General
-
Target
Windows 7 x64-000008.vmdk
-
Size
387.1MB
-
MD5
3a620b8bf0012bb9903129b83ea86bd2
-
SHA1
e4ec9d6fcdcca77ff5dbb0c8e5983da73788a9a2
-
SHA256
e1d963b95b58056f2bc2ccddad4482df16c8a147f8a2bcbcc104d672fe104886
-
SHA512
21275ffad6c86c8bb68bac19ab7ed9e0b3653d479a9ebd775bf2efa04e9799ec8a8fc4a59cb0c63fd796dfe754ed2387fd152bb984aa30d5fccaa6b24b64c2ee
-
SSDEEP
3145728:tDFaInFN9a31Cs/rJdmcrfKJd8vxdOxzZIV5VUnXAY:LzsR/rJdvQd8vXMZIzynF
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
888rat family
-
Android 888 RAT payload 1 IoCs
-
Ardamax family
-
Ardamax main executable 1 IoCs
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detected SUNBURST backdoor 1 IoCs
SUNBURST is a backdoor for the SolarWinds Orion platform with extensive capabilities.
-
GoldBackdoor payload 1 IoCs
-
Goldbackdoor family
-
Guloader family
-
Guloader payload 1 IoCs
-
M00nD3v Logger payload 1 IoCs
Detects M00nD3v Logger payload in memory.
-
M00nd3v_logger family
-
Matiex Main payload 1 IoCs
-
Matiex family
-
Metasploit family
-
NetFilter Dropper 1 IoCs
-
Netfilter family
-
Snake Keylogger payload 1 IoCs
-
Snakekeylogger family
-
Sunburst family
-
XMRig Miner payload 1 IoCs
-
Xmrig family
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
-
Office document contains embedded OLE objects 1 IoCs
Detected embedded OLE objects in Office documents.
Files
-
Windows 7 x64-000008.vmdk