General
-
Target
20209b1782561498aae9640d8032d3663636c0f10a094dd1b69f413097d7c41b
-
Size
162KB
-
MD5
48f3578add712ad477de43a61079f6e2
-
SHA1
4b6a625d66abee564bc3fc0a4927ebceab88a0e7
-
SHA256
20209b1782561498aae9640d8032d3663636c0f10a094dd1b69f413097d7c41b
-
SHA512
e9d7e06a61e187538313c0935b05ce453afd77f9c04046112818c2044ae6a66c6bb5b2c3aaf88eadeedda2648b2162dce5171eea9e7e2b4fb0dc1b0fe1f5b149
-
SSDEEP
3072:qeIM6syPKcys1v6LCNrhwBafeQt0siX7mIBbVaibI+wARE+WpC5:V6syicyst6LCwAfeJlr1xvb1
Score
10/10
Malware Config
Signatures
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs
-
Detects executables (downlaoders) containing URLs to raw contents of a paste 1 IoCs
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
-
Detects executables referencing Discord tokens regular expressions 1 IoCs
-
Detects executables referencing Windows vault credential objects. Observed in infostealers 1 IoCs
-
Detects executables referencing credit card regular expressions 1 IoCs
-
Detects executables referencing many VPN software clients. Observed in infosteslers 1 IoCs
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
-
Detects executables using Telegram Chat Bot 1 IoCs
-
Detects executables with interest in wireless interface using netsh 1 IoCs
-
Detects file containing reversed ASEP Autorun registry keys 1 IoCs
-
StormKitty payload 1 IoCs
-
Stormkitty family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
20209b1782561498aae9640d8032d3663636c0f10a094dd1b69f413097d7c41b
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections