Overview

overview

10

Static

static

10

be240429f6...c0.dll

windows7-x64

1

be240429f6...c0.dll

windows10-2004-x64

1

Resubmissions

30-04-2024 21:32

240430-1dsh5sgb5w 10

26-12-2023 17:34

231226-v5wrzsabgn 10

13-12-2023 16:11

231213-tmycesfacp 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13478994921.zip

  • Size

    44.4MB

  • MD5

    44d3f87708aba8171f36a82a9093de63

  • SHA1

    e6649e277bd431283237a69358e2d8224f08901f

  • SHA256

    f3312ae135274af9cb757246376d2309f6feedf27476099d7b987b78bd61bca7

  • SHA512

    929e839104a46651958fd0c9c88a6de6545200c27cdc4ed61276e8b2ae561fb8d28d830916cae03c8285b1e09c4245fe94c36c70dbfdefd946a57ddc1f353bf1

  • SSDEEP

    786432:dqQIaM8wVO5gcEk9GzTTps9KLP0HIzyB1tsxkYYSM0HoqegVFKKaxTIC:dBIEfT9GTpMKL8HFBYYSMsSx

Score
10/10
agilenetguloaderloaderinfostealerratminerrezer0ransomwarepdflinkdropperbackdoor888ratguloadericedidloaderbotm00nd3v_loggermatiexnetwiresnakekeyloggerxmrigardamaxevilnumlegionlockermassloggerteardropgrowtopiametasploitnanocore

Malware Config

Extracted

Family

icedid

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

  • 888rat family
    888rat
  • Android 888 RAT payload 1 IoCs
  • Ardamax family
    ardamax
  • Ardamax main executable 1 IoCs
  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detected LegionLocker ransomware 1 IoCs

    Sample contains strings associated with the LegionLocker family.

    ransomware
  • Detected TEARDROP fileless dropper 1 IoCs

    TEARDROP is a memory-only dropper which can read files/registry keys, decode an embedded payload, and load it directly into memory.

    dropperbackdoor
  • EvilNum C# Component 1 IoCs
  • Evilnum family
    evilnum
  • Growtopia family
    growtopia
  • Guloader family
    guloader
  • Guloader payload 1 IoCs
    guloader
  • IcedID First Stage Loader 1 IoCs
    loader
  • Icedid family
    icedid
  • Legionlocker family
    legionlocker
  • LoaderBot executable 1 IoCs
  • Loaderbot family
    loaderbot
  • M00nD3v Logger payload 1 IoCs

    Detects M00nD3v Logger payload in memory.

    infostealer
  • M00nd3v_logger family
    m00nd3v_logger
  • MassLogger log file 1 IoCs

    Detects a log file produced by MassLogger.

  • Masslogger family
    masslogger
  • Matiex Main payload 1 IoCs
  • Matiex family
    matiex
  • Metasploit family
    metasploit
  • Nanocore family
    nanocore
  • NetWire RAT payload 1 IoCs
    rat
  • Netwire family
    netwire
  • Snake Keylogger payload 1 IoCs
  • Snakekeylogger family
    snakekeylogger
  • Teardrop family
    teardrop
  • XMRig Miner payload 1 IoCs
    miner
  • Xmrig family
    xmrig
  • ReZer0 packer 1 IoCs

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

  • Office document contains embedded OLE objects 1 IoCs

    Detected embedded OLE objects in Office documents.

Files

  • 13478994921.zip
    .zip

    Password: infected

  • be240429f6a9f67df22429d9fac5c22c887a65dae26f0af0b705ada8b61060c0
    .dll windows:5 windows x64 arch:x64


    Headers

    Sections