Static task
static1
ratmineragenttesladarktrackmodiloadernetwirequasarshurksnakekeyloggerstormkittyzeppelincobaltstrikexmrigdarkcometgcleanerremcos
27 signatures
General
-
Target
247c373d0699414d8393e4f78f413d82f063810c63c3ccfd63c4e201af32620b
-
Size
1.8MB
-
MD5
a953eec2e51c5ce261319462f72aa4f8
-
SHA1
e5753629ca581cc058366b2cc5c9979d61a7c7e5
-
SHA256
247c373d0699414d8393e4f78f413d82f063810c63c3ccfd63c4e201af32620b
-
SHA512
db8f4c3e7588a2962badac5e76c218c05edf396eaebde2f09fb512f9c40498e1ea6a1da771675e7ade42aef915a2f763c510944b1cb1e7eac27093bb3d44ef8d
-
SSDEEP
12288:xg3Go9JeD3D4kSCWfee0XGn6GZKJvIj16oE93CMqL00Ls2A7bmM5yR9rPaDLkuAU:Rh19yhRUzAMC3aEWumV9sMT
Malware Config
Signatures
-
AgentTesla payload 1 IoCs
resource yara_rule sample family_agenttesla -
Agenttesla family
-
Cobalt Strike reflective loader 1 IoCs
Detects the reflective loader used by Cobalt Strike.
resource yara_rule sample cobalt_reflective_dll -
Cobaltstrike family
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
resource yara_rule sample disable_win_def -
DarkTrack payload 1 IoCs
resource yara_rule sample family_darktrack -
Darkcomet family
-
Darktrack family
-
Detects Zeppelin payload 1 IoCs
resource yara_rule sample family_zeppelin -
Gcleaner family
-
ModiLoader Second Stage 1 IoCs
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
NetWire RAT payload 1 IoCs
resource yara_rule sample netwire -
Netwire family
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Remcos family
-
Shurk Stealer payload 1 IoCs
resource yara_rule sample shurk_stealer -
Shurk family
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
StormKitty payload 1 IoCs
resource yara_rule sample family_stormkitty -
Stormkitty family
-
XMRig Miner payload 1 IoCs
resource yara_rule sample family_xmrig -
Xmrig family
-
Zeppelin family
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule sample autoit_exe
Files
-
247c373d0699414d8393e4f78f413d82f063810c63c3ccfd63c4e201af32620b