Overview

overview

10

Static

static

10

foo.msi

windows7_x64

6

foo.msi

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    foo.msi

  • Size

    64.2MB

  • MD5

    2d070b14498b782e1fb3500ef50b0c2a

  • SHA1

    475f50ea2192809daebb5ce61aaadc2a4708af24

  • SHA256

    b5e4e29d5457654f954e4267723b05d447f311c6cf96723fdca761a8e94948ec

  • SHA512

    0e5e7611f953500603baf4cd25788e75d36525c01e45e6b886a6a3896c78e1efc30579772215b78107a47e32950a7a58a8016882608037d00097a5088e7d510c

Score
10/10
ratmacronetwirecobaltstrikeindustroyer

Malware Config

Signatures

  • Cobalt Strike reflective loader 1 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike family
    cobaltstrike
  • Industroyer IEC-104 Module 1 IoCs

    Contains strings related to Industroyer module used to communicate with power transmission grids over IEC-104 protocol.

  • Industroyer family
    industroyer
  • NetWire RAT payload 1 IoCs
    rat
  • Netwire family
    netwire
  • Detect jar appended to MSI 1 IoCs
  • Document created with cracked Office version 1 IoCs

    Office document contains Grizli777 string known to be caused by using a cracked version of the software.

    macro

Files

  • foo.msi
    .msi .ps1