Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9626e81e0fe04bfaba1657d1594f5fae86d921956813a72d66faf4d6bdc08c55

  • Size

    18.5MB

  • MD5

    5f194907e35bb5ed727933f178a7ba4e

  • SHA1

    f636326e8a1dbd187ce080a551ff02ec7e877f70

  • SHA256

    9626e81e0fe04bfaba1657d1594f5fae86d921956813a72d66faf4d6bdc08c55

  • SHA512

    eae51b473ad42f8333c3720ec8eee28068d17eac90d12c951780a76c92b008b84dfcd9967bb525a85d64838e2426e12e2acf31e8d74b7615086a6ff560411114

  • SSDEEP

    196608:1lbGrJCRYsMmtOLkhG5QmLs9aQB8RnvgLe1hf2QeXH+4CxwlSBev8EINgdnLAayN:BTo

Score
10/10
ratminermodiloadernetfilternetwiresnakekeyloggerzeppelincobaltstrikehellokittyindustroyermassloggermerlinmountlockerxmriggcleanerremcos

Malware Config

Signatures

  • Cobalt Strike reflective loader 1 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike family
    cobaltstrike
  • Detected Mount Locker ransomware 1 IoCs
  • Detects Zeppelin payload 1 IoCs
  • Gcleaner family
    gcleaner
  • HelloKitty ELF 1 IoCs
  • Hellokitty family
    hellokitty
  • Industroyer IEC-104 Module 1 IoCs

    Contains strings related to Industroyer module used to communicate with power transmission grids over IEC-104 protocol.

  • Industroyer family
    industroyer
  • MassLogger log file 1 IoCs

    Detects a log file produced by MassLogger.

  • Masslogger family
    masslogger
  • Merlin family
    merlin
  • Merlin payload 1 IoCs
  • ModiLoader Second Stage 1 IoCs
  • Modiloader family
    modiloader
  • Mountlocker family
    mountlocker
  • NetFilter payload 1 IoCs
  • NetWire RAT payload 1 IoCs
    rat
  • Netfilter family
    netfilter
  • Netwire family
    netwire
  • Remcos family
    remcos
  • Snake Keylogger payload 1 IoCs
  • Snakekeylogger family
    snakekeylogger
  • XMRig Miner payload 1 IoCs
    miner
  • Xmrig family
    xmrig
  • Zeppelin family
    zeppelin

Files

  • 9626e81e0fe04bfaba1657d1594f5fae86d921956813a72d66faf4d6bdc08c55