Analysis Overview
SHA256
beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9
Threat Level: Known bad
The file beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9 was found to be: Known bad.
Malicious Activity Summary
Nefilim family
BlackNET payload
Blacknet family
Detect Blister loader x32
Detects Zeppelin payload
Guloader family
HelloKitty ELF
Kandykorn family
Mimikatz family
Detected Mount Locker ransomware
Dridex family
Mountlocker family
NetFilter payload
Netfilter family
Sodinokibi family
Sodinokibi/Revil sample
Xmrig family
Blister family
mimikatz is an open source tool to dump credentials on Windows
Detect KandyKorn payload
Xtremerat family
Hellokitty family
MassLogger log file
Nefilim ransomware executable
NetWire RAT payload
Pseudomanuscrypt family
Quasar payload
Guloader payload
Masslogger family
Quasar family
Royal Ransomware
Detects PseudoManuscrypt payload
Detect XtremeRAT payload
LoaderBot executable
Loaderbot family
Merlin family
Merlin payload
Royal family
XMRig Miner payload
Zeppelin family
NetFilter Dropper
Netwire family
ReZer0 packer
Patched UPX-packed file
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-03-11 16:06
Signatures
BlackNET payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blacknet family
Blister family
Detect Blister loader x32
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect KandyKorn payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect XtremeRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected Mount Locker ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects PseudoManuscrypt payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects Zeppelin payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Dridex family
Guloader family
Guloader payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
HelloKitty ELF
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hellokitty family
Kandykorn family
LoaderBot executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loaderbot family
MassLogger log file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Masslogger family
Merlin family
Merlin payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Mimikatz family
Mountlocker family
Nefilim family
Nefilim ransomware executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NetFilter Dropper
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NetFilter payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NetWire RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Netfilter family
Netwire family
Pseudomanuscrypt family
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Royal Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Royal family
Sodinokibi family
Sodinokibi/Revil sample
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xmrig family
Xtremerat family
Zeppelin family
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ReZer0 packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Patched UPX-packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-11 16:06
Reported
2025-03-11 16:06
Platform
win7-20240729-en
Max time kernel
0s
Max time network
1s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2025-03-11 16:06
Reported
2025-03-11 16:21
Platform
win10v2004-20250217-en
Max time kernel
697s
Max time network
671s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |