22.2.csrss.exe.3a22567.14.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
64.2.csrss.exe.a32420.4.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
28.2.csrss.exe.a1cb00.3.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
60.2.csrss.exe.3a1c967.14.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
28.2.csrss.exe.3a32287.13.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
22.2.csrss.exe.a22700.7.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
0.3.file.exe.3d91420.4.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
40.2.csrss.exe.a1cb00.1.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
60.2.csrss.exe.3a32287.15.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
55.2.csrss.exe.3a1c967.11.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
64.2.csrss.exe.400000.0.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
5.2.file.exe.400000.0.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
40.2.csrss.exe.a22700.0.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
54.2.csrss.exe.3a32287.15.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
40.2.csrss.exe.3a1c967.14.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
41.2.csrss.exe.3400e67.11.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
60.2.csrss.exe.3a22567.13.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
15.2.csrss.exe.a22700.7.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
55.2.csrss.exe.a32420.0.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
0.2.file.exe.a1cb00.4.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
40.3.csrss.exe.3cf0000.0.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
0.3.file.exe.3d7bb00.5.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
55.2.csrss.exe.400000.3.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
15.3.csrss.exe.3cf0000.1.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
0.3.file.exe.3d81700.7.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
60.2.csrss.exe.a22700.5.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
22.2.csrss.exe.3a32287.15.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
15.3.csrss.exe.4321420.6.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
0.2.file.exe.2e70e67.12.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
22.2.csrss.exe.a32420.2.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
40.2.csrss.exe.3a32287.12.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
5.3.file.exe.3ec1420.6.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
5.2.file.exe.a22700.7.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
0.2.file.exe.34a2287.8.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
41.2.csrss.exe.400000.2.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
55.2.csrss.exe.a22700.1.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
22.2.csrss.exe.400000.0.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
22.2.csrss.exe.3400e67.9.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
15.2.csrss.exe.400000.2.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
41.2.csrss.exe.a32420.7.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
15.3.csrss.exe.4311700.4.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
54.2.csrss.exe.a32420.4.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
5.2.file.exe.a32420.3.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
0.2.file.exe.a22700.2.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
55.2.csrss.exe.3400e67.15.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
15.2.csrss.exe.3a22567.10.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
41.2.csrss.exe.a1cb00.6.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
0.2.file.exe.400000.1.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
60.2.csrss.exe.3400e67.9.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
60.2.csrss.exe.a32420.4.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
5.2.file.exe.35c2567.9.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
60.2.csrss.exe.400000.1.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
0.3.file.exe.3760000.0.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
55.2.csrss.exe.3a32287.12.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
22.2.csrss.exe.a1cb00.5.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
5.3.file.exe.3890000.3.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
64.2.csrss.exe.3400e67.14.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
5.2.file.exe.2fa0e67.12.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
54.2.csrss.exe.3400e67.9.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
55.2.csrss.exe.400000.3.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
64.2.csrss.exe.3a22567.11.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
55.2.csrss.exe.3400e67.15.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
28.2.csrss.exe.400000.4.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
54.2.csrss.exe.3a1c967.14.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
54.2.csrss.exe.400000.0.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
28.2.csrss.exe.3a1c967.9.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
40.2.csrss.exe.400000.2.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
15.2.csrss.exe.3a32287.15.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
28.2.csrss.exe.a32420.7.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
40.2.csrss.exe.3a22567.13.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
64.2.csrss.exe.3a32287.8.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
5.3.file.exe.3eb1700.4.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
55.2.csrss.exe.3a22567.14.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
54.2.csrss.exe.400000.0.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
28.2.csrss.exe.a22700.0.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
54.2.csrss.exe.a1cb00.7.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
5.2.file.exe.35bc967.8.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
5.2.file.exe.35d2287.10.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
0.2.file.exe.a32420.3.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
54.2.csrss.exe.3400e67.9.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
64.2.csrss.exe.a22700.1.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
28.2.csrss.exe.400000.4.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
5.2.file.exe.a1cb00.2.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
60.2.csrss.exe.a1cb00.2.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
54.2.csrss.exe.a22700.3.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
0.2.file.exe.3492567.9.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
41.2.csrss.exe.3a1c967.10.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
5.3.file.exe.3890000.3.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
5.2.file.exe.400000.0.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
22.2.csrss.exe.3a1c967.12.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
15.3.csrss.exe.3cf0000.1.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
0.3.file.exe.3760000.0.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
41.2.csrss.exe.3a22567.9.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
5.3.file.exe.3eabb00.0.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
0.2.file.exe.348c967.10.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
28.2.csrss.exe.3400e67.10.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
60.2.csrss.exe.3400e67.9.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
15.2.csrss.exe.3400e67.11.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
41.2.csrss.exe.3a32287.12.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
64.2.csrss.exe.3a1c967.9.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
15.2.csrss.exe.3400e67.11.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
15.2.csrss.exe.a32420.6.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
15.2.csrss.exe.3a1c967.13.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
40.2.csrss.exe.400000.2.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
41.2.csrss.exe.3400e67.11.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
15.3.csrss.exe.430bb00.0.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
55.2.csrss.exe.a1cb00.6.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
15.2.csrss.exe.a1cb00.1.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
54.2.csrss.exe.3a22567.12.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
40.2.csrss.exe.3400e67.15.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
60.2.csrss.exe.400000.1.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
64.2.csrss.exe.400000.0.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
41.2.csrss.exe.a22700.1.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
40.2.csrss.exe.a32420.4.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x29b38:$s2: The Magic Word!
- 0x35c78:$s2: The Magic Word!
- 0x29e98:$s3: Software\Oracle\VirtualBox
- 0x29b27:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
64.2.csrss.exe.a1cb00.6.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x3f458:$s2: The Magic Word!
- 0x4b598:$s2: The Magic Word!
- 0x3f7b8:$s3: Software\Oracle\VirtualBox
- 0x3f447:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
22.2.csrss.exe.3400e67.9.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
28.2.csrss.exe.3a22567.15.raw.unpack | MAL_ME_RawDisk_Agent_Jan20_2 | Detects suspicious malware using ElRawDisk | Florian Roth (Nextron Systems) | - 0x39858:$s2: The Magic Word!
- 0x45998:$s2: The Magic Word!
- 0x39bb8:$s3: Software\Oracle\VirtualBox
- 0x39847:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
|
0.2.file.exe.400000.1.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
15.2.csrss.exe.400000.2.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b8597:$x1: https://cdn.discordapp.com/attachments/
|
40.2.csrss.exe.3400e67.15.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
64.2.csrss.exe.3400e67.14.raw.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) | - 0x3b7997:$x1: https://cdn.discordapp.com/attachments/
|
28.2.csrss.exe.3400e67.10.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
0.2.file.exe.2e70e67.12.unpack | JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | |
Click to see the 118 entries |