Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a9420b07e8c7424af13f736872d44d542a75116384172c72a127f7431735bbd

  • Size

    19.7MB

  • MD5

    3a09d08e433c981981a6d0699b0acd2e

  • SHA1

    c44c473533da8b8dbae314117de30daf4dabfd73

  • SHA256

    9a9420b07e8c7424af13f736872d44d542a75116384172c72a127f7431735bbd

  • SHA512

    54a56b653009bf682906dbd0be407ab3dc16d5f414474849c6e9afcaa34d457b9ebb3d855c895504a739a82f980da043d95b91947228c7c34219f8f613cccd66

  • SSDEEP

    196608:oBVcSNYEv4IGO3ogwCPfAtUD0WhxBCdMNSJ1tfSjYHSwtWV+rM7e5rF2+e5ylneb:qiC

Score
10/10
ratminermodiloadernetfilternetwiresnakekeyloggerzeppelincobaltstrikehellokittyindustroyermassloggermerlinmountlockerxmrigremcos

Malware Config

Signatures

  • Cobalt Strike reflective loader 1 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike family
    cobaltstrike
  • Detected Mount Locker ransomware 1 IoCs
  • Detects Zeppelin payload 1 IoCs
  • HelloKitty ELF 1 IoCs
  • Hellokitty family
    hellokitty
  • Industroyer IEC-104 Module 1 IoCs

    Contains strings related to Industroyer module used to communicate with power transmission grids over IEC-104 protocol.

  • Industroyer family
    industroyer
  • MassLogger log file 1 IoCs

    Detects a log file produced by MassLogger.

  • Masslogger family
    masslogger
  • Merlin family
    merlin
  • Merlin payload 1 IoCs
  • ModiLoader Second Stage 1 IoCs
  • Modiloader family
    modiloader
  • Mountlocker family
    mountlocker
  • NetFilter payload 1 IoCs
  • NetWire RAT payload 1 IoCs
    rat
  • Netfilter family
    netfilter
  • Netwire family
    netwire
  • Remcos family
    remcos
  • Snake Keylogger payload 1 IoCs
  • Snakekeylogger family
    snakekeylogger
  • XMRig Miner payload 1 IoCs
    miner
  • Xmrig family
    xmrig
  • Zeppelin family
    zeppelin

Files

  • 9a9420b07e8c7424af13f736872d44d542a75116384172c72a127f7431735bbd