Static task
static1
18 signatures
General
-
Target
ebc1a2cded55a610197dfb088b54745b0ee65e8959a61acaec2bf6acaecbdea2
-
Size
11.0MB
-
MD5
ddeedc77a0a1a2ea1563484d69d72fe4
-
SHA1
d5dbf1627d4582746016e8caa80dece8569a08f2
-
SHA256
ebc1a2cded55a610197dfb088b54745b0ee65e8959a61acaec2bf6acaecbdea2
-
SHA512
dac7f71e3474d293f9e2817febfefce02d6aefdcec0c9fd1130f6a70114495bffe3baf2165f761da4c2413d4c53c3f211551e186018d33a4165a391d2ac1f68e
-
SSDEEP
196608:Wqv7fQjtjSyqVhdWT3eUR03Fzjb0u3rK74yBngXp64Yjb2ERW6VxF:Kz
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
resource yara_rule sample disable_win_def -
Detected Mount Locker ransomware 1 IoCs
resource yara_rule sample RANSOM_mountlocker -
Detects Zeppelin payload 1 IoCs
resource yara_rule sample family_zeppelin -
HelloKitty ELF 1 IoCs
resource yara_rule sample family_hellokitty_elf -
Hellokitty family
-
MassLogger log file 1 IoCs
Detects a log file produced by MassLogger.
resource yara_rule sample masslogger_log_file -
Masslogger family
-
Merlin family
-
Merlin payload 1 IoCs
resource yara_rule sample family_merlin -
Mountlocker family
-
NetFilter payload 1 IoCs
resource yara_rule sample netfilter_payload -
NetWire RAT payload 1 IoCs
resource yara_rule sample netwire -
Netfilter family
-
Netwire family
-
Remcos family
-
XMRig Miner payload 1 IoCs
resource yara_rule sample family_xmrig -
Xmrig family
-
Zeppelin family
Files
-
ebc1a2cded55a610197dfb088b54745b0ee65e8959a61acaec2bf6acaecbdea2