Modifies Windows Defender Real-time Protection settings

OnlyLogger

A tiny loader that uses IPLogger to get its payload.

Raccoon

Simple but powerful infostealer which was very active in 2019.

RedLine

RedLine Stealer is a malware family written in C#, first appearing in early 2020.

RedLine Payload

SmokeLoader

Modular backdoor trojan in use since 2014.

Suspicious use of NtCreateUserProcessOtherParentProcess

Tofsee

Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

Vidar

Vidar is an infostealer based on Arkei stealer.

suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

suricata: ET MALWARE GCleaner Downloader Activity M5

suricata: ET MALWARE GCleaner Downloader Activity M5

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

suricata: ET MALWARE Win32/Spy.Socelars.S CnC Activity M3

suricata: ET MALWARE Win32/Spy.Socelars.S CnC Activity M3

OnlyLogger Payload

Vidar Stealer

ASPack v2.12-2.42

Detects executables packed with ASPack v2.12-2.42

Creates new service(s)

Downloads MZ/PE file

Executes dropped EXE

Modifies Windows Firewall

UPX packed file

Detects executables packed with UPX/modified UPX open source packer.