Glupteba

Glupteba is a modular loader written in Golang with various components.

Glupteba Payload

MetaSploit

Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

Modifies Windows Defender Real-time Protection settings

Process spawned unexpected child process

This typically indicates the parent process was compromised via an exploit or macro.

Raccoon

Simple but powerful infostealer which was very active in 2019.

RedLine

RedLine Stealer is a malware family written in C#, first appearing in early 2020.

RedLine Payload

SmokeLoader

Modular backdoor trojan in use since 2014.

Vidar

Vidar is an infostealer based on Arkei stealer.

suricata: ET MALWARE Generic Password Stealer User Agent Detected (RookIE)

suricata: ET MALWARE Generic Password Stealer User Agent Detected (RookIE)

suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)

suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)

suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request

suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request

suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Vidar Stealer

Downloads MZ/PE file

Executes dropped EXE

VMProtect packed file

Detects executables packed with VMProtect commercial packer.