Analysis Overview
SHA256
eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10
Threat Level: Known bad
The file eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10 was found to be: Known bad.
Malicious Activity Summary
Remcos family
Cobalt Strike reflective loader
Masslogger family
Merlin family
Modiloader family
NetWire RAT payload
NetFilter payload
Netfilter family
Netwire family
Cobaltstrike family
Detects Zeppelin payload
HelloKitty ELF
MassLogger log file
ModiLoader Second Stage
Snakekeylogger family
XMRig Miner payload
Zeppelin family
Snake Keylogger payload
Xmrig family
Detected Mount Locker ransomware
Gcleaner family
Hellokitty family
Merlin payload
Mountlocker family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-18 13:48
Signatures
Cobalt Strike reflective loader
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Cobaltstrike family
Detected Mount Locker ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects Zeppelin payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Gcleaner family
HelloKitty ELF
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hellokitty family
MassLogger log file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Masslogger family
Merlin family
Merlin payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modiloader family
Mountlocker family
NetFilter payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NetWire RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Netfilter family
Netwire family
Remcos family
Snake Keylogger payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Snakekeylogger family
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xmrig family
Zeppelin family
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-18 13:48
Reported
2024-11-18 15:14
Platform
win11-20241007-it
Max time kernel
441s
Max time network
1168s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |