Source: IJr8RvvhZ3.exe, type: SAMPLE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: IJr8RvvhZ3.exe, type: SAMPLE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: IJr8RvvhZ3.exe, type: SAMPLE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: IJr8RvvhZ3.exe, type: SAMPLE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: IJr8RvvhZ3.exe, type: SAMPLE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: IJr8RvvhZ3.exe, type: SAMPLE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: IJr8RvvhZ3.exe, type: SAMPLE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: IJr8RvvhZ3.exe, type: SAMPLE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: Process Memory Space: mqsmvj.exe PID: 5964, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: mqsmvj.exe PID: 5524, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: mqsmvj.exe PID: 4940, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |