Overview

overview

10

Static

static

10

400c498959...82.dll

windows7-x64

1

400c498959...82.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7926616132.zip

  • Size

    4.5MB

  • MD5

    1f67588053e52329eb1b41dd48c486d9

  • SHA1

    04af50b42422b2ec9197bc78f7f148c6a2591d51

  • SHA256

    68333c2a3fc1011b4f3d13fd6bbf4c96dd2cedb83e488f17d3b9f6d342674f33

  • SHA512

    4bfc924e9f18814e672d05acce5ece7e22361d9bfbf9ee325de364347b9de1c4e24432e684d646c98cc43cc0a434569aa94ae272a0a5d71aa7ef3087eefcae25

  • SSDEEP

    98304:r3cTsVcuk9c3vNsYhyAJMRi8+K1TFQ0NcrD8mNS1Ayn6jZGd:r3cTsSR9c/NsoafNWP8awAGwe

Score
10/10
minerbackdoorgandcrabxmrigmountlockersunburst

Malware Config

Signatures

  • Detected Mount Locker ransomware 1 IoCs
  • Detected SUNBURST backdoor 1 IoCs

    SUNBURST is a backdoor for the SolarWinds Orion platform with extensive capabilities.

    backdoor
  • GandCrab payload 1 IoCs
  • Gandcrab family
    gandcrab
  • Mountlocker family
    mountlocker
  • Sunburst family
    sunburst
  • XMRig Miner payload 1 IoCs
    miner
  • Xmrig family
    xmrig

Files

  • 7926616132.zip
    .zip

    Password: infected

  • 400c498959fce30434b980ce660ba2ca6711a91b991d61426f7dcf524bd73582
    .dll windows x86


    Headers

    Sections