Overview

overview

10

Static

static

10

15809488978.zip

windows7-x64

1

15809488978.zip

windows10-2004-x64

1

b2bdf26fd0...32.vbs

windows7-x64

1

b2bdf26fd0...32.vbs

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15809488978.zip

  • Size

    36.9MB

  • MD5

    a6aa5293ee6039899beb4e336e00f5a0

  • SHA1

    097767653d76952b74850560aa255062c4dc9313

  • SHA256

    b1e259552c673105db392361c38015e916ebf429521967fe8ca1f0c353a430dd

  • SHA512

    1392a76de1ec949e10b0d8178a0502ad94cf424625aaf34a7fbac8347aa7a010c25aa1f3ba1c62388f827f1458245981c476b09dfbb826cbb5dc440ddb0b6c8c

  • SSDEEP

    786432:FSUAS+uiT3i0a9hk0F7u82qUas1nfUaRO/k2vdYwr0mlq7z1j03LGIqeGlNFr2b:sUJ0a96iunq3sjRwk2FYbmcjZJeGlyb

Score
10/10
minermatiexsnakekeyloggerstormkittyxmrigardamaxmetasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

  • Ardamax family
    ardamax
  • Ardamax main executable 1 IoCs
  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Matiex Main payload 1 IoCs
  • Matiex family
    matiex
  • Metasploit family
    metasploit
  • Snake Keylogger payload 1 IoCs
  • Snakekeylogger family
    snakekeylogger
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • XMRig Miner payload 1 IoCs
    miner
  • Xmrig family
    xmrig
  • Office document contains embedded OLE objects 1 IoCs

    Detected embedded OLE objects in Office documents.

Files

  • 15809488978.zip
    .zip

    Password: infected

  • b2bdf26fd0b7ebd3cfb16df43b738177d1e2d356e733ffbb59a05e5b5d857232
    .vbs