader spyware oski discovery
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral9 behavioral10
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (103) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

spyware infostealer oski trojan azorult discovery
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral11 behavioral12
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (104) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult discovery spyware oski
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral13 behavioral14
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (105) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral15 behavioral16
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (106) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (107) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (108) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (109) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral23 behavioral24
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (11) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (11).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (110) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (111) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

1^/10
behavioral31 behavioral32
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (112) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral33 behavioral34
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (113) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
behavioral35 behavioral36
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (114) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
behavioral37 behavioral38
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (115) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware evasion trojan discovery spyware modiloader infostealer oski stealer raccoon azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral39 behavioral40
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (116) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral41 behavioral42
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (117) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral43 behavioral44
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (118) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral45 behavioral46
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (119) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware evasion trojan infostealer oski spyware discovery modiloader azorult stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral47 behavioral48
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (12) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware evasion trojan stealer raccoon infostealer azorult oski discovery modiloader
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral49 behavioral50
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (12).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan modiloader infostealer oski evasion persistence azorult spyware discovery rat asyncrat stealer raccoon
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral51 behavioral52
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (120) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware evasion trojan modiloader spyware discovery stealer raccoon infostealer azorult oski
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral53 behavioral54
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (121) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware infostealer oski spyware trojan azorult evasion stealer raccoon modiloader discovery
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral55 behavioral56
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (122) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult spyware discovery evasion modiloader oski stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral57 behavioral58
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (123) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult spyware discovery evasion oski rat asyncrat stealer raccoon persistence modiloader
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral59 behavioral60
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (124) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral61 behavioral62
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (125) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral63 behavioral64
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (126) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral65 behavioral66
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (127) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

spyware trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral67 behavioral68
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (128) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral69 behavioral70
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (129) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral71 behavioral72
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (13) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral73 behavioral74
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (13).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral75 behavioral76
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (130) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral77 behavioral78
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (131) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral79 behavioral80
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (14) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral81 behavioral82
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (14).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral83 behavioral84
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (15) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral85 behavioral86
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (15).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral87 behavioral88
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (16) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral89 behavioral90
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (16).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral91 behavioral92
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (17) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

1^/10
behavioral93 behavioral94
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (17).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral95 behavioral96
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (18) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult oski spyware discovery stealer raccoon modiloader
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral97 behavioral98
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (18).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult spyware discovery oski evasion stealer raccoon modiloader
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral99 behavioral100
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (19) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult discovery evasion spyware modiloader oski stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral101 behavioral102
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (19).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware stealer raccoon spyware discovery evasion trojan rat asyncrat infostealer azorult oski modiloader persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral103 behavioral104
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (2) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral105 behavioral106
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (2).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware infostealer oski spyware discovery rat asyncrat persistence trojan modiloader stealer raccoon evasion azorult
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral107 behavioral108
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (20) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware evasion trojan infostealer azorult discovery rat asyncrat modiloader stealer raccoon oski persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral109 behavioral110
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (20).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral111 behavioral112
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (21) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan modiloader spyware evasion stealer raccoon infostealer azorult oski discovery
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral113 behavioral114
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (21).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral115 behavioral116
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (22) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware infostealer oski evasion trojan stealer raccoon modiloader azorult discovery rat asyncrat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral117 behavioral118
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (22).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan modiloader infostealer azorult spyware oski discovery evasion stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral119 behavioral120
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (23) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware evasion trojan modiloader infostealer azorult oski discovery stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral121 behavioral122
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (23).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware stealer raccoon trojan modiloader infostealer azorult oski evasion rat asyncrat discovery
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral123 behavioral124
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (24) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult rat asyncrat evasion oski stealer raccoon modiloader discovery spyware
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral125 behavioral126
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (24).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan modiloader spyware infostealer oski discovery stealer raccoon azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral127 behavioral128
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (25) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

discovery spyware trojan infostealer azorult oski
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral129 behavioral130
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (25).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral131 behavioral132
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (26) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral133 behavioral134
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (26).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral135 behavioral136
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (27) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral137 behavioral138
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (27).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral139 behavioral140
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (28) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral141 behavioral142
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (28).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral143 behavioral144
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (29) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral145 behavioral146
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (29).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
behavioral147 behavioral148
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (3) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

infostealer oski spyware discovery trojan azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral149 behavioral150
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (3).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral151 behavioral152
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (30) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral153 behavioral154
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (30).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult spyware oski discovery ransomware evasion modiloader stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral155 behavioral156
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (31) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

infostealer oski spyware discovery trojan azorult ransomware evasion modiloader stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral157 behavioral158
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (31).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult spyware stealer raccoon modiloader oski evasion rat asyncrat discovery
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral159 behavioral160
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (32) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware discovery evasion trojan infostealer oski spyware stealer raccoon modiloader azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral161 behavioral162
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (32).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult discovery spyware evasion oski stealer raccoon modiloader
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral163 behavioral164
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (33) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware stealer raccoon spyware persistence evasion trojan modiloader infostealer oski azorult discovery rat asyncrat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral165 behavioral166
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (33).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware infostealer oski evasion trojan persistence stealer raccoon azorult spyware discovery rat asyncrat modiloader
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral167 behavioral168
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (34) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware stealer raccoon discovery spyware rat asyncrat trojan modiloader infostealer azorult evasion oski
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral169 behavioral170
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (34).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware stealer raccoon discovery evasion trojan modiloader infostealer azorult oski
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral171 behavioral172
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (35) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult spyware discovery oski evasion stealer raccoon modiloader
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral173 behavioral174
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (35).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult oski spyware discovery
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral175 behavioral176
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (36) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral177 behavioral178
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (36).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware evasion trojan infostealer azorult stealer raccoon modiloader spyware discovery oski
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral179 behavioral180
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (37) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral181 behavioral182
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (37).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral183 behavioral184
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (38) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies service
  persistence
behavioral185 behavioral186
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (38).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral187 behavioral188
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (39) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral189 behavioral190
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (4) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral191 behavioral192
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (4).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
behavioral193 behavioral194
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (40) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral195 behavioral196
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (41) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral197 behavioral198
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (42) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral199 behavioral200
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (43) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral201 behavioral202
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (44) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral203 behavioral204
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (45) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral205 behavioral206
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (46) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral207 behavioral208
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (47) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral209 behavioral210
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (48) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral211 behavioral212
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (49) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral213 behavioral214
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (5) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral215 behavioral216
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (5).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware trojan infostealer azorult oski discovery stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral217 behavioral218
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (50) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral219 behavioral220
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (51) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral221 behavioral222
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (52) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral223 behavioral224
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (53) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral225 behavioral226
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (54) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral227 behavioral228
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (55) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral229 behavioral230
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (56) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral231 behavioral232
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (57) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral233 behavioral234
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (58) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral235 behavioral236
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (59) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral237 behavioral238
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (6) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral239 behavioral240
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (6).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware stealer raccoon trojan modiloader evasion infostealer azorult oski discovery
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral241 behavioral242
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (60) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

spyware discovery trojan infostealer azorult oski
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral243 behavioral244
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (61) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral245 behavioral246
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (62) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral247 behavioral248
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (63) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral249 behavioral250
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (64) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral251 behavioral252
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (65) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral253 behavioral254
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (66) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral255 behavioral256
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (67) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies service
  persistence
behavioral257 behavioral258
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (68) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral259 behavioral260
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (69) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral261 behavioral262
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (7) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral263 behavioral264
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (7).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral265 behavioral266
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (70) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral267 behavioral268
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (71) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral269 behavioral270
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (72) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral271 behavioral272
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (73) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral273 behavioral274
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (74) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
behavioral275 behavioral276
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (75) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
behavioral277 behavioral278
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (76) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral279 behavioral280
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (77) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral281 behavioral282
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (78) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral283 behavioral284
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (79) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware rat asyncrat discovery evasion trojan stealer raccoon infostealer oski azorult modiloader
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral285 behavioral286
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (8) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan modiloader spyware rat asyncrat infostealer oski evasion discovery stealer raccoon azorult
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral287 behavioral288
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (8).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware infostealer oski discovery spyware evasion trojan rat asyncrat persistence azorult stealer raccoon modiloader
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral289 behavioral290
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (80) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult oski discovery spyware stealer raccoon modiloader
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral291 behavioral292
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (81) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware infostealer oski evasion trojan modiloader stealer raccoon discovery rat asyncrat azorult
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral293 behavioral294
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (82) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware evasion trojan persistence discovery rat asyncrat modiloader infostealer azorult stealer raccoon spyware oski
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral295 behavioral296
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (83) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult spyware oski stealer raccoon modiloader discovery
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral297 behavioral298
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (84) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware evasion trojan stealer raccoon spyware infostealer azorult discovery modiloader oski
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral299 behavioral300
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (85) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware evasion trojan modiloader spyware discovery stealer raccoon infostealer oski azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral301 behavioral302
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (86) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult spyware
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral303 behavioral304
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (87) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral305 behavioral306
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (88) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware stealer raccoon evasion trojan infostealer oski discovery modiloader azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral307 behavioral308
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (89) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

spyware trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral309 behavioral310
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (9) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

spyware discovery infostealer oski trojan azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral311 behavioral312
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (9).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

discovery spyware infostealer oski trojan azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral313 behavioral314
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (90) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

infostealer oski spyware discovery trojan azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral315 behavioral316
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (91) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult oski spyware discovery stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral317 behavioral318
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (92) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

trojan infostealer azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral319 behavioral320
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (93) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware rat asyncrat stealer raccoon trojan infostealer azorult discovery modiloader oski evasion
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral321 behavioral322
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (94) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware infostealer oski spyware evasion trojan discovery stealer raccoon azorult modiloader
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral323 behavioral324
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (95) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware discovery evasion trojan stealer raccoon modiloader infostealer oski azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral325 behavioral326
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (96) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware infostealer oski spyware evasion trojan rat asyncrat discovery azorult stealer raccoon modiloader
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral327 behavioral328
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (97) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult oski spyware evasion discovery stealer raccoon modiloader
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral329 behavioral330
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (98) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult spyware evasion rat asyncrat modiloader oski discovery stealer raccoon
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral331 behavioral332
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия (99) — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware discovery evasion trojan infostealer azorult stealer raccoon modiloader oski
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral333 behavioral334
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия — копия (2).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware evasion trojan rat asyncrat persistence modiloader infostealer azorult discovery stealer raccoon oski
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral335 behavioral336
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия — копия (3).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral337 behavioral338
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия — копия (4).exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware evasion trojan modiloader spyware stealer raccoon infostealer oski rat asyncrat azorult discovery
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral339 behavioral340
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware stealer raccoon spyware discovery trojan modiloader infostealer oski evasion azorult
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral341 behavioral342
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen — копия.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware spyware trojan infostealer azorult oski evasion stealer raccoon rat asyncrat modiloader discovery
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- ModiLoader First Stage
- ModiLoader Second Stage
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral343 behavioral344
- Target
  
  201001-nyhbt4p25j_pw_infected/Keygen.exe
- Size
  
  849KB
- MD5
  
  dbde61502c5c0e17ebc6919f361c32b9
- SHA1
  
  189749cf0b66a9f560b68861f98c22cdbcafc566
- SHA256
  
  88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
- SHA512
  
  d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
Score

10^/10

ransomware trojan infostealer azorult oski discovery spyware stealer raccoon
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon log file
  Detects a log file produced by the Raccoon Stealer.
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- JavaScript code in executable
- Suspicious use of SetThreadContext
behavioral345 behavioral346

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

281

T1112

Disabling Security Tools

110

T1089

Install Root Certificate

T1130

Credential Access

Credentials in Files

206

T1081

Discovery

Query Registry

142

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

206

T1005

Exfiltration

Command and Control

Impact

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Azorult

Contains code to disable Windows Defender

ModiLoader, DBatLoader

Modifies Windows Defender Real-time Protection settings

Oski

Raccoon

Raccoon log file

ModiLoader First Stage

ModiLoader Second Stage

Blacklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Windows security modification

Accesses cryptocurrency wallets, possible credential harvesting

Checks installed software on the system

Drops desktop.ini file(s)

JavaScript code in executable

Suspicious use of SetThreadContext

Azorult

Contains code to disable Windows Defender

ModiLoader, DBatLoader

Modifies Windows Defender Real-time Protection settings

Oski

Raccoon

Raccoon log file

ModiLoader First Stage

ModiLoader Second Stage

Blacklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Windows security modification

Accesses cryptocurrency wallets, possible credential harvesting

Checks installed software on the system

Drops desktop.ini file(s)

JavaScript code in executable

Suspicious use of SetThreadContext

Azorult

Contains code to disable Windows Defender

ModiLoader, DBatLoader

Modifies Windows Defender Real-time Protection settings

Oski

Raccoon

Raccoon log file

ModiLoader First Stage

Blacklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Windows security modification

Accesses cryptocurrency wallets, possible credential harvesting

Checks installed software on the system

Drops desktop.ini file(s)

JavaScript code in executable

Suspicious use of SetThreadContext

Azorult

Contains code to disable Windows Defender

ModiLoader, DBatLoader

Modifies Windows Defender Real-time Protection settings

Oski