Djvu Ransomware

Ransomware which is a variant of the STOP family.

Glupteba

Glupteba is a modular loader written in Golang with various components.

Glupteba Payload

MetaSploit

Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

Modifies Windows Defender Real-time Protection settings

Process spawned unexpected child process

This typically indicates the parent process was compromised via an exploit or macro.

Raccoon

Simple but powerful infostealer which was very active in 2019.

RedLine

RedLine Stealer is a malware family written in C#, first appearing in early 2020.

RedLine Payload

SmokeLoader

Modular backdoor trojan in use since 2014.

Socelars

Socelars is an infostealer targeting browser cookies and credit card credentials.

Socelars Payload

Suspicious use of NtCreateProcessExOtherParentProcess

Suspicious use of NtCreateUserProcessOtherParentProcess

Tofsee

Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

Vidar

Vidar is an infostealer based on Arkei stealer.

Checks for common network interception software

Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Vidar Stealer

ASPack v2.12-2.42

Detects executables packed with ASPack v2.12-2.42

Blocklisted process makes network request

Creates new service(s)

Downloads MZ/PE file

Drops file in Drivers directory

Executes dropped EXE

Modifies Windows Firewall

Modifies extensions of user files

Ransomware generally changes the extension on encrypted files.

VMProtect packed file

Detects executables packed with VMProtect commercial packer.