Static task
static1
ratminermodiloadernetfilternetwiresnakekeyloggerzeppelincobaltstrikehellokittymassloggermerlinmountlockerxmriggcleanerremcos
24 signatures
Behavioral task
behavioral1
Sample
eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10
Resource
win11-20241007-it
windows11-21h2-x64
0 signatures
1800 seconds
General
-
Target
eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10
-
Size
18.5MB
-
MD5
bd4dfea472d4fa0e9550f739bd8d04d3
-
SHA1
c462a46f0ab1243ae616ccb03839e7f90b993315
-
SHA256
eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10
-
SHA512
940cd64aaf9c476fed8d2031db2edc8f626be244ab4f78f392d0e608f93796fdc2d87b0ddd20ec2db0ec29c008f536192da65d2bb31442f34c73142fc3b26e20
-
SSDEEP
196608:6dZItlOME4gqh+r4R6N8Gb0VKgt0JjLIP6BxP6LOfXAkZ:IJ
Malware Config
Signatures
-
Cobalt Strike reflective loader 1 IoCs
Detects the reflective loader used by Cobalt Strike.
resource yara_rule sample cobalt_reflective_dll -
Cobaltstrike family
-
Detected Mount Locker ransomware 1 IoCs
resource yara_rule sample RANSOM_mountlocker -
Detects Zeppelin payload 1 IoCs
resource yara_rule sample family_zeppelin -
Gcleaner family
-
HelloKitty ELF 1 IoCs
resource yara_rule sample family_hellokitty_elf -
Hellokitty family
-
MassLogger log file 1 IoCs
Detects a log file produced by MassLogger.
resource yara_rule sample masslogger_log_file -
Masslogger family
-
Merlin family
-
Merlin payload 1 IoCs
resource yara_rule sample family_merlin -
ModiLoader Second Stage 1 IoCs
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
Mountlocker family
-
NetFilter payload 1 IoCs
resource yara_rule sample netfilter_payload -
NetWire RAT payload 1 IoCs
resource yara_rule sample netwire -
Netfilter family
-
Netwire family
-
Remcos family
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
XMRig Miner payload 1 IoCs
resource yara_rule sample family_xmrig -
Xmrig family
-
Zeppelin family
Files
-
eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10