506c2f513d64242fcb20ccff8c26c0ed1755fe9120b984c29ba224b311d635c3.bin
506c2f513d64242fcb20ccff8c26c0ed1755fe9120b984c29ba224b311d635c3.bin
403KB
211021-v9bydabdhp
d1b2c8ddca2f8dd02e2c132153055084
21c011ac7406eef048c175f5887e4eb885c050d6
506c2f513d64242fcb20ccff8c26c0ed1755fe9120b984c29ba224b311d635c3
ab73df911df41235159341cc8fefed284a3f9720f241b51dfe2db2ac415b3438d5fbbeacfa980a61d402edc64afeda87447ccda49b7d279fba524036e9287594
Extracted
Family | redline |
C2 |
205.185.119.191:60857 |
Extracted
Family | redline |
Botnet | jjfuck |
C2 |
135.181.129.119:4805 |
Extracted
Family | smokeloader |
Version | 2020 |
C2 |
http://gejajoo7.top/ http://sysaheu9.top/ |
rc4.i32 |
|
rc4.i32 |
|
Extracted
Family | raccoon |
Botnet | 7c9b4504a63ed23664e38808e65948379b790395 |
Attributes |
url4cnc http://telegka.top/capibar http://telegin.top/capibar https://t.me/capibar |
rc4.plain |
|
rc4.plain |
|
Extracted
Family | vidar |
Version | 41.5 |
Botnet | 937 |
C2 |
https://mas.to/@xeroxxx |
Attributes |
profile_id 937 |
506c2f513d64242fcb20ccff8c26c0ed1755fe9120b984c29ba224b311d635c3.bin
d1b2c8ddca2f8dd02e2c132153055084
403KB
21c011ac7406eef048c175f5887e4eb885c050d6
506c2f513d64242fcb20ccff8c26c0ed1755fe9120b984c29ba224b311d635c3
ab73df911df41235159341cc8fefed284a3f9720f241b51dfe2db2ac415b3438d5fbbeacfa980a61d402edc64afeda87447ccda49b7d279fba524036e9287594
Tags
Signatures
-
Modifies Windows Defender Real-time Protection settings
-
Raccoon
Description
Simple but powerful infostealer which was very active in 2019.
Tags
-
RedLine
Description
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Tags
-
RedLine Payload
-
SmokeLoader
Description
Modular backdoor trojan in use since 2014.
Tags
-
Vidar
Description
Vidar is an infostealer based on Arkei stealer.
Tags
-
suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
Description
suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
Tags
-
suricata: ET MALWARE JS/Nemucod.M.gen downloading EXE payload
Description
suricata: ET MALWARE JS/Nemucod.M.gen downloading EXE payload
Tags
-
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
Description
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
Tags
-
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
Description
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
Tags
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Tags
TTPs
-
Vidar Stealer
Tags
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
Checks BIOS information in registry
Description
BIOS information is often read in order to detect sandboxing environments.
TTPs
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Themida packer
Description
Detects Themida, an advanced Windows software protection system.
Tags
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
Checks whether UAC is enabled
Tags
TTPs
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger