Malware Analysis Report

2024-11-30 11:08

Sample ID 241118-q4ed4ayarj
Target eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10
SHA256 eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10
Tags
rat miner modiloader netfilter netwire snakekeylogger zeppelin cobaltstrike hellokitty masslogger merlin mountlocker xmrig gcleaner remcos
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10

Threat Level: Known bad

The file eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10 was found to be: Known bad.

Malicious Activity Summary

rat miner modiloader netfilter netwire snakekeylogger zeppelin cobaltstrike hellokitty masslogger merlin mountlocker xmrig gcleaner remcos

Remcos family

Cobalt Strike reflective loader

Masslogger family

Merlin family

Modiloader family

NetWire RAT payload

NetFilter payload

Netfilter family

Netwire family

Cobaltstrike family

Detects Zeppelin payload

HelloKitty ELF

MassLogger log file

ModiLoader Second Stage

Snakekeylogger family

XMRig Miner payload

Zeppelin family

Snake Keylogger payload

Xmrig family

Detected Mount Locker ransomware

Gcleaner family

Hellokitty family

Merlin payload

Mountlocker family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-18 13:48

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike family

cobaltstrike

Detected Mount Locker ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Detects Zeppelin payload

Description Indicator Process Target
N/A N/A N/A N/A

Gcleaner family

gcleaner

HelloKitty ELF

Description Indicator Process Target
N/A N/A N/A N/A

Hellokitty family

hellokitty

MassLogger log file

Description Indicator Process Target
N/A N/A N/A N/A

Masslogger family

masslogger

Merlin family

merlin

Merlin payload

Description Indicator Process Target
N/A N/A N/A N/A

ModiLoader Second Stage

Description Indicator Process Target
N/A N/A N/A N/A

Modiloader family

modiloader

Mountlocker family

mountlocker

NetFilter payload

Description Indicator Process Target
N/A N/A N/A N/A

NetWire RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Netfilter family

netfilter

Netwire family

netwire

Remcos family

remcos

Snake Keylogger payload

Description Indicator Process Target
N/A N/A N/A N/A

Snakekeylogger family

snakekeylogger

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Zeppelin family

zeppelin

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-18 13:48

Reported

2024-11-18 15:14

Platform

win11-20241007-it

Max time kernel

441s

Max time network

1168s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A