General
-
Target
2024-06-11_5fcd41f3615c59d6ebeb7a15eac265b6_andromeda_bisonal_cobalt-strike_enigma_gh0st_hacktools_hammertoss_jrat_laqma_lockbit_maccontrol_predator-pain_protux_redleaves_webshell-shell_xtreme_zxxz
-
Size
3.9MB
-
MD5
5fcd41f3615c59d6ebeb7a15eac265b6
-
SHA1
569a581a64562d4d8dc7c5bdb0f7d2602f8be939
-
SHA256
66031d9e394a14260d8bc1156612e06fcffe2740b31ec74770b46cc311037349
-
SHA512
ff918a98b5fcec9c6ea546ce4b8f892fd6f20ac3d822ce83858b95f204ba21e34336a4eb77829449e2c2e5f8cade24a3da6a08c82844f078fef95aa86df627bf
-
SSDEEP
24576:KZB8kRYu+++BoVigAPnG1bbnfxlFFtv7/AofeN1dEBzLA3+7QcaG62vHTzIOWJFx:ajY9YI6Ff/zfekZEYHPwFN7sy
Score
10/10
Malware Config
Signatures
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
-
Detects executables built or packed with PS2EXE 1 IoCs
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
-
Detects executables containing bas64 encoded gzip files 1 IoCs
-
Detects executables packed with Dotfuscator 1 IoCs
-
Detects executables packed with Themida 1 IoCs
-
Detects executables packed with VMProtect. 1 IoCs
-
Detects executables referencing combination of virtualization drivers 1 IoCs
-
Detects executables referencing many IR and analysis tools 1 IoCs
-
Detects executables referencing virtualization MAC addresses 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2024-06-11_5fcd41f3615c59d6ebeb7a15eac265b6_andromeda_bisonal_cobalt-strike_enigma_gh0st_hacktools_hammertoss_jrat_laqma_lockbit_maccontrol_predator-pain_protux_redleaves_webshell-shell_xtreme_zxxz
Headers
Sections