Task Information
Task ID: 8925af54-8138-11f0-8fb7-42010aa4000b
File name: 5c60afe5c4f9bfb58266a70f6cdf1ac4
Task parameters: ClamAV scan: True
Unpack: False
Share file: True
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: botnet_plaintext_c2
Alert
Author: cip
Description: Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
TLP: TLP:WHITE
Repository: YARAify
Rule name: CP_AllMal_Detector
Alert
Author: DiegoAnalytics
Description: CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP: TLP:WHITE
Repository: YARAify
Rule name: CP_Script_Inject_Detector
Alert
Author: DiegoAnalytics
Description: Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP: TLP:WHITE
Repository: YARAify
Rule name: DebuggerCheck__API
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: DebuggerCheck__QueryInfo
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: DebuggerCheck__RemoteAPI
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: FreddyBearDropper
Alert
Author: Dwarozh Hoshiar
Description: Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP: TLP:WHITE
Repository: YARAify
Rule name: SHA512_Constants
Alert
Author: phoul (@phoul)
Description: Look for SHA384/SHA512 constants
TLP: TLP:WHITE
Repository:
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter