MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf86597d2d10ad8d82f0af8b53cf72757094322e79e92180092aa60341b90034. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DiamondFox


Vendor detections: 12


Intelligence 12 IOCs 2 YARA 18 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf86597d2d10ad8d82f0af8b53cf72757094322e79e92180092aa60341b90034
SHA3-384 hash: 9287d5efe16770dc9e6a7c5f13cffada612c0287b3ee8085f6f569adc180f18fa70991a3f347f6008d486829ef6595dc
SHA1 hash: c196e6d2c701ce4669103ad2d82d23b08edb887e
MD5 hash: c65eae064ce5a26abb72dd304ecdf2e3
humanhash: ack-sodium-sixteen-florida
File name:C65EAE064CE5A26ABB72DD304ECDF2E3.exe
Download: download sample
Signature DiamondFox
Create hunting rule
File size:4'387'292 bytes
First seen:2021-07-07 12:00:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 98304:UbnS1zX8GcizE4vTlNCoP0GjkyZ93mCJWtS:UTSF8GzooTlNF8GLj2CJl
Threatray 101 similar samples on MalwareBazaar
TLSH E71633906DD0D4B2D5771A755A796B22807DBC249F2CCAEF2364491EC932280B736BF3
Reporter abuse_ch
Tags:DiamondFox exe


Avatar
abuse_ch
DiamondFox C2:
82.118.23.92:80

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
82.118.23.92:80 https://threatfox.abuse.ch/ioc/158025/
185.14.31.80:80 https://threatfox.abuse.ch/ioc/158263/

Intelligence

File Origin
# of uploads :
1
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
C65EAE064CE5A26ABB72DD304ECDF2E3.exe
Verdict:
Malicious activity
Analysis date:
2021-07-07 12:03:39 UTC
Tags:
autoit evasion trojan rat redline phishing stealer
Link:
https://app.any.run/tasks/2000d93a-5279-4af0-a884-a06d30cd8a0c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
CookieStealer
Create hunting rule
Link:
https://www.capesandbox.com/analysis/170171/
Detection(s):
Win.Malware.Generic-9866235-0
Create hunting rule

Win.Malware.Nymeria-9873414-0
Create hunting rule

Win.Malware.SmokeLoader-9874090-1
Create hunting rule

Win.Malware.Generic-9874384-0
Create hunting rule

Win.Malware.Qshell-9875653-0
Create hunting rule

SecuriteInfo.com.Trojan.Rasftuby.Gen.14.10239.27368.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Socelars
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f8eb0aaa-978d-4d15-8fda-08b5f1b12470
Result
Threat name:
Backstage Stealer RedLine SmokeLoader So
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/812831
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Allocates memory in foreign processes
Antivirus detection for dropped file
Antivirus detection for URL or domain
Binary is likely a compiled AutoIt script file
Creates a thread in another existing process (thread injection)
Detected VMProtect packer
Disable Windows Defender real time protection (registry)
DLL reload attack detected
Drops PE files to the document folder of the user
Drops PE files to the user root directory
Found C&C like URL pattern
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
PE file has nameless sections
Performs DNS queries to domains with low reputation
Sample is protected by VMProtect
Sigma detected: Execution from Suspicious Folder
Sigma detected: Suspicious Svchost Process
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Yara detected Backstage Stealer
Yara detected RedLine Stealer
Yara detected SmokeLoader
Yara detected Socelars
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 445242 Sample: 3MIvJieGXT.exe Startdate: 07/07/2021 Architecture: WINDOWS Score: 100 63 email.yg9.me 198.13.62.186 AS-CHOOPAUS United States 2->63 65 74.114.154.22 AUTOMATTICUS Canada 2->65 67 162.55.223.232 ACPCA United States 2->67 85 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->85 87 Multi AV Scanner detection for domain / URL 2->87 89 Found malware configuration 2->89 91 25 other signatures 2->91 8 3MIvJieGXT.exe 15 2->8         started        signatures3 process4 file5 37 C:\Users\user\Desktop\pub2.exe, PE32 8->37 dropped 39 C:\Users\user\Desktop\jg3_3uag.exe, PE32 8->39 dropped 41 C:\Users\user\Desktop\Installation.exe, PE32 8->41 dropped 43 7 other files (1 malicious) 8->43 dropped 11 File.exe 8->11         started        16 Files.exe 1 10 8->16         started        18 Folder.exe 5 8->18         started        20 6 other processes 8->20 process6 dnsIp7 71 a.xyzgame.vip 11->71 73 79.174.12.174, 49743, 80 THEFIRST-ASRU Russian Federation 11->73 81 12 other IPs or domains 11->81 45 C:\Users\...\wk0G7r1QeohB2dZL2AYPj6NC.exe, PE32 11->45 dropped 47 C:\Users\...\sv_6RN3nqUdTlLNvoL3XvD_H.exe, PE32 11->47 dropped 49 C:\Users\...\iLM_fgxGpRoM9PniJWt7MFyP.exe, PE32 11->49 dropped 59 35 other files (29 malicious) 11->59 dropped 103 Drops PE files to the document folder of the user 11->103 105 Performs DNS queries to domains with low reputation 11->105 107 Disable Windows Defender real time protection (registry) 11->107 75 192.168.2.1 unknown unknown 16->75 51 C:\Users\user\AppData\Local\Temp\...\File.exe, PE32 16->51 dropped 22 File.exe 3 20 16->22         started        53 C:\Users\user\AppData\Local\Temp\axhub.dll, PE32 18->53 dropped 27 rundll32.exe 18->27         started        29 conhost.exe 18->29         started        77 101.36.107.74, 49737, 80 UHGL-AS-APUCloudHKHoldingsGroupLimitedHK China 20->77 79 ip-api.com 208.95.112.1, 49740, 80 TUT-ASUS United States 20->79 83 8 other IPs or domains 20->83 55 C:\Users\user\Documents\...\jg3_3uag.exe, PE32 20->55 dropped 57 C:\Users\user\AppData\Roaming\3616579.exe, PE32 20->57 dropped 61 5 other files (2 malicious) 20->61 dropped 109 Tries to harvest and steal browser information (history, passwords, etc) 20->109 31 WerFault.exe 20->31         started        file8 signatures9 process10 dnsIp11 69 newja.webtm.ru 92.53.96.150, 49735, 80 TIMEWEB-ASRU Russian Federation 22->69 33 C:\Users\Public\run2.exe, PE32 22->33 dropped 35 C:\Users\Public\run.exe, PE32 22->35 dropped 93 Binary is likely a compiled AutoIt script file 22->93 95 Drops PE files to the user root directory 22->95 97 Writes to foreign memory regions 27->97 99 Allocates memory in foreign processes 27->99 101 Creates a thread in another existing process (thread injection) 27->101 file12 signatures13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf86597d2d10ad8d82f0af8b53cf72757094322e79e92180092aa60341b90034/
Threat name:
Win32.Spyware.Socelars
Create hunting rule
Status:
Malicious
First seen:
2021-07-04 13:40:41 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x6dfs7jnccwy3axqv6fvht3sovyjimrophusdaajfktagqnzaa2a._file
Verdict:
malicious
Similar samples:
0bcf14216198351151d34d3e6ea6c05bf06c62eee05e15804ba132ea455b3710
DiamondFox
16bf40060a0544cf49bda85272b976265fb56248c6068d7d95296937af664ecc
DiamondFox
1a1d8823b35b8c0d8dfcebe065520a07fe105589893262976fce4122317c55b8
DiamondFox
924bb78c8e816ebd25d656fb6cf0387449cd4b3cd55846c99d4f0ddb47f71dd5
DiamondFox
adb98685d3d6a8fa5e90b6fd9d458601d874718d5815f8aab66728ba9d067440
DiamondFox
d03c955b566ad3308d6f9fe90c320300b097e649c9c7380d48cf06815d4988b9
DiamondFox
e1fffde5cce94f703cbaf29b14bf0e7569ad207a0a7f4fc63484ced33307198b
DiamondFox
f84ae3bdd7a26957eebe4e4893718bd512960c013a8aa4903998af16072c0041
DiamondFox
fcebd1383b524b3ed55ce93204ab0199fc3c8871783dc2b197ce3148c66a5ca1
DiamondFox
fe8417ad3e0bad396fd009f20ad6cb106605098ec72fb933bb6f8e16cb6d437d
DiamondFox
+ 91 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:redline family:smokeloader family:socelars family:vidar botnet:#2 botnet:go backdoor infostealer persistence stealer themida trojan upx vmprotect
Link:
https://tria.ge/reports/210707-pwnescd496/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Creates scheduled task(s)
Kills process with taskkill
Modifies registry class
NSIS installer
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
autoit_exe
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Loads dropped DLL
Themida packer
Downloads MZ/PE file
Executes dropped EXE
UPX packed file
VMProtect packed file
RedLine
RedLine Payload
SmokeLoader
Socelars
Socelars Payload
Suspicious use of NtCreateUserProcessOtherParentProcess
Vidar
Malware Config
C2 Extraction:
http://conceitosseg.com/upload/
http://integrasidata.com/upload/
http://ozentekstil.com/upload/
http://finbelportal.com/upload/
http://telanganadigital.com/upload/
http://999080321newfolder1002002131-service1002.space/
http://999080321newfolder1002002231-service1002.space/
http://999080321newfolder3100231-service1002.space/
http://999080321newfolder1002002431-service1002.space/
http://999080321newfolder1002002531-service1002.space/
http://999080321newfolder33417-012425999080321.space/
http://999080321test125831-service10020125999080321.space/
http://999080321test136831-service10020125999080321.space/
http://999080321test147831-service10020125999080321.space/
http://999080321test146831-service10020125999080321.space/
http://999080321test134831-service10020125999080321.space/
http://999080321est213531-service1002012425999080321.ru/
http://999080321yes1t3481-service10020125999080321.ru/
http://999080321test13561-service10020125999080321.su/
http://999080321test14781-service10020125999080321.info/
http://999080321test13461-service10020125999080321.net/
http://999080321test15671-service10020125999080321.tech/
http://999080321test12671-service10020125999080321.online/
http://999080321utest1341-service10020125999080321.ru/
http://999080321uest71-service100201dom25999080321.ru/
http://999080321test61-service10020125999080321.website/
http://999080321test51-service10020125999080321.xyz/
http://999080321test41-service100201pro25999080321.ru/
http://999080321yest31-service100201rus25999080321.ru/
http://999080321rest21-service10020125999080321.eu/
http://999080321test11-service10020125999080321.press/
http://999080321newfolder4561-service10020125999080321.ru/
http://999080321rustest213-service10020125999080321.ru/
http://999080321test281-service10020125999080321.ru/
http://999080321test261-service10020125999080321.space/
http://999080321yomtest251-service10020125999080321.ru/
http://999080321yirtest231-service10020125999080321.ru/
193.188.22.226:25522
shurinedn.xyz:80
Unpacked files
SH256 hash:
8ac07124315f36db78c157ed5d2c3d7ed75120ecc4d0d4a6622de2a98f587c16
MD5 hash:
2f1ae78cae116a020760f54479c3e9b3
SHA1 hash:
433fe2252e21043a302af27a6a0741499cefd4ed
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
4826f8881d91075a3be54defb778f2fbabee3730afd77d0e0fb9df8b36279b2e
MD5 hash:
e21179e02e3c5df20739130690444fe5
SHA1 hash:
e948c3b760a2fab0f9db2b3f80001cf787b83542
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
f9b372a7b8dafe80af64d720489f4d6dd10729200f0c871b2f26933fb4fd11de
MD5 hash:
653ce161a17a80627d21aac57cd544e6
SHA1 hash:
63fee141f75a2d467f7f59e1e8a3cd7ced067b9e
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
a44e718b67c8e93e9d285e20d6c7d7cd55a371c82db4866c41f1d8790dce7cb2
MD5 hash:
a1bb1c479a60520734b928aeb32259b6
SHA1 hash:
0f0ee7655a008f309729339a4915f666636664bd
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
574a1e8093a8a16ebc96234701b1b14851f0c3bd2d5d5f687be59ac09b6554f3
MD5 hash:
08ff8f4643d75e0e160dfe7d9c9c006a
SHA1 hash:
890c655b9b28e0ac6bac1c8666b5b4be47011867
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
67cdc7c5de5e46229adc831dc6fd3053d996ecf02e94706b6b6ae1b0ed976f2c
MD5 hash:
555b5b60b2dcc53e71e6d9ba8302c4b9
SHA1 hash:
550326b1226629a867d4606ad0c98c4ef9596b47
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
Parent samples :
e47bfa7b58706edeeaf73664039c10cb1ff7a517d833c0b28751b835bdc68cf7
32ac0624a534a2c40fb8eba41e80bb1d31b99cd118d42208c89229079699f783
SH256 hash:
10a122bd647c88aa23f96687e26b251862e83be9dbb89532f4a578689547972d
MD5 hash:
89c739ae3bbee8c40a52090ad0641d31
SHA1 hash:
d0f7dc9a0a3e52af0f9f9736f26e401636c420a1
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
9c3aef08e560f6e28aa1a937f7817ed503fbc4c3ab55969ec14bed88aa7924ea
MD5 hash:
3c612bcd85ef58d3ed1497c1858a109e
SHA1 hash:
63cbf78acb12280e2261533237c809bf43ebc99b
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
861e51f74df67869e5fda93eb9e2933fa387bb88da80741f45cc44cbf4fc201c
MD5 hash:
2277cc566f8041b443947f70e8c09cb0
SHA1 hash:
510f44d27dc952fb52e3d88645ae7c85f2022370
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
03f216aaef4636f27a1354b100e28fb1796ecab94f9281d8707c13f4b9d3bc15
MD5 hash:
d4182f26e16e78f626c146920058ef54
SHA1 hash:
0040d9e54a118a873a458c3255b2270125d15b20
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
87934fe3fbc35879beeff4d23b59a4bcebed299fdf483b17a6dfddd13154ddb2
MD5 hash:
74e77ffa7f6afa58fb6c4cb744700cc1
SHA1 hash:
a778e67baa14d905b67f4d8ddc7f2dca2a598d25
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
154570b50b6d090aed78b825e892e561bb76a5016f897cdf2f4772b4bd7dfa3e
MD5 hash:
bfa7950f9abe282fdb0519a8113483fa
SHA1 hash:
0048ebef425da5b3432a8eb4fce4571bf27fa3aa
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
3c5748b3274a1f7fe73e45737a358f63bc7b380e00b05a9f8e0a1439e5f73b79
MD5 hash:
a1380115e3c2bacdf64f3362e49ae060
SHA1 hash:
c1b275ba10c45b2c7eb7c17cd8f631dd67d9b78c
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
b1086599811d0da71a27c080f9ecb7d056dcbaf32ce2a3b08fdc5cb5beaa95f7
MD5 hash:
b9d3d6ee08830395187a54fbffedfa00
SHA1 hash:
595a5be71abbd5a1ceaef89f3b376d61db794493
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
4dd4da428803d50ab0b94754056e3c41066a5734bb01c10a11a4870c505b49b2
MD5 hash:
326ac868132ba57dd0c154f2395cfaf0
SHA1 hash:
0de62f7424765c8cdea7df1d73ed78d84a7d6873
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
6f8b41293150913853b7b48bdf180eab1f3457fa706606dc674a6ae58f174f61
MD5 hash:
d189a3e4b61e91dcadbb026595b77a8d
SHA1 hash:
c808e68364afb5bbe8cb3765467c8c0e7b468e1b
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
fc3d05620f57b703f98b7fb56f4945ceac07f29e35c5c44d320d3b9cb04759e9
MD5 hash:
6f9059578f21b5e369e96b5bbc3b6a0f
SHA1 hash:
ab728922b44b3606644d6792fd9d36aafa5e409c
Detections:
win_socelars_auto
Create hunting rule
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
aba406ecee244411fae400542b8b2778a14dfa305fb5b600d64f62b11fc62b3c
MD5 hash:
4e3a38974ee7b36a23673a9e1de479a5
SHA1 hash:
b46723a7b237fb8b4d8ac5fc3ce16fc8df5af28c
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
SH256 hash:
bf86597d2d10ad8d82f0af8b53cf72757094322e79e92180092aa60341b90034
MD5 hash:
c65eae064ce5a26abb72dd304ecdf2e3
SHA1 hash:
c196e6d2c701ce4669103ad2d82d23b08edb887e
Link:
https://www.unpac.me/results/6a4c1cc3-3dee-4d22-af85-096e1efc9a86/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bf86597d2d10ad8d82f0af8b53cf72757094322e79e92180092aa60341b90034

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Chrome_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Chrome in files like avemaria
Rule name:INDICATOR_EXE_Packed_Themida
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with Themida
Rule name:INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with VMProtect.
Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:INDICATOR_SUSPICOIUS_WindDefender_AntiEmaulation
Create hunting rule
Author:ditekSHen
Description:Detects executables containing potential Windows Defender anti-emulation checks
Rule name:MALWARE_Win_HyperBro03
Create hunting rule
Author:ditekSHen
Description:Hunt HyperBro IronTiger / LuckyMouse / APT27 malware
Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekshen
Description:Detects RedLine infostealer
Rule name:MALWARE_Win_Vidar
Create hunting rule
Author:ditekSHen
Description:Detects Vidar / ArkeiStealer
Rule name:Ping_Del_method_bin_mem
Create hunting rule
Author:James_inthe_box
Description:cmd ping IP nul del
Rule name:SharedStrings
Create hunting rule
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:Steam_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Steam in files like avemaria
Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/
Rule name:SUSP_XORed_Mozilla
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed keyword - Mozilla/5.0
Reference:Internal Research
Rule name:SUSP_XORed_MSDOS_Stub_Message
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed MSDOS stub message
Reference:https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
Rule name:Vidar
Create hunting rule
Author:kevoreilly
Description:Vidar Payload
Rule name:win_vidar_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/170171/

Comments