Malware Analysis Report

2024-11-13 14:52

Sample ID 241109-b4st6avbme
Target eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10
SHA256 eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10
Tags
rat miner modiloader netfilter netwire snakekeylogger zeppelin cobaltstrike hellokitty masslogger merlin mountlocker xmrig gcleaner remcos
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis Overview

score
10/10

SHA256

eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10

Threat Level: Known bad

The file eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10 was found to be: Known bad.

Malicious Activity Summary

rat miner modiloader netfilter netwire snakekeylogger zeppelin cobaltstrike hellokitty masslogger merlin mountlocker xmrig gcleaner remcos

MassLogger log file

Merlin family

ModiLoader Second Stage

NetFilter payload

Netfilter family

Xmrig family

Hellokitty family

Gcleaner family

Modiloader family

Mountlocker family

Netwire family

Snakekeylogger family

Cobaltstrike family

Detects Zeppelin payload

XMRig Miner payload

Detected Mount Locker ransomware

HelloKitty ELF

Masslogger family

Merlin payload

NetWire RAT payload

Remcos family

Snake Keylogger payload

Zeppelin family

Cobalt Strike reflective loader

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-09 01:42

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike family

cobaltstrike

Detected Mount Locker ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Detects Zeppelin payload

Description Indicator Process Target
N/A N/A N/A N/A

Gcleaner family

gcleaner

HelloKitty ELF

Description Indicator Process Target
N/A N/A N/A N/A

Hellokitty family

hellokitty

MassLogger log file

Description Indicator Process Target
N/A N/A N/A N/A

Masslogger family

masslogger

Merlin family

merlin

Merlin payload

Description Indicator Process Target
N/A N/A N/A N/A

ModiLoader Second Stage

Description Indicator Process Target
N/A N/A N/A N/A

Modiloader family

modiloader

Mountlocker family

mountlocker

NetFilter payload

Description Indicator Process Target
N/A N/A N/A N/A

NetWire RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Netfilter family

netfilter

Netwire family

netwire

Remcos family

remcos

Snake Keylogger payload

Description Indicator Process Target
N/A N/A N/A N/A

Snakekeylogger family

snakekeylogger

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Zeppelin family

zeppelin