Overview

overview

10

Static

static

10

beed61dc63...0235e9

windows7-x64

1

beed61dc63...0235e9

windows10-2004-x64

8

Resubmissions

12-02-2025 14:54

250212-r9zgwswmej 10

12-02-2025 14:27

250212-rsdtvsvqet 10

12-02-2025 14:17

250212-rl7hlavngy 10

12-02-2025 13:47

250212-q3q2hatqes 10

12-02-2025 13:43

250212-q1d9xstlap 10

11-02-2025 01:03

250211-behmwstpdv 10

Sharing

Copy URL
Twitter E-mail

Errors

Reason
config extraction: IcedidFirstLoader: EOF

General

  • Target

    beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9

  • Size

    8.5MB

  • MD5

    2d690d32e637c43a18aa8f4f2fd28e48

  • SHA1

    f8a5f75a34d2751c0e7195cd4adabddc1ece465e

  • SHA256

    beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9

  • SHA512

    2641192c4ebb0a66fdf6a9be16ccfc38a4cd98a32467d5b6e719c73b2893a28888b7c9c77d3db3a0d2e93d14408081bdc92238dc3a5b1479229843f354c7305e

  • SSDEEP

    196608:exCyu9hdCjcHsm2gTEE/OBBZVaMKb0QqNnJi6lWzVYK5P6qwpxFlWavvy7:ervy

Score
10/10
loaderguloaderratransomwarerezer0minerblacknetblisterguloaderloaderbotmimikatznetfilternetwirepseudomanuscryptquasarroyalxtremeratzeppelinkandykornhellokittymassloggermerlinmountlockernefilimsodinokibixmrigdridex

Malware Config

Signatures

  • BlackNET payload 1 IoCs
  • Blacknet family
    blacknet
  • Blister family
    blister
  • Detect Blister loader x32 1 IoCs
    loader
  • Detect KandyKorn payload 1 IoCs
  • Detect XtremeRAT payload 1 IoCs
  • Detected Mount Locker ransomware 1 IoCs
  • Detects PseudoManuscrypt payload 1 IoCs
    loader
  • Detects Zeppelin payload 1 IoCs
  • Dridex family
    dridex
  • Guloader family
    guloader
  • Guloader payload 1 IoCs
    guloader
  • HelloKitty ELF 1 IoCs
  • Hellokitty family
    hellokitty
  • Kandykorn family
    kandykorn
  • LoaderBot executable 1 IoCs
  • Loaderbot family
    loaderbot
  • MassLogger log file 1 IoCs

    Detects a log file produced by MassLogger.

  • Masslogger family
    masslogger
  • Merlin family
    merlin
  • Merlin payload 1 IoCs
  • Mimikatz family
    mimikatz
  • Mountlocker family
    mountlocker
  • Nefilim family
    nefilim
  • Nefilim ransomware executable 1 IoCs

    File contains patterns typical of Nefilim samples.

  • NetFilter Dropper 1 IoCs
  • NetFilter payload 1 IoCs
  • NetWire RAT payload 1 IoCs
    rat
  • Netfilter family
    netfilter
  • Netwire family
    netwire
  • Pseudomanuscrypt family
    pseudomanuscrypt
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Royal Ransomware 1 IoCs
    ransomware
  • Royal family
    royal
  • Sodinokibi family
    sodinokibi
  • Sodinokibi/Revil sample 1 IoCs
  • XMRig Miner payload 1 IoCs
    miner
  • Xmrig family
    xmrig
  • Xtremerat family
    xtremerat
  • Zeppelin family
    zeppelin
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • ReZer0 packer 1 IoCs

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0
  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

Files

  • beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9