Overview

overview

10

Static

static

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...0).exe

windows7_x64

10

201001-nyh...0).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...1).exe

windows7_x64

10

201001-nyh...1).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...2).exe

windows7_x64

10

201001-nyh...2).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...3).exe

windows7_x64

10

201001-nyh...3).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...4).exe

windows7_x64

8

201001-nyh...4).exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

8

201001-nyh...5).exe

windows7_x64

10

201001-nyh...5).exe

windows10_x64

1

201001-nyh...я.exe

windows7_x64

1

201001-nyh...я.exe

windows10_x64

8

201001-nyh...6).exe

windows7_x64

1

201001-nyh...6).exe

windows10_x64

1

201001-nyh...я.exe

windows7_x64

1

201001-nyh...я.exe

windows10_x64

1

201001-nyh...7).exe

windows7_x64

1

201001-nyh...7).exe

windows10_x64

1

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...8).exe

windows7_x64

8

201001-nyh...8).exe

windows10_x64

1

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

10

201001-nyh...9).exe

windows7_x64

1

201001-nyh...9).exe

windows10_x64

1

201001-nyh...я.exe

windows7_x64

1

201001-nyh...я.exe

windows10_x64

1

201001-nyh...2).exe

windows7_x64

8

201001-nyh...2).exe

windows10_x64

9

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

1

201001-nyh...0).exe

windows7_x64

1

201001-nyh...0).exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...1).exe

windows7_x64

10

201001-nyh...1).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...2).exe

windows7_x64

1

201001-nyh...2).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

10

201001-nyh...3).exe

windows7_x64

10

201001-nyh...3).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...4).exe

windows7_x64

10

201001-nyh...4).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...5).exe

windows7_x64

10

201001-nyh...5).exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...6).exe

windows7_x64

10

201001-nyh...6).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...7).exe

windows7_x64

10

201001-nyh...7).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...8).exe

windows7_x64

8

201001-nyh...8).exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

1

201001-nyh...9).exe

windows7_x64

1

201001-nyh...9).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

1

201001-nyh...3).exe

windows7_x64

1

201001-nyh...3).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

10

201001-nyh...0).exe

windows7_x64

8

201001-nyh...0).exe

windows10_x64

1

201001-nyh...я.exe

windows7_x64

1

201001-nyh...я.exe

windows10_x64

8

201001-nyh...1).exe

windows7_x64

1

201001-nyh...1).exe

windows10_x64

1

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

1

201001-nyh...2).exe

windows7_x64

1

201001-nyh...2).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

10

201001-nyh...3).exe

windows7_x64

10

201001-nyh...3).exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...4).exe

windows7_x64

10

201001-nyh...4).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...5).exe

windows7_x64

8

201001-nyh...5).exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...6).exe

windows7_x64

10

201001-nyh...6).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...7).exe

windows7_x64

10

201001-nyh...7).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...8).exe

windows7_x64

10

201001-nyh...8).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...4).exe

windows7_x64

10

201001-nyh...4).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...5).exe

windows7_x64

10

201001-nyh...5).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

1

201001-nyh...я.exe

windows10_x64

1

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...6).exe

windows7_x64

10

201001-nyh...6).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...7).exe

windows7_x64

10

201001-nyh...7).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

1

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

8

201001-nyh...я.exe

windows10_x64

1

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...8).exe

windows7_x64

10

201001-nyh...8).exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...9).exe

windows7_x64

10

201001-nyh...9).exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...2).exe

windows7_x64

8

201001-nyh...2).exe

windows10_x64

8

201001-nyh...3).exe

windows7_x64

1

201001-nyh...3).exe

windows10_x64

10

201001-nyh...4).exe

windows7_x64

10

201001-nyh...4).exe

windows10_x64

8

201001-nyh...я.exe

windows7_x64

1

201001-nyh...я.exe

windows10_x64

10

201001-nyh...я.exe

windows7_x64

10

201001-nyh...я.exe

windows10_x64

10

201001-nyh...en.exe

windows7_x64

10

201001-nyh...en.exe

windows10_x64

10

Resubmissions

02-10-2020 21:14

201002-pjxdl9y6a6 10

01-10-2020 20:51

201001-e45lwcxsnn 10

01-10-2020 20:51

201001-fhxddb9gwe 10

01-10-2020 20:51

201001-ts8hns28ea 10

01-10-2020 20:51

201001-v1kt3kgljx 10

01-10-2020 20:51

201001-d2fbtjzv4s 10

01-10-2020 20:51

201001-cgj9prs442 10

01-10-2020 20:49

201001-t1jnpvwcgx 10

General

  • Target

    201001-nyhbt4p25j_pw_infected.rar

  • Size

    114.9MB

  • Sample

    201001-t1jnpvwcgx

  • MD5

    7a7face67d38a7e6fd5279ed9effd860

  • SHA1

    c851f2828df6d94aea77c5338254eac951185294

  • SHA256

    3a27b002eab25417e6ef4cdeb35edd40755a0a20f6c701842f10bfa9448e5c89

  • SHA512

    51494d908cb91759bb125b9d2d176a0bcc326f92bd16d6220078d9048ea2e8fd2cb59a62c7914e2f24091b36dcee9d69253ae3ef43a23f6a5b3665380adc5eae

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://zxvbcrt.ug/zxcvb.exe

exe.dropper

http://zxvbcrt.ug/zxcvb.exe

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://bit.do/fqhHT

exe.dropper

http://bit.do/fqhHT

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://bit.do/fqhJv

exe.dropper

http://bit.do/fqhJv

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://pdshcjvnv.ug/zxcvb.exe

exe.dropper

http://pdshcjvnv.ug/zxcvb.exe

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://bit.do/fqhJD

exe.dropper

http://bit.do/fqhJD

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://rbcxvnb.ug/zxcvb.exe

exe.dropper

http://rbcxvnb.ug/zxcvb.exe

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.5.13-af-hotfix Release Build compiled on Mon Jul 6 14:33:02 2020 Launched at: 2020.10.01 - 22:51:17 GMT Bot_ID: 750D7400-3B08-415E-A8B0-2695D81425F5_Admin Running on a desktop =R=A=C=C=O=O=N= - Cookies: 0 - Passwords: 0 - Files: 0 System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.13 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: UCQFZDUI - Username: Admin - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (513 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.5.13-af-hotfix Release Build compiled on Mon Jul 6 14:33:02 2020 Launched at: 2020.10.01 - 20:58:31 GMT Bot_ID: 664A9041-4AC4-46F3-B3DC-87DB4D57890E_Admin Running on a desktop =R=A=C=C=O=O=N= - Cookies: 0 - Passwords: 5 - Files: 0 System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.51 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: GOHCSFBB - Username: Admin - Windows version: NT 10.0 - Product name: Windows 10 Pro - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 4095 MB (847 MB used) - Screen resolution: 1280x720 - Display devices: 0) Microsoft Basic Display Adapter ============

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.5.13-af-hotfix Release Build compiled on Mon Jul 6 14:33:02 2020 Launched at: 2020.10.01 - 20:59:40 GMT Bot_ID: 992575D9-3ACE-4400-98F7-F39D82F3369F_Admin Running on a desktop =R=A=C=C=O=O=N= - Cookies: 0 - Passwords: 0 - Files: 0 System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.51 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: ELJKIHEZ - Username: Admin - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (454 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.5.13-af-hotfix Release Build compiled on Mon Jul 6 14:33:02 2020 Launched at: 2020.10.01 - 20:59:03 GMT Bot_ID: 664A9041-4AC4-46F3-B3DC-87DB4D57890E_Admin Running on a desktop =R=A=C=C=O=O=N= - Cookies: 0 - Passwords: 5 - Files: 0 System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.51 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: GOHCSFBB - Username: Admin - Windows version: NT 10.0 - Product name: Windows 10 Pro - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 4095 MB (774 MB used) - Screen resolution: 1280x720 - Display devices: 0) Microsoft Basic Display Adapter ============

Targets

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (10) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies service

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (10).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (100) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (101) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (102) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (103) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (104) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (105) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (106) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (107) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (108) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (109) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (11) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (11).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (110) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (111) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (112) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (113) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (114) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (115) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (116) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (117) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies service

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (118) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (119) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (12) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (12).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (120) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (121) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (122) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (123) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (124) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (125) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (126) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (127) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (128) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (129) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (13) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (13).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (130) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (131) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (14) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (14).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (15) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (15).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (16) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (16).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    1/10
    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (17) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    1/10
    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (17).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    1/10
    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (18) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (18).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (19) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (19).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    1/10
    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (2) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    1/10
    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (2).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    9/10
    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (20) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (20).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (21) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (21).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (22) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (22).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (23) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (23).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (24) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (24).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (25) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (25).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (26) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (26).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (27) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (27).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (28) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (28).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (29) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (29).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (3) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (3).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (30) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (30).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (31) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (31).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    1/10
    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (32) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (32).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (33) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (33).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (34) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (34).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (35) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (35).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (36) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (36).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (37) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (37).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (38) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (38).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (39) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (4) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (4).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (40) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (41) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (42) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (43) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (44) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (45) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (46) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (47) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (48) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (49) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (5) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (5).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (50) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (51) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    1/10
    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (52) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (53) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (54) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (55) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (56) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (57) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (58) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (59) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (6) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (6).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (60) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (61) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (62) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (63) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (64) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (65) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (66) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (67) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (68) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (69) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (7) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (7).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (70) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (71) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (72) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (73) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (74) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (75) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (76) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (77) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (78) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (79) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (8) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Modifies service

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (8).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Modifies service

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (80) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (81) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (82) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (83) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Modifies service

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (84) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (85) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (86) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (87) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (88) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (89) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (9) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (9).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (90) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (91) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (92) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (93) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (94) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (95) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (96) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (97) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (98) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия (99) — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия — копия (2).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия — копия (3).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия — копия (4).exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    Score
    10/10
    • Blacklisted process makes network request

    • Executes dropped EXE

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen — копия.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • ModiLoader Second Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    • Target

      201001-nyhbt4p25j_pw_infected/Keygen.exe

    • Size

      849KB

    • MD5

      dbde61502c5c0e17ebc6919f361c32b9

    • SHA1

      189749cf0b66a9f560b68861f98c22cdbcafc566

    • SHA256

      88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

    • SHA512

      d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies Windows Defender Real-time Protection settings

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • ModiLoader First Stage

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

59
T1031

Registry Run Keys / Startup Folder

9
T1060

Defense Evasion

Modify Registry

243
T1112

Disabling Security Tools

108
T1089

Install Root Certificate

54
T1130

Credential Access

Credentials in Files

187
T1081

Discovery

Query Registry

128
T1012

System Information Discovery

64
T1082

Collection

Data from Local System

187
T1005

Tasks

static1

Score
N/A

behavioral1

Score
10/10

behavioral2

persistence
Score
10/10

behavioral3

Score
10/10

behavioral4

Score
10/10

behavioral5

Score
10/10

behavioral6

Score
10/10

behavioral7

Score
10/10

behavioral8

Score
10/10

behavioral9

Score
10/10

behavioral10

Score
10/10

behavioral11

Score
10/10

behavioral12

Score
10/10

behavioral13

Score
10/10

behavioral14

Score
10/10

behavioral15

Score
10/10

behavioral16

Score
10/10

behavioral17

Score
10/10

behavioral18

Score
10/10

behavioral19

Score
10/10

behavioral20

Score
10/10

behavioral21

Score
10/10

behavioral22

Score
10/10

behavioral23

Score
10/10

behavioral24

Score
10/10

behavioral25

Score
10/10

behavioral26

Score
10/10

behavioral27

Score
10/10

behavioral28

Score
10/10

behavioral29

Score
10/10

behavioral30

Score
10/10

behavioral31

Score
10/10

behavioral32

Score
10/10

behavioral33

Score
10/10

behavioral34

Score
8/10

behavioral35

Score
10/10

behavioral36

Score
10/10

behavioral37

Score
10/10

behavioral38

Score
10/10

behavioral39

Score
10/10

behavioral40

Score
10/10

behavioral41

Score
10/10

behavioral42

Score
10/10

behavioral43

Score
10/10

behavioral44

persistence
Score
10/10

behavioral45

Score
10/10

behavioral46

Score
10/10

behavioral47

Score
10/10

behavioral48

Score
10/10

behavioral49

Score
10/10

behavioral50

Score
10/10

behavioral51

Score
10/10

behavioral52

trojaninfostealerazorultspywareoskidiscovery
Score
10/10

behavioral53

Score
10/10

behavioral54

Score
10/10

behavioral55

Score
10/10

behavioral56

Score
10/10

behavioral57

ransomwareevasiontrojanpersistencemodiloaderstealerraccoondiscoveryspywareinfostealerazorultoskiratasyncrat
Score
10/10

behavioral58

ransomwaretrojaninfostealerazorultstealerraccoonoskispywareevasiondiscoverymodiloader
Score
10/10

behavioral59

ransomwarespywaretrojaninfostealerazorultoskidiscoverystealerraccoonmodiloader
Score
10/10

behavioral60

ransomwarespywarediscoverytrojaninfostealerazorultoskimodiloaderevasionstealerraccoon
Score
10/10

behavioral61

ransomwareinfostealeroskidiscoveryspywareevasiontrojanazorultmodiloaderstealerraccoonratasyncrat
Score
10/10

behavioral62

ransomwaretrojaninfostealerazorultmodiloaderspywarestealerraccoonoskidiscoveryevasion
Score
10/10

behavioral63

ransomwarediscoveryspywareevasiontrojaninfostealerazorultoskimodiloaderstealerraccoonratasyncrat
Score
10/10

behavioral64

ransomwarespywarestealerraccoontrojanmodiloaderinfostealerazorultoskipersistencediscoveryevasionratasyncrat
Score
10/10

behavioral65

ransomwarediscoverytrojaninfostealerazorultspywareoskievasionstealerraccoonmodiloader
Score
10/10

behavioral66

ransomwaretrojanmodiloaderinfostealeroskidiscoveryspywareevasionstealerraccoonazorult
Score
10/10

behavioral67

ransomwarespywareevasiontrojanstealerraccooninfostealerazorultratasyncratmodiloaderoskidiscovery
Score
10/10

behavioral68

ransomwarespywarestealerraccoontrojaninfostealerazorultoskievasionmodiloaderdiscovery
Score
10/10

behavioral69

ransomwarespywaretrojanmodiloaderdiscoverystealerraccoonevasioninfostealerazorultoski
Score
10/10

behavioral70

ransomwarediscoveryspywaretrojaninfostealerazorultevasionstealerraccoonmodiloaderoski
Score
10/10

behavioral71

ransomwarespywareevasiontrojandiscoveryinfostealerazorultoskistealerraccoonmodiloader
Score
10/10

behavioral72

ransomwarestealerraccoonspywareevasiontrojanmodiloaderinfostealerazorultoskidiscovery
Score
10/10

behavioral73

ransomwaretrojaninfostealerazorultdiscoveryoskispywaremodiloaderevasionstealerraccoon
Score
10/10

behavioral74

trojaninfostealerazorultoskispywarediscovery
Score
10/10

behavioral75

ransomwarespywarediscoverytrojaninfostealerazorultstealerraccoonmodiloaderoskievasion
Score
10/10

behavioral76

ransomwarestealerraccoontrojaninfostealerazorultspywarediscoverymodiloaderoski
Score
10/10

behavioral77

trojaninfostealerazorult
Score
10/10

behavioral78

trojaninfostealerazorult
Score
10/10

behavioral79

Score
10/10

behavioral80

Score
10/10

behavioral81

Score
10/10

behavioral82

Score
8/10

behavioral83

Score
8/10

behavioral84

Score
8/10

behavioral85

Score
8/10

behavioral86

Score
8/10

behavioral87

Score
10/10

behavioral88

Score
1/10

behavioral89

Score
1/10

behavioral90

Score
8/10

behavioral91

Score
1/10

behavioral92

Score
1/10

behavioral93

Score
1/10

behavioral94

Score
1/10

behavioral95

Score
1/10

behavioral96

Score
1/10

behavioral97

Score
10/10

behavioral98

Score
8/10

behavioral99

Score
8/10

behavioral100

Score
1/10

behavioral101

Score
8/10

behavioral102

Score
10/10

behavioral103

Score
1/10

behavioral104

Score
1/10

behavioral105

Score
1/10

behavioral106

Score
1/10

behavioral107

Score
8/10

behavioral108

Score
9/10

behavioral109

Score
10/10

behavioral110

Score
1/10

behavioral111

Score
1/10

behavioral112

Score
8/10

behavioral113

Score
10/10

behavioral114

Score
8/10

behavioral115

trojaninfostealerazorult
Score
10/10

behavioral116

ransomwaretrojaninfostealerazorultoskispywarestealerraccoonmodiloaderdiscovery
Score
10/10

behavioral117

Score
10/10

behavioral118

Score
8/10

behavioral119

Score
1/10

behavioral120

ransomwarespywaretrojaninfostealerazorultevasionoskidiscoverystealerraccoonmodiloader
Score
10/10

behavioral121

Score
8/10

behavioral122

Score
10/10

behavioral123

Score
10/10

behavioral124

ransomwarespywareevasiontrojanmodiloaderinfostealerazorultdiscoveryoskistealerraccoon
Score
10/10

behavioral125

ransomwaretrojaninfostealerazorultspywareevasionpersistencemodiloaderoskidiscoverystealerraccoonratasyncrat
Score
10/10

behavioral126

ransomwareinfostealeroskispywareevasiontrojanmodiloaderazorultdiscoverystealerraccoon
Score
10/10

behavioral127

Score
10/10

behavioral128

spywarediscoverytrojaninfostealerazorultoski
Score
10/10

behavioral129

ransomwareevasiontrojanstealerraccooninfostealerazorultspywarediscoverymodiloaderoski
Score
10/10

behavioral130

ransomwaretrojanmodiloaderinfostealerazorultoskispywarediscoverystealerraccoon
Score
10/10

behavioral131

Score
10/10

behavioral132

Score
8/10

behavioral133

ransomwarespywareevasiontrojanstealerraccoonmodiloaderinfostealerazorultoskidiscovery
Score
10/10

behavioral134

ransomwarediscoveryspywaretrojaninfostealerazorultoskistealerraccoonmodiloader
Score
10/10

behavioral135

ransomwareevasiontrojanstealerraccoonspywarepersistenceinfostealeroskidiscoveryratasyncratmodiloaderazorult
Score
10/10

behavioral136

spywaretrojaninfostealerazorultoskidiscovery
Score
10/10

behavioral137

Score
10/10

behavioral138

Score
10/10

behavioral139

ransomwareevasiontrojanratasyncratstealerraccooninfostealeroskispywarediscoverymodiloaderazorult
Score
10/10

behavioral140

ransomwaretrojaninfostealerazorultdiscoveryspywarestealerraccoonoskimodiloader
Score
10/10

behavioral141

Score
10/10

behavioral142

ransomwarespywarediscoverytrojanmodiloaderinfostealerazorultoskievasionstealerraccoon
Score
10/10

behavioral143

Score
8/10

behavioral144

Score
8/10

behavioral145

trojaninfostealerazorult
Score
10/10

behavioral146

Score
1/10

behavioral147

Score
1/10

behavioral148

Score
10/10

behavioral149

Score
10/10

behavioral150

Score
1/10

behavioral151

Score
1/10

behavioral152

Score
10/10

behavioral153

Score
8/10

behavioral154

Score
10/10

behavioral155

Score
8/10

behavioral156

Score
1/10

behavioral157

Score
1/10

behavioral158

Score
8/10

behavioral159

Score
1/10

behavioral160

Score
1/10

behavioral161

Score
8/10

behavioral162

Score
1/10

behavioral163

Score
1/10

behavioral164

Score
10/10

behavioral165

Score
8/10

behavioral166

Score
10/10

behavioral167

Score
10/10

behavioral168

Score
8/10

behavioral169

Score
10/10

behavioral170

Score
8/10

behavioral171

Score
10/10

behavioral172

Score
10/10

behavioral173

Score
10/10

behavioral174

Score
10/10

behavioral175

Score
8/10

behavioral176

Score
8/10

behavioral177

Score
10/10

behavioral178

spywareinfostealeroskidiscoverytrojanazorult
Score
10/10

behavioral179

ransomwarediscoveryevasiontrojanmodiloaderinfostealeroskispywarepersistencestealerraccoonazorult
Score
10/10

behavioral180

Score
10/10

behavioral181

ransomwareratasyncratinfostealeroskievasiontrojanspywarediscoverystealerraccoonmodiloaderazorult
Score
10/10

behavioral182

ransomwarespywareevasiontrojanmodiloaderdiscoveryinfostealerazorultoskistealerraccoon
Score
10/10

behavioral183

Score
10/10

behavioral184

ransomwarespywareevasiontrojandiscoverymodiloaderinfostealerazorultstealerraccoonoski
Score
10/10

behavioral185

Score
10/10

behavioral186

ransomwarespywarestealerraccoontrojaninfostealerazorultoskimodiloaderdiscoveryevasion
Score
10/10

behavioral187

ransomwareevasiontrojanspywarediscoverypersistencestealerraccooninfostealerazorultratasyncratmodiloaderoski
Score
10/10

behavioral188

ransomwareinfostealeroskispywarediscoverytrojanmodiloaderazorultevasionstealerraccoon
Score
10/10

behavioral189

ransomwaretrojaninfostealerazorultoskistealerraccoonspywareevasiondiscoverymodiloader
Score
10/10

behavioral190

Score
10/10

behavioral191

ransomwarespywarestealerraccoonratasyncratinfostealeroskievasiontrojanazorultdiscoverymodiloader
Score
10/10

behavioral192

ransomwarespywareevasiontrojaninfostealerazorultoskimodiloaderdiscoverystealerraccoon
Score
10/10

behavioral193

ransomwareinfostealeroskispywareevasiontrojanstealerraccoonazorultdiscoverymodiloader
Score
10/10

behavioral194

ransomwaretrojanmodiloaderinfostealerazorultspywarediscoveryevasionoskistealerraccoon
Score
10/10

behavioral195

ransomwareinfostealeroskistealerraccoondiscoveryspywareevasiontrojanmodiloaderazorult
Score
10/10

behavioral196

Score
10/10

behavioral197

ransomwareinfostealeroskispywareevasiontrojanazorultdiscoverymodiloaderstealerraccoon
Score
10/10

behavioral198

Score
10/10

behavioral199

ransomwaretrojaninfostealerazorultmodiloaderoskievasionstealerraccoonspywarediscovery
Score
10/10

behavioral200

Score
10/10

behavioral201

Score
10/10

behavioral202

Score
10/10

behavioral203

Score
10/10

behavioral204

Score
10/10

behavioral205

Score
10/10

behavioral206

Score
10/10

behavioral207

Score
10/10

behavioral208

Score
10/10

behavioral209

Score
10/10

behavioral210

Score
10/10

behavioral211

Score
10/10

behavioral212

Score
10/10

behavioral213

Score
10/10

behavioral214

Score
10/10

behavioral215

Score
10/10

behavioral216

Score
10/10

behavioral217

Score
10/10

behavioral218

Score
10/10

behavioral219

Score
8/10

behavioral220

Score
8/10

behavioral221

Score
1/10

behavioral222

Score
1/10

behavioral223

Score
8/10

behavioral224

Score
8/10

behavioral225

Score
10/10

behavioral226

Score
10/10

behavioral227

ransomwareratasyncrattrojaninfostealerazorultoskidiscoveryspywareevasionstealerraccoonmodiloader
Score
10/10

behavioral228

ransomwarespywareevasiontrojanstealerraccooninfostealerazorultdiscoverymodiloaderoski
Score
10/10

behavioral229

Score
10/10

behavioral230

ransomwaretrojaninfostealerazorultoskispywarestealerraccoonmodiloaderevasiondiscovery
Score
10/10

behavioral231

ransomwarespywareinfostealeroskievasiontrojanazorultstealerraccoondiscoveryratasyncratmodiloader
Score
10/10

behavioral232

Score
8/10

behavioral233

Score
10/10

behavioral234

Score
10/10

behavioral235

Score
10/10

behavioral236

Score
10/10

behavioral237

Score
10/10

behavioral238

Score
10/10

behavioral239

Score
10/10

behavioral240

spywarediscoverytrojaninfostealerazorultoski
Score
10/10

behavioral241

ransomwaretrojaninfostealerazorultratasyncratstealerraccoonmodiloaderspywareevasionoskidiscovery
Score
10/10

behavioral242

Score
10/10

behavioral243

ransomwarespywaretrojanmodiloaderpersistenceinfostealerazorultevasionoskidiscoveryratasyncratstealerraccoon
Score
10/10

behavioral244

trojaninfostealerazorultdiscoveryoskispyware
Score
10/10

behavioral245

Score
10/10

behavioral246

Score
10/10

behavioral247

ransomwarespywareinfostealeroskistealerraccoontrojanmodiloaderratasyncratazorultevasiondiscovery
Score
10/10

behavioral248

ransomwarespywaretrojaninfostealerazorultdiscoveryevasionmodiloaderoskistealerraccoon
Score
10/10

behavioral249

ransomwarediscoveryspywareevasiontrojanratasyncratinfostealeroskistealerraccoonmodiloaderazorult
Score
10/10

behavioral250

ransomwarestealerraccoontrojanmodiloaderspywareevasioninfostealerazorultoskidiscovery
Score
10/10

behavioral251

Score
10/10

behavioral252

Score
8/10

behavioral253

Score
10/10

behavioral254

Score
8/10

behavioral255

ransomwarespywarestealerraccoontrojanmodiloaderinfostealeroskidiscoveryevasionazorult
Score
10/10

behavioral256

Score
10/10

behavioral257

Score
10/10

behavioral258

Score
10/10

behavioral259

trojaninfostealerazorultspyware
Score
10/10

behavioral260

Score
8/10

behavioral261

trojaninfostealerazorult
Score
10/10

behavioral262

Score
10/10

behavioral263

Score
10/10

behavioral264

Score
10/10

behavioral265

Score
10/10

behavioral266

Score
10/10

behavioral267

Score
10/10

behavioral268

Score
10/10

behavioral269

Score
10/10

behavioral270

Score
8/10

behavioral271

Score
8/10

behavioral272

Score
10/10

behavioral273

Score
10/10

behavioral274

Score
1/10

behavioral275

Score
8/10

behavioral276

Score
10/10

behavioral277

Score
10/10

behavioral278

Score
8/10

behavioral279

Score
8/10

behavioral280

Score
1/10

behavioral281

ransomwarespywarediscoverystealerraccoontrojaninfostealerazorultoski
Score
10/10

behavioral282

Score
8/10

behavioral283

ransomwareinfostealeroskispywareevasiontrojanstealerraccoonmodiloaderazorultdiscoveryratasyncrat
Score
10/10

behavioral284

Score
10/10

behavioral285

ransomwareinfostealeroskievasiontrojanmodiloaderazorultspywarediscoverystealerraccoon
Score
10/10

behavioral286

Score
10/10

behavioral287

ransomwareinfostealeroskistealerraccoonspywareevasiontrojanazorultdiscoverymodiloader
Score
10/10

behavioral288

ransomwarestealerraccoontrojanmodiloaderpersistencediscoveryspywareevasioninfostealerazorultoski
Score
10/10

behavioral289

ransomwarestealerraccoondiscoveryinfostealeroskitrojanazorultspywaremodiloader
Score
10/10

behavioral290

persistence
Score
8/10

behavioral291

ransomwareevasiontrojanmodiloaderspywareinfostealerazorultoskidiscoverystealerraccoon
Score
10/10

behavioral292

ransomwarespywarediscoverytrojanmodiloaderevasioninfostealerazorultoskistealerraccoon
Score
10/10

behavioral293

ransomwarespywarestealerraccoondiscoverytrojaninfostealerazorultmodiloaderoski
Score
10/10

behavioral294

ransomwareevasiontrojaninfostealerazorultspywarestealerraccoonoskimodiloaderdiscovery
Score
10/10

behavioral295

ransomwaretrojaninfostealerazorultspywarediscoveryevasionmodiloaderratasyncratstealerraccoonoski
Score
10/10

behavioral296

ransomwarediscoverytrojaninfostealerazorultoskispywarestealerraccoon
Score
10/10

behavioral297

ransomwaretrojaninfostealerazorultoskievasionstealerraccoonpersistencespywareratasyncratdiscoverymodiloader
Score
10/10

behavioral298

ransomwareevasiontrojanratasyncratspywarestealerraccooninfostealerazorultpersistenceoskidiscoverymodiloader
Score
10/10

behavioral299

ransomwaretrojaninfostealerazorultstealerraccoonspywarediscoveryevasionmodiloaderoski
Score
10/10

behavioral300

trojaninfostealerazorultspywareoskidiscovery
Score
10/10

behavioral301

ransomwaretrojaninfostealerazorultspywarediscoveryoskistealerraccoon
Score
10/10

behavioral302

Score
1/10

behavioral303

ransomwaretrojanmodiloaderspywareevasionstealerraccooninfostealerazorultdiscoveryoski
Score
10/10

behavioral304

ransomwaretrojanmodiloaderinfostealerazorultspywarediscoveryevasionoskistealerraccoon
Score
10/10

behavioral305

ransomwarespywareinfostealeroskidiscoverytrojanazorultevasionratasyncratmodiloaderstealerraccoon
Score
10/10

behavioral306

ransomwaretrojanmodiloaderinfostealeroskievasionazorultdiscoveryspywarestealerraccoon
Score
10/10

behavioral307

ransomwaretrojaninfostealerazorultspywareratasyncratmodiloaderstealerraccoonoskidiscoveryevasion
Score
10/10

behavioral308

ransomwareevasiontrojanspywareinfostealerazorultmodiloaderoskidiscoverystealerraccoon
Score
10/10

behavioral309

ransomwarespywarestealerraccoontrojaninfostealerazorultdiscoveryevasionmodiloaderoski
Score
10/10

behavioral310

ransomwareevasiontrojaninfostealeroskispywarediscoveryazorultstealerraccoonmodiloader
Score
10/10

behavioral311

ransomwarespywareevasiontrojanstealerraccoonmodiloaderinfostealerazorultoskidiscovery
Score
10/10

behavioral312

ransomwaretrojaninfostealerazorultmodiloaderevasionspywarediscoverystealerraccoonoski
Score
10/10

behavioral313

ransomwaretrojanmodiloaderspywarediscoverystealerraccooninfostealeroskiazorult
Score
10/10

behavioral314

ransomwaretrojanmodiloaderinfostealerazorultspywareevasionstealerraccoonoskidiscovery
Score
10/10

behavioral315

ransomwarespywareevasiontrojanstealerraccooninfostealerazorultoskimodiloaderdiscovery
Score
10/10

behavioral316

ransomwarespywarediscoveryevasiontrojanstealerraccooninfostealerazorultoskimodiloader
Score
10/10

behavioral317

Score
10/10

behavioral318

trojaninfostealerazorultoskispywarediscovery
Score
10/10

behavioral319

Score
10/10

behavioral320

trojaninfostealerazorultoski
Score
10/10

behavioral321

Score
10/10

behavioral322

Score
10/10

behavioral323

Score
10/10

behavioral324

discoverytrojaninfostealerazorultoskispyware
Score
10/10

behavioral325

Score
10/10

behavioral326

Score
10/10

behavioral327

Score
10/10

behavioral328

Score
10/10

behavioral329

Score
10/10

behavioral330

Score
10/10

behavioral331

Score
10/10

behavioral332

Score
10/10

behavioral333

Score
10/10

behavioral334

Score
10/10

behavioral335

Score
8/10

behavioral336

Score
8/10

behavioral337

Score
1/10

behavioral338

Score
10/10

behavioral339

Score
10/10

behavioral340

Score
8/10

behavioral341

Score
1/10

behavioral342

Score
10/10

behavioral343

ransomwareinfostealeroskitrojanmodiloaderspywareevasionazorultdiscoveryratasyncratstealerraccoonpersistence
Score
10/10

behavioral344

ransomwareinfostealeroskispywareevasiontrojandiscoverymodiloaderazorultstealerraccoon
Score
10/10

behavioral345

ransomwareinfostealeroskidiscoveryevasiontrojanstealerraccoonazorultspywaremodiloader
Score
10/10

behavioral346

ransomwareinfostealeroskidiscoveryspywarestealerraccoontrojanmodiloaderazorultevasion
Score
10/10