Task Information
Task ID: 0db8a132-8138-11f0-8fb7-42010aa4000b
File name: f0361602f21a9ad1fa82ab72bbd8c976
Task parameters: ClamAV scan: True
Unpack: False
Share file: True
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: botnet_plaintext_c2
Alert
Author: cip
Description: Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
TLP: TLP:WHITE
Repository: YARAify
Rule name: CP_AllMal_Detector
Alert
Author: DiegoAnalytics
Description: CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP: TLP:WHITE
Repository: YARAify
Rule name: DebuggerCheck__API
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: DebuggerCheck__QueryInfo
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: DetectEncryptedVariants
Alert
Author: Zinyth
Description: Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP: TLP:WHITE
Repository: YARAify
Rule name: FreddyBearDropper
Alert
Author: Dwarozh Hoshiar
Description: Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP: TLP:WHITE
Repository: YARAify
Rule name: MD5_Constants
Alert
Author: phoul (@phoul)
Description: Look for MD5 constants
TLP: TLP:WHITE
Repository:
Rule name: NET
Alert
Author: malware-lu
TLP: TLP:WHITE
Repository:
Rule name: Sus_Obf_Enc_Spoof_Hide_PE
Alert
Author: XiAnzheng
Description: Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP: TLP:WHITE
Repository: YARAify
Rule name: upxHook
Alert
Author: @r3dbU7z
Description: Detect artifacts from 'upxHook' - modification of UPX packer
Reference: https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/
TLP: TLP:WHITE
Repository: MalwareBazaar
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter