MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RONINGLOADER


Vendor detections: 16


Intelligence 16 IOCs YARA 16 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761
SHA3-384 hash: 7ea0f3c8df78ba56dbc995d3736006ec1f70aaedb30ab428edafa61682ce3346e1e67800b9e711d2a06bf4b5c1cf49c1
SHA1 hash: 454aed83dbde5ff19cdff4c046edfa7ed83e1d09
MD5 hash: 51c86676474370386d24ad591b82bd22
humanhash: crazy-helium-failed-west
File name:kuailianvpn_Setup.exe
Download: download sample
Signature RONINGLOADER
Create hunting rule
File size:19'878'255 bytes
First seen:2026-01-18 13:59:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9dda1a1d1f8a1d13ae0297b47046b26e (64 x Formbook, 40 x GuLoader, 26 x RemcosRAT)
ssdeep 393216:acbCaVa9NqiDGPuywdhJIdoPZz84DgPqv0cZvSiTq3LjGhnOOg8:aRaVmqovPcoaPtFiTJOOg8
Threatray 73 similar samples on MalwareBazaar
TLSH T15017335D1AE58731D4BD8E3C66615E87A4713418022F6C8EE427BD8FD9BA126FC6C323
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter aachum
Tags:103-181-134-186 CHN exe RONINGLOADER


Avatar
iamaachum
https://kualinvpn.com/download => https://hellogodaown.oss-ap-southeast-1.aliyuncs.com/kuailianvpn_Setup.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
ES ES
Vendor Threat Intelligence
Malware configuration found for:
NSIS
Details
Link:
https://research.acce.ciphertechsolutions.com/results/6458839e-523d-4a7e-8b37-9541f52c778c/
Malware family:
n/a
ID:
1
File name:
kuailianvpn_Setup.exe
Verdict:
Malicious activity
Analysis date:
2026-01-18 13:48:35 UTC
Tags:
roning loader anti-evasion rust auto-reg
Link:
https://app.any.run/tasks/780cdb16-336d-4b3a-9279-6c94f3377ae3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49225/
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=696ce4b557243ef151ce19bf
Tags:
emotet cobalt
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm blackhole fingerprint installer installer installer-heuristic microsoft_visual_cc nsis overlay soft-404
Link:
https://www.filescan.io/uploads/696ce793fdafd7624ab0257a/reports/52fdb503-2675-41e8-9566-094985e874ab/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-01-18T10:56:00Z UTC
Last seen:
2026-01-19T06:18:00Z UTC
Hits:
~100
Detections:
Trojan.Win32.PoolInject.sba Trojan.DLLhijack.TCP.ServerRequest Trojan.Win32.Agent.sb HEUR:Trojan.Win32.DLLhijack.gen
Link:
https://opentip.kaspersky.com/6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761/results?tab=lookup
Result
Threat name:
KeyLogger
Create hunting rule
Detection:
malicious
Classification:
spre.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1852797
Signature
Accesses sensitive object manager directories (likely to detect virtual machines)
AI detected malicious Powershell script
Allocates memory in foreign processes
Benign windows process drops PE files
Bypasses PowerShell execution policy
Contains functionality to capture and log keystrokes
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Detected unpacking (creates a PE file in dynamic memory)
Found driver which could be used to inject code into processes
Found evasive API chain checking for user administrative privileges
Infects executable files (exe, dll, sys, html)
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Monitors registry run keys for changes
Multi AV Scanner detection for submitted file
Sample is not signed and drops a device driver
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Suricata IDS alerts for network traffic
Tries to access browser extension known for cryptocurrency wallets
Unusual module load detection (module proxying)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1852797 Sample: kuailianvpn_Setup.exe Startdate: 18/01/2026 Architecture: WINDOWS Score: 80 109 www.wshifen.com 2->109 111 www.baidu.com 2->111 113 4 other IPs or domains 2->113 137 Suricata IDS alerts for network traffic 2->137 139 Multi AV Scanner detection for submitted file 2->139 141 Detected unpacking (creates a PE file in dynamic memory) 2->141 143 7 other signatures 2->143 9 kuailianvpn_Setup.exe 23 37 2->9         started        12 regsvr32.exe 1 2->12         started        15 svchost.exe 2->15         started        17 qhoMT7.exe 2->17         started        signatures3 process4 file5 99 C:\Program Files\Zouyeetion\...\qhoMT7.exe, PE32 9->99 dropped 101 C:\Program Files\Zouyeetion\...\6RpyYBJz.exe, PE32+ 9->101 dropped 103 C:\Users\user\...\nsis_tauri_utils.dll, PE32 9->103 dropped 105 4 other files (none is malicious) 9->105 dropped 19 qhoMT7.exe 10 304 9->19         started        23 6RpyYBJz.exe 3 22 9->23         started        157 Writes to foreign memory regions 12->157 159 Allocates memory in foreign processes 12->159 161 Creates a thread in another existing process (thread injection) 12->161 26 elevation_service.exe 1 12->26         started        28 cmd.exe 1 12->28         started        30 drvinst.exe 15->30         started        32 drvinst.exe 15->32         started        signatures6 process7 dnsIp8 73 C:\Program Files (x86)\...\tap0901.sys, PE32+ 19->73 dropped 75 C:\...\AddWindowsSecurityExclusion.ps1, ASCII 19->75 dropped 83 223 other files (none is malicious) 19->83 dropped 145 Sample is not signed and drops a device driver 19->145 34 powershell.exe 19->34         started        37 tapinstall.exe 19->37         started        40 tapinstall.exe 19->40         started        115 www.wshifen.com 103.235.46.115, 49692, 80 BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd Hong Kong 23->115 117 127.0.0.1 unknown unknown 23->117 77 C:\Users\user\AppData\Local\...\vmservice.sys, PE32+ 23->77 dropped 79 C:\Users\user\AppData\Local\...\vally3dka.sys, PE32+ 23->79 dropped 81 C:\ProgramData\DiamondAge\diamondage.exe, PE32+ 23->81 dropped 85 6 other files (1 malicious) 23->85 dropped 147 Writes to foreign memory regions 23->147 149 Allocates memory in foreign processes 23->149 42 svchost.exe 3 1 23->42 injected 44 ClipUp.exe 1 23->44         started        46 cmd.exe 2 23->46         started        151 Maps a DLL or memory area into another process 26->151 153 Creates a thread in another existing process (thread injection) 26->153 48 ctfmon.exe 1 26->48 injected 51 tasklist.exe 1 28->51         started        53 20 other processes 28->53 87 2 other files (none is malicious) 30->87 dropped 155 Accesses sensitive object manager directories (likely to detect virtual machines) 30->155 89 2 other files (none is malicious) 32->89 dropped file9 signatures10 process11 dnsIp12 119 Loading BitLocker PowerShell Module 34->119 55 conhost.exe 34->55         started        57 conhost.exe 34->57         started        91 C:\Users\user\AppData\...\tap0901.sys (copy), PE32+ 37->91 dropped 93 C:\Users\user\AppData\Local\...\SETB90F.tmp, PE32+ 37->93 dropped 59 conhost.exe 40->59         started        95 C:\Windows\Temp\vafdska.sys, PE32+ 42->95 dropped 121 Benign windows process drops PE files 42->121 123 Sample is not signed and drops a device driver 42->123 125 Unusual module load detection (module proxying) 42->125 61 dllhost.exe 42->61         started        63 dllhost.exe 42->63         started        65 dllhost.exe 42->65         started        97 C:\ProgramData\Microsoft\...\MsMpEng.exe, Unicode 44->97 dropped 127 Infects executable files (exe, dll, sys, html) 44->127 67 conhost.exe 44->67         started        69 conhost.exe 46->69         started        107 103.181.134.186, 49696, 5551 AARNET-AS-APAustralianAcademicandResearchNetworkAARNe unknown 48->107 129 Contains functionality to inject threads in other processes 48->129 131 Contains functionality to capture and log keystrokes 48->131 133 Contains functionality to inject code into remote processes 48->133 135 2 other signatures 48->135 71 conhost.exe 51->71         started        file13 signatures14 process15
Score:
50%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable NSIS Installer PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/51c86676474370386d24ad591b82bd22
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761/
Verdict:
Malicious
Threat:
Family.RONING
Link:
https://tip.neiki.dev/file/6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-18 13:48:46 UTC
File Type:
PE (Exe)
Extracted files:
842
AV detection:
10 of 37 (27.03%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n4potaffcqy3luoie2vnh7ql54iptql3slasu27jhr55bxegw5qq._file
Verdict:
malicious
Label(s):
roningloader
Create hunting rule
Similar samples:
054f2a8e8af110bf048b1b88dfb1edd18cba9c373b67d424b76ff8b1e517a811
RONINGLOADER
2120f4e0085607dd5f96709d99b84762c405838df0efe4433e523531be37e1ef
RONINGLOADER
26cac2ab8683aa18cb4e7932de11c86e78fb91253af15572de7bddc96f5a8312
RONINGLOADER
3218d686f3a0ba0023a7fa4bbe6de07e2b1c470d16473c09b62429c748a15f71
RONINGLOADER
3353b527278eb5ae8bd88208713e242b915c3973b1b03407e164439da18c13bd
RONINGLOADER
3ff665979d035249cae40cb40141827f71a3d807a3b25749dde69726d7f325d4
RONINGLOADER
77e3aa52af76164ecf15fe59fc7e69ea046dd6e182aa12b8f4516f765124eee4
RONINGLOADER
b731f58435d0c90c90fe817b17a13e4f3eb9683da6630edf435ef97d5e762b4c
RONINGLOADER
d50d571877adadf7c0b550b2e30b180821d5851197a4c59f6ef49e2302260c58
RONINGLOADER
dd3841fed92e7c6650c939a3c42ba918e0e930034f2a623d11b7959084a17541
RONINGLOADER
error
RONINGLOADER
+ 63 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
defense_evasion discovery execution persistence privilege_escalation spyware trojan
Link:
https://tria.ge/reports/260118-rbeptset8a/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Gathers network information
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Drops file in System32 directory
Enumerates processes with tasklist
Checks installed software on the system
Network Service Discovery
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Modifies Windows Firewall
Suspicious use of NtCreateUserProcessOtherParentProcess
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b541941a-374b-4cea-ba8c-b4329abe635c
Unpacked files
SH256 hash:
6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761
MD5 hash:
51c86676474370386d24ad591b82bd22
SHA1 hash:
454aed83dbde5ff19cdff4c046edfa7ed83e1d09
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
1bda9c50d3b02def945d52318fff7e35844f6842772d0fc8c7d80c7af37bcbb9
MD5 hash:
082cb645d7b4fabd2ae92ec334049a3e
SHA1 hash:
ec25e8244d642fe64bb8d35a0531cbb3a7a9d904
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
7a5f0413337c6d2514e68e1096be09f864b9f29d3c4d301e3aaca2c379798aaf
MD5 hash:
a5b4820b4b8eeb11eecba5e754254cf1
SHA1 hash:
d80a334373413c798d85cf6bf1afcf1f6623c56a
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
MD5 hash:
50016010fb0d8db2bc4cd258ceb43be5
SHA1 hash:
44ba95ee12e69da72478cf358c93533a9c7a01dc
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855
MD5 hash:
a8c86996c4230c2209f5927f21321377
SHA1 hash:
45ce0ab93cb6a3a594e54878cce05df724024393
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
MD5 hash:
1d8f01a83ddd259bc339902c1d33c8f1
SHA1 hash:
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7
MD5 hash:
d458b8251443536e4a334147e0170e95
SHA1 hash:
ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
f3e9b0d43b66fa6b05d2fa4de4547517a3ec0bc0b14de3c349d817465bbf7ab4
MD5 hash:
6ebdde247cad8468575f1f2a4d7ae2a2
SHA1 hash:
d0c502f45df55c0465c9406088ff016c2e7e6817
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
MD5 hash:
4add245d4ba34b04f213409bfe504c07
SHA1 hash:
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
6f3cdb80c8a87e2b3cb93dc7f74869c7bd82f6441421cd4ff9e64bf6b21f0eb4
MD5 hash:
f06f0e84a789b4499f9c06fc9ef4d453
SHA1 hash:
0575278b7b0e76ca205fed4720c50cfe1bf39d93
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
dfb3bb98cfe620841fbf2a15aa67c1614d4746a2ea0e5925211de1fee7138b38
MD5 hash:
bf2bbecd323865428aa9c919c81def68
SHA1 hash:
b74c6ef70d5ec4f28eaa706e55aaf852059b6077
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
ba18b5fe71e608dc9ad0d026ecb6857e050c50959e7420e1bb42fc97eb8732e7
MD5 hash:
b46543729be21b8e357b9aab5160307e
SHA1 hash:
05ff81744e4c14ded4a891985fd374b1db02ef6c
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
ea6fd1cc365a199605baef6847987de0512d70c16c58014e05e77b270cd8dce0
MD5 hash:
1c2b730629f6186e633c0aab98e6aaa0
SHA1 hash:
246888d122d7db3d42f935a2e74c7eca54ae598a
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
752f7ac3d0c1dbd8f9a39cd1a3594da6d286990aa2ecd4744f45963a1110406e
MD5 hash:
339f392a1f3db6a28e89e91155020c7b
SHA1 hash:
5955fd0d6e99f5f16c57703a4f4efc51b39ccc09
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
Parent samples :
b16be5d71f0bfd28ed7356bd84c3b61d1c7b2590bd2c485530060f8900182789
34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80
4eacffcd6994f9d6700edc6d1082268e52fbd92fda820e49ef209c23794d564c
8fc47c0972e855f0866d9cf9cba29d56210fc709f13214e6ae6687ca40ca51b8
fce7f7ad1d7b17e7106639ca23cc49d2cf642bcea024d8ba838f3f559c99e34c
0259075adca93861dd02c548ece119844d3a790548e892be43d5a526690725cd
93ed94372d167e22ddd847916b3a26bad5293cc54433244927877a3ecf95d0cf
9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f
1c88f34e755b2e9cc5766f2787b49ce2223d2a26487738869a8ba05d0e909d38
899cb424a250e13191b2d85de9a380c9a2e1ce316c4f46ad0db88d46a01aa8ab
5339fc6da52c8f2f18648e1780fd195dcdfb88664e00d1cd51d556f6208b0f1d
6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761
SH256 hash:
1ce872ed466a8a3466c808a7babf3b597ec12e1cb84870e7a0cf00b2f5ef6df4
MD5 hash:
c848a2f5fa5feaa71409795e8e8c69d0
SHA1 hash:
9074f5b0ca107ab915164f790533bd672048c7b4
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
63d50dbe094bbce5d7bf8af08c0d919cfa5e057ca05ae7b27704a8477c8b348f
MD5 hash:
2ace85429eee9e8320c82d878e5562b4
SHA1 hash:
77ed8b89210930d1de2495ba363519b696d0b6e2
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
4a2438ecfcad3e6e7bb942acf2c40fbe2c0d72e4982df303ab5828af26ca753e
MD5 hash:
810105219d96749674c5bf31c82a3b09
SHA1 hash:
0de6e8b9834b4bb742e8ca90bdb02019a355a422
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
e597d9dd3e6bcf2e591a99b290d79005b01d3898185af4f07250c95b88c1dd6f
MD5 hash:
d3112f62cfa346a6b2559be6ef3ac864
SHA1 hash:
b747c3a66e1f31e00a517c4fda35aeaa3ddbcb2e
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
f81ba0dd987d46a67b1879ef4ee11c14f32940ff211eace347a68e42bf272554
MD5 hash:
2e77f841dbf271fd1ffc460bfd87a1d5
SHA1 hash:
18125861f0519cdf643560c0a988bf70c87d47b3
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
9ad2f435b9bf29b3951c1376b3924c92070a147b5501b0430489cd808550399d
MD5 hash:
2fc1912eb8465843ae7de0b01bf457ea
SHA1 hash:
6108c1f658f9f077f59b6598316de2c16b4ccd9c
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
ecdf3984b31ff195b83be091cf055a8d9841d4c03215bc4e68e375a2b9e729fe
MD5 hash:
e5aa1bb1cd8d21a6def38c1cfaa928b9
SHA1 hash:
4f667e52e93682a4e73c6a3abed34881b9ef0133
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
62ef91923a03ba7e9339d88a04b656110c594338b60c7252676f4cd20366bd29
MD5 hash:
6961ce889b7f97438c9f7f0fbe25523a
SHA1 hash:
a5b2a99a4ebe926d22ccd6dbd057933d12e43582
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
053e1bd9c54519f31897290c94b8ad5276bb5c053cd8ef5c910df3d8a61a0a80
MD5 hash:
b2c4810e1fe1d8465b5ab65d1387af40
SHA1 hash:
37369f4e3d13861d6fe1deafe836257fa727ac0d
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
53c95fa5740730294805c5a54639aa67d481c57c14c025bbf60c21a1ea007a0f
MD5 hash:
c6a7383826df4f315997f1ae4f0fca70
SHA1 hash:
c05a9f93c84304fd564640b61f050641850e6736
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
b4787d3ba3f052aab344dc8ef499df93778c15bd21bcae917f4bbc27be8ed3ce
MD5 hash:
f3a0b30420e762ca7d029a36c66f67da
SHA1 hash:
61488100d168cac12eba9141b0b507bc542b63fa
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
f3b14defbd05493b8573016b08b86e5b5d53b486b0457fd75f67bf8bff04be38
MD5 hash:
6a3b9e46c41e42e7b8e1479468d892af
SHA1 hash:
e31c05ae685e51d07808b1dd24ceced9d299ed81
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
9b7079ccdf1e7b446f2300e513cda80334628d6c1258405e06a434727a819f7e
MD5 hash:
cf01542440e76d919236fb46321f17e4
SHA1 hash:
d770888ef8a59d885731f6e4ee2f0414c469ef71
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
45134be6f92f49e30625349c8dbaa2e307f07f03961eb0cac4bd4c97383f650f
MD5 hash:
d5377aa8b9b27902ff86132c9a7cb5c9
SHA1 hash:
b4075457e6dd45683e20f1774892e152b86c9952
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
7648b3c6fe244420b02ad9f578c4b9302964ab6999f2aaca7b5f69586da6d612
MD5 hash:
4f939bd788d87880419a6918b2f7b68a
SHA1 hash:
a7f35e6b3ce8af1775168b7123ada4f1b078e697
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
88e79c4218ae7c0914aa1db372926f3c0951071839e4b364251797509203e661
MD5 hash:
4d0c6b104b83ee00d34d244ed3259d5f
SHA1 hash:
4ab118d0e77c5ca31571c8e87a2f1e9802be0a2e
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
df93465a7b3a3fb26e4ce3208b6d65b9d1798891c6fc20bd9e318865cc170277
MD5 hash:
722e4db5045afe393a672fe1bc0e63bb
SHA1 hash:
68c14af3ab488bdd84ea37a96e73ea43c04d16ac
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
cdee95384abd85f682ab93a6033bbb10787b96dc53cc22a3bf4e4901f77b713a
MD5 hash:
f5c83bb2ef3b4568869459dbfdd50855
SHA1 hash:
bd32c4670f80aa99c6e53bbc5456585dc0589912
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
69fe41559951345d056ff432785bc234d02cad6e0fcd007ed9be7953b32c560c
MD5 hash:
56692d6a0c6b583d2cc3006a6c6c431f
SHA1 hash:
69340eac05b5bf58ef5a0b0e9b8127a5e933437c
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
9319068691713550060034c4f4f7442e41a4a1f36e67e6d1014370d6980f0369
MD5 hash:
37e4f602718d6da9245d6858c85e2a8d
SHA1 hash:
998e648df87dc4cab1f20336785c3be3e78e767b
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
90cfc73befd43fc3fd876e23dcc3f5ce6e9d21d396bbb346513302e2215db8c9
MD5 hash:
dc80f588f513d998a5df1ca415edb700
SHA1 hash:
e2f0032798129e461f0d2494ae14ea7a4f106467
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
d67ebd49241041e6b6191703a90d89e68d4465adce02c595218b867df34581a3
MD5 hash:
6cd3ed3db95d4671b866411db4950853
SHA1 hash:
528b69c35a5e36cc8d747965c9e5ea0dc40323b8
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
a08c040912df2a3c823ade85d62239d56abaa8f788a2684fb9d33961922687c7
MD5 hash:
c8f36848ce8f13084b355c934fc91746
SHA1 hash:
8f60c2fd1f6f5b5f365500b2749dca8c845f827a
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
7744c9c84c28033bc3606f4dfce2adcd6f632e2be7827893c3e2257100f1cf9e
MD5 hash:
7546acebc5a5213dee2a5ed18d7ebc6c
SHA1 hash:
b964d242c0778485322ccb3a3b7c25569c0718b7
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
032d38bb6487768f96fe578f353aa98c3dfbc27e484f1c7500e6ddf7e9c062db
MD5 hash:
9cef6428a76dc2652c5a09794507539f
SHA1 hash:
8a8899b13f02fb24f4f993a5ef0474de3b243db9
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
c4d5f27d397b627a66b385a571f63b327f086b0c10eadd90ada70474097443c7
MD5 hash:
c29d753ab575ba590dee09d9951fe391
SHA1 hash:
06514982da9ebd5a13d13808abbc475260b0b566
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
96dd4ca59c9b24f381d585defda8759a33760dacb1d8ae8db887ea727bf049c7
MD5 hash:
67176b46f5ad635a32b842abfa9f91a9
SHA1 hash:
0903955291448850074f9230dfb087fedfe74f59
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
f145a9091435a7499fb3b15ee202c192b27484ffb2d61932bae01a849aa042c4
MD5 hash:
1a0d59997741a4206bbb729e770cf1c1
SHA1 hash:
bdf6c86b3cfbea0818913bea416b2fd67d764574
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
5f8a73955c99ad3b370bec13fc037a80260e4b25dadf2607e642c20b0fbd0057
MD5 hash:
f04d280294d19178131f4f77a6af7afb
SHA1 hash:
6a5bb874d8b7f28821a11822db8f3c8dfda9eb97
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
8b8393db3da5d00535dd259ba2adfd1e76cd2fc2cbfaa170207cbad514b3895b
MD5 hash:
998fed74ff2d4f7600c68f7da997fc16
SHA1 hash:
739f44c91f26b35e3f5cb27eb092bbc8d523c3b9
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
a123485502527a230c9363cdd419c4056f350c9f3867fb309898a725bec801ad
MD5 hash:
fdb2d1ff9b91ffe62047856cf6ac98c7
SHA1 hash:
7c8a94febffb90fb73a0e906d377f508ddb77841
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
3d2ed8e186f124f988ebdb45d0354185b424357be2433bba0033ab9ec31bd25b
MD5 hash:
26cbe846decab0836717301f0bc6ec0e
SHA1 hash:
a3902cfce95dd0756bcd22c51dbf9e69b1205be8
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
1ac26220d62c98a62129aa9d92d9011edf930d5ed49bcd3d209df4d204a4b2bf
MD5 hash:
40d6cb7ca91ed54b50b2b455972ab1f8
SHA1 hash:
29fbfec4aba1c6857d903b4e98a0aba0161896d1
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
97a9f37f5701b19bb89503bf708b5b93a2426c176292d84778a63c3005afb460
MD5 hash:
20a73d16e6cb948646890711b8613266
SHA1 hash:
3c4ab0ce56ffba52680c3c1735227eec0a02a214
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
14c162a7c0dd68a9913ab0dcc87678d207c87888a2b657710e4db4bf83e0559d
MD5 hash:
2623108f7f74d2d4f71f41a8c64e2b84
SHA1 hash:
1dbac50e3ff49981d20bdf4757d6b515dba0f1d2
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
b3da9268ac606fb39e7094e2203a5a30af2b681d98824ccecaee80462ca0f03a
MD5 hash:
ed26bd2e7a69fc2b65d60f9265b2eda1
SHA1 hash:
93eed8d96d1548bd4bdc0e722e6318a1db41048c
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
21d9b05a5c703f6754b8fbd6e3d0d58fc6dd31215d1118af64d4305f7d92d585
MD5 hash:
c549482f392b4a426d293121bd26ebe2
SHA1 hash:
cd30ba0c9b94b2d8453e94614bac8f9943f6e01c
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
abf6676da75e532d914f71c12246264979ff8770fe4e4b302c0cf7319df09d6b
MD5 hash:
a5b7a225817e40596e751b2de1857332
SHA1 hash:
d1bce516bf22c1714ccc998eb56c2d8844642e8a
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
9863a8ca0fd55fdf1de8d64cb89d034fc009a58220d45c5f4f83c6cdd0c5cbfd
MD5 hash:
bbea7769de6a008c3156141c52fdc18e
SHA1 hash:
7d9f90e8da62f9834f532e9a0aba54969c14ec28
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
d838c40848daf87743e96d42f8db18bb66a0b27cff5a48926a85a61c2d3e05b9
MD5 hash:
0bfef61b203054f6fbf08419ffe3f018
SHA1 hash:
ed9d0418507630996eb2c473ec5daf11d185c2c6
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
9f1533b23bfc95aaabcd9bc9c09673c7457e7cfc0cc38589e0e198829cd274d0
MD5 hash:
31bb7d830aa8a5074ceab4f1fc386254
SHA1 hash:
cd4a135e89ad9a472996c933616f5307bee02066
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
77a5d1619f9f07262e8ce98bb235ff961fafcecd3335922372de65cdd8877c4d
MD5 hash:
2e71c6394a6ab152139e2977c48440ff
SHA1 hash:
d4557ed90d8ac11606e0f36aea100bffcb5b3540
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
654b227b465946cd29d28877f915fbe6018634ef24e1436ebc163fce078d7563
MD5 hash:
5a016aedd7b9964f5fad2e0576acc218
SHA1 hash:
179bd6d735ace0391c301101bf5a6eafd39c7697
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
9030de8fd918cf5aebdb6634537db1df111bea3808ab7fd77dc71630747be4f0
MD5 hash:
b2d5332209a01fa064e3fcc01be0da85
SHA1 hash:
949a59c106faf0bcdfd22aae93f57f15a034c4c8
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
8e3b0b1ca9338ede77abfd7ceddbe9427fef69cc70e3698a52b87b3e70270dce
MD5 hash:
dd92138cbcccc7008e8fffc806c8cc9c
SHA1 hash:
056af811010e290980bf991aecda27705160a4fb
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
46ef947b9f5c2bb4dbac39bfab117a257b81928d14636ae037d18ff7987170bd
MD5 hash:
26d7c945b76f91f94d31cb8da41dbb72
SHA1 hash:
d7ee94a83b8a82cc61e5e49bb93d9246afedb604
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
8d32110904072d68920362d707aa748192a3aa6133e7ae44f369365512cc6c8e
MD5 hash:
fc65207cedd77e0eb4a1bed6f9a775f8
SHA1 hash:
7834979598f6d13ed48b48d14fe9c271b6ef93fb
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
e152a2e05114ee7f1d4d6933723722588551b817fc3baccd76451c0a487528ed
MD5 hash:
e5895856a6964160ba40c1a6a34e00ae
SHA1 hash:
6448042bc294ad5a40238c60876d9647c0687a73
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
cb6b6f352042d12c2117cacee053d99655beca8421a2d612ee1946de74682841
MD5 hash:
0380523c3793abb53359e212e9984c4e
SHA1 hash:
57a6b98e14f8a078cb1c63e2be71e4ec6d42351b
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
f437bc5f0aa9f3ebc8403fa4d5bbe22c6e5e346e00e3390b65772ee19e0d09f1
MD5 hash:
143826fedf607a924290ef997542f6d1
SHA1 hash:
d5f6044f8c1d48f98d5e99d1c67a143e7ee1caba
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
7735ad9b8eeec4d4f18fc44f0120ea0bf5f5296a99caeaed65478cd1fac33183
MD5 hash:
251792b503c1376eda3f97c5d0a8b432
SHA1 hash:
edaa083e936cc20f6cbc5b3dca330ac40e706c87
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
c7a4f70bbf090463023d2481d2a3b6e40c313beda22bbdea86dab287f5d0b0e6
MD5 hash:
c83400a9b03dfe052c72797336d80b87
SHA1 hash:
6bc0b39565f51fb92a1bd2ce44a02fda27edcdee
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
e55f88c76993d2f961443b22dbdc2f759e3127790d9b380c35e150b172b9bb64
MD5 hash:
347cd679a0255ef872a0a781342de127
SHA1 hash:
7847343d9a880d601d807039c4c4e2c579f1674f
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
4a14fa56abb39e63e25d380a17c32714f1a064b7c90ec3fb2f5fe7e0a07d0f05
MD5 hash:
70afd43f46a101e1666732dcf7cac48b
SHA1 hash:
dbfb1190ec2b799a5f1ae54bbaac28ec0a4a3419
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
ef6b3ab6c53f0b1bacae6311f79b3a486467e443ef3aced83f61c2f472f03a8d
MD5 hash:
66869a7dd08444ce42349b0bebca8ab3
SHA1 hash:
414be4741a3bffa92f142ccb7b87198e61e517b5
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
dafb51ea9b431c7bb1cf474fd2abad89983715723a04f6ac184d63a189f472fd
MD5 hash:
4e117483572be2f016061eb60a34f859
SHA1 hash:
0b38f7a6ea6cb4ccf5d7e79c284d471ed2ffbeda
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
307bed6b7e85e600a83e4fc3d2ab1c3e85b43a89d160b442db36513c4d609305
MD5 hash:
d78eb4c36186bd1b18633054c60356e8
SHA1 hash:
77905eaa8055c4ad92f48921165284b8c7167145
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
447497df813895b1062717e6b3ee52726d688a93bb3770b78da19812cb1bc727
MD5 hash:
148b55a572c51c99e121b6116c3f2561
SHA1 hash:
67da3ec10e57c0ac04db8191f7f1f89f7c3ba27d
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
826fbc27fe80fcb37576cebfaccfb0fb58caba2f99abe5b06360115be8497e90
MD5 hash:
eaca6b725cd5319a33c1a6f8ce87f9cd
SHA1 hash:
91ce70b3785056f560af3d2290c34dd51bbe0e15
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
19c5ad815e72377f1c07b187b53b2576c355f317eb7e3131554403c951d8d125
MD5 hash:
cb6d0cedadfc67f8a9bf02f47e0ea6b1
SHA1 hash:
ada21e9c6c5dc10a73966c8afb552d7bfdc028cb
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
d5235265564f0bfd23b7279d7bdccc9ea6383ed07c5d0bfdf6c99029af9a2c0c
MD5 hash:
1d3dd9fcc077e6b4f88c05b9aef53ee6
SHA1 hash:
12b33858bc84f54b8aa8dbcb5a0ec2da043a6f66
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
86c1b142e3ca539692304177744e2a29e0681b324461ce138540cf50c391e65d
MD5 hash:
f752a14cbfc71f7080a7c7285ac4bfc7
SHA1 hash:
0ce074adfbbb6b4e0fd228d4908ce8434dff5077
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
Parent samples :
a35b7570b7818fb47837073b594b4581049edaa087a9e854b5b395abdc7b6773
cf4ecdd070a6b6806a0ee42b6367ff474077b35f493f75477327888f2fd6a905
b16be5d71f0bfd28ed7356bd84c3b61d1c7b2590bd2c485530060f8900182789
34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80
8fc47c0972e855f0866d9cf9cba29d56210fc709f13214e6ae6687ca40ca51b8
0259075adca93861dd02c548ece119844d3a790548e892be43d5a526690725cd
899cb424a250e13191b2d85de9a380c9a2e1ce316c4f46ad0db88d46a01aa8ab
6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761
SH256 hash:
b86651162384248bfb167a49d440c2e580eb4f68a0680f22218fce6ed447f2df
MD5 hash:
41ce0f0bf4986c5c6a9e6711562aeed6
SHA1 hash:
e17edca90706df7178fc3b921fe1c0a8a34e596c
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
582f376e8448d01a0ed433906e09e51c4aacbfbcba07099b7538f545c8e85cd5
MD5 hash:
104468bb5797de3adb52ac66d6a751d3
SHA1 hash:
39b712989e78c180d3d1f683b8367feaaed7e034
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
1e02248fc226f1813f9a473aaf8dc9bd264101a6e371ddb73e145c0949834d47
MD5 hash:
4b874a3043d5e3c133f4c35863159638
SHA1 hash:
3a7d21700497d81c41193544b7ea913032d0aa82
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
SH256 hash:
a596d088ee4f29185441fe319d213de15b6a4f0335490d6fb4c3a34633ba5557
MD5 hash:
06082d584092c2fd86e236cd7e4ab373
SHA1 hash:
44e32a23f2b335e88f2f06e6e93f14697e476cba
Link:
https://www.unpac.me/results/a554960e-2898-4cff-b5e0-255417d8bdce/
Malware family:
ValleyRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6f1ee980a514/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:Detect_NSIS_Nullsoft_Installer
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects NSIS installers by .ndata section + NSIS header string
Rule name:EDR_Killer_EDR_Freeze_Tool
Create hunting rule
Author:Valton Tahiri (cybee.ai)
Description:Detects EDR-Freeze tool in memory - EDR/AV freezing malware
Reference:https://www.linkedin.com/in/valton-tahiri/
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:GenericGh0st
Create hunting rule
Author:Still
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Suspicious_Process
Create hunting rule
Author:Security Research Team
Description:Suspicious process creation
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Windows_Trojan_RoningLoader_a4e851ac
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RONINGLOADER

Executable exe 6f1ee980a51431b5d1c826aad3fe0bef10f9c17b92c12a6be93c7bd0dc86b761

(this sample)

  
Link
https://tria.ge/260118-qvt37adt3h/behavioral2
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/49225/

Comments