Malware Monthly Update August - 2020

Malware Strikes

Strike ID Malware Platform Info MD5 External References
M20-g0r31ZeroAccess_8426c0cfWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.8426c0cfafeb261c69b5c08d63724c70https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0
SHA1: 967bd4f8a2a60e43265dbc8132c835eeb58cfe81
MD5: 8426c0cfafeb261c69b5c08d63724c70
M20-7u8i1HawkEye_3eb89430Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.3eb89430ad1c97dc03a85175299a5a37https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b
SHA1: 09887d2df4e36dba3293946aa728e09c253bfefd
MD5: 3eb89430ad1c97dc03a85175299a5a37
M20-bcb41Cerber_41732f62Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.41732f6244f7d05554fe973021aefcc7https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 1f2161956d8bb447845b0ef70b514edc31f6f01b1007ee6c7a5ebd77e4331439
SHA1: 83397fbeacff9cef1d1aacbcf87b0b531375cc00
MD5: 41732f6244f7d05554fe973021aefcc7
M20-6g8w1Cerber_af19eac8Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.af19eac84be5efd362b46e15930cc538https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 27343c1b2124a0767c1513d568c8cc25aec07ccbe9b136ee7005c63be965e354
SHA1: f09fa67a7c8c3eb5d58547d40d77e36b535844e2
MD5: af19eac84be5efd362b46e15930cc538
M20-u3tc1HawkEye_9ea93fd1Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.9ea93fd1175bb07b354c496ee3a04664https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0
SHA1: ad8d53e647840971fd9523411254d1037572d97c
MD5: 9ea93fd1175bb07b354c496ee3a04664
M20-t2vk1ZeroAccess_95ddece9Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.95ddece98d72b8ef206cbcdeb9436653https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f
SHA1: 536063c15bfe781d48efd10cf53d4d3c711b281d
MD5: 95ddece98d72b8ef206cbcdeb9436653
M20-pu4v1ZeroAccess_cba44d1aWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.cba44d1ad8632bbc2beccf7ff27b743ehttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b
SHA1: 04658a802887e1a4a9e21457b450c390f6ed8ec7
MD5: cba44d1ad8632bbc2beccf7ff27b743e
M20-bl5b1ZeroAccess_ffd533f2Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.ffd533f2f95fa70144abf171e18665dehttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51
SHA1: ace077cfef975464ad6332415690135535490366
MD5: ffd533f2f95fa70144abf171e18665de
M20-7q8k1VHD_e29a03dbWindows This strike sends a polymorphic malware sample known as VHD.The binary has random contents appended in one of the existing sections in the PE file format. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls.e29a03dbec644238fa5257311d428694https://arxiv.org/abs/1801.08917
SHA256: 7b664a13de55f60ed25edd6c1e9a7eadff00d6d15a0a0aceaa9bd9e3bec5ebb4
SHA1: f45c9fb784cc92fa2acd16e2389c61f7961c8452
PARENTID: M20-rpz71
SSDEEP: 1536:CN5P9xb8ZqPbKx3U58YjdZqV355b38poNqa8tCBwFn5B1qMqqU+7upOu4:CN4aEU58oqZ5jT8s+1qMqqD7upOu4
MD5: e29a03dbec644238fa5257311d428694
M20-wvo01Cerber_d1d5145dWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.d1d5145da3dde367f9a84b3f23c0e399https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 3de3161efe34122601f3865aff18e56cb873ddcc2adb6b7a8b6c4afaa38ec3e4
SHA1: 412a8cc61864eb67645d212f326159de07ef1e10
MD5: d1d5145da3dde367f9a84b3f23c0e399
M20-y9591LATENTBOT_d349806eWindows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.d349806ea1f2af0f447b2c9e20cb88f0https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: 77a2389bc9ff7425e3e6a93f2102149c8fea6be51d41d8719fe0a73defeb15e7
SHA1: 5c13fe64b667062b7c97cc079cf364b0fe636b32
MD5: d349806ea1f2af0f447b2c9e20cb88f0
M20-346a1LATENTBOT_08bb5f82Windows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.08bb5f82dec4957ad9da12239f606a00https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: cd525c392d35a43166b75f1fa578a2d3b6a9a015b6e78da8615756b6afc717ee
SHA1: 26296927a32d3de0eb92b1b1d72ce88c2e7c7ba8
MD5: 08bb5f82dec4957ad9da12239f606a00
M20-e7g21LATENTBOT_a11362a8Windows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.a11362a8e32b5641e90920729d61b3d4https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: 1d3ff6cf195488bdb76d53b21361cd7f948d86199b00db8f506d415cdff690cf
SHA1: 8c1381dc44f1aca6768a11f0b489b2f435b99f03
MD5: a11362a8e32b5641e90920729d61b3d4
M20-mvh71LATENTBOT_56ba76cfWindows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.56ba76cf35a1121bf83920003c2af825https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: c218eeff26478878f93e0f92c47e95f30a9a26c75cef0160557e287ebdc2ce2e
SHA1: ef600bf662acea7511178e460985a08e89f8858c
MD5: 56ba76cf35a1121bf83920003c2af825
M20-bu9q1LATENTBOT_1dd0854aWindows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.1dd0854a73288e833966fde139ffe385https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: 39af310076282129e6a38ec5bf784ff9305b5a1787446f01c06992b359a19c05
SHA1: 3abdaa765769195a495f72fd71cd9037e03dd33c
MD5: 1dd0854a73288e833966fde139ffe385
M20-82aj1Cerber_1cb05585Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.1cb05585c3264a6c3c70d9c56c4792cehttps://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 4fb0907454e2b6faa947003184878d70555be3073132e677b4606032907ca91f
SHA1: fa54cde378d2f45ce09e3eb72eb13369a6575b4b
MD5: 1cb05585c3264a6c3c70d9c56c4792ce
M20-2yl01DOGcall_dc6c2033Windows This strike sends a polymorphic malware sample known as DOGcall. DOGcall aslo known as ROKRat is a family of malware that was initially seen from attackers originating from North Korea. The malware has a loader that drops the core payload. This sample is the final payload, and it is a Remote Access Trojan that provides the attacker with a number of functions including data exfiltration, credential harvesting, screenshots of the system, and communicating with a remote C2 server for additional received commands.The binary has random contents appended in one of the existing sections in the PE file format.dc6c20333f94a04c6cdea4fe9211ac09https://arxiv.org/abs/1801.08917
SHA256: 3c79fbaaa59377075068e6f0d6a8835c558e396bf4c3604ce7a431be67b424eb
SHA1: ebc79c9c4b1a59f1f59fe59006446938f0fa04de
PARENTID: M20-hccx1
SSDEEP: 12288:cbeQm0+6dUlyAcdqfAkMvGpns9gKYLd+NjhzZkZf75:ADuJGv2ns9XRkZfV
MD5: dc6c20333f94a04c6cdea4fe9211ac09
M20-iyxr1ZeroAccess_b5b0b385Windows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random strings (lorem ipsum) appended at the end of the file.b5b0b385842df2d28e13532b05996e7bhttps://attack.mitre.org/techniques/T1009/
SHA256: 956d07d44f0da1a9356da1a99a6962fef3ea6b3547a0e5acad43389006109a6f
SHA1: 37f13f10c94efc9648155a98b987fd70a7743fba
PARENTID: M20-slow1
SSDEEP: 3072:rEUIFarjgd+x6FNCYkvRBjtAWyUOJQydy/x0NZDTwb2Rl:rEU8qjc+8DCYGBjtLqHM0Ndb/
MD5: b5b0b385842df2d28e13532b05996e7b
M20-npww1ZeroAccess_98f3a2abWindows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has the timestamp field updated in the PE file header.98f3a2ab6191279de94de7a956c53dc5https://attack.mitre.org/techniques/T1099/
SHA256: 7027f4196799de02cc3e5690d984ac9f1b85d30b77497079a3449f936dfb6c42
SHA1: da00cf1eb1266c084042c067f21dc02401a3a296
PARENTID: M20-vt1r1
SSDEEP: 3072:8ENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2Im:8ENUxovX8mwoLt/LUP0Id4DZ0tdb
MD5: 98f3a2ab6191279de94de7a956c53dc5
M20-7qok1HawkEye_65e73f93Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.65e73f938774b6dfadea69ac7cb37193https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc
SHA1: e8564295f82b85875cf89c21d78cc33fce81f1b8
MD5: 65e73f938774b6dfadea69ac7cb37193
M20-ay8h1ZeroAccess_569b2af9Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.569b2af985cb1f4b9b368444889d13c4https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763
SHA1: 63666fdf40ce1f3f68152295ac31b707dcd6562c
MD5: 569b2af985cb1f4b9b368444889d13c4
M20-u1nq1Exorcist_7e415d5aWindows This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.7e415d5a1b1235491cb698eb14817d31https://twitter.com/VK_Intel/status/1286028389518901248
SHA256: a7e27cc38a39ff242da39d05e04b95ea9b656829dfe2e90e8226351da8813d7d
SHA1: ca1a94c1be4e51da577e51957428263ca9c0c0ab
MD5: 7e415d5a1b1235491cb698eb14817d31
M20-orul1Cerber_8baa9694Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.8baa96945edfd47b00622762f66af5ffhttps://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 18c4f60df01b00809a5affabfa5ba04a724e4d4a98ab7e9fb83e9f627aa789e1
SHA1: 5e83b0b872cc03d0d0294145eb5b9539b6392fdc
MD5: 8baa96945edfd47b00622762f66af5ff
M20-9mq21ZeroAccess_0d6be0aeWindows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random bytes appended at the end of the file.0d6be0aedd9217ecd67e329f37479768https://attack.mitre.org/techniques/T1009/
SHA256: 7b38f0975be4bd43c06298c88d31ceee10747423943a9346763dfdaf1887eb9a
SHA1: cd3575b62884a79f8c0edce461f1aa435195c62e
PARENTID: M20-vt1r1
SSDEEP: 3072:5ENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2ImE:5ENUxovX8mwoLt/LUP0Id4DZ0tdb0
MD5: 0d6be0aedd9217ecd67e329f37479768
M20-ojwy1HawkEye_f0d75fb8Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.f0d75fb839b44dc8d064b7bf8295f94dhttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a
SHA1: 69a163a71a33da5348b70e1e9c4c52c9d0390f21
MD5: f0d75fb839b44dc8d064b7bf8295f94d
M20-zhk41Cerber_e122bb15Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.e122bb15a9fe5912c2812e5517760477https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 5adf50576a375547c4775341535461d49078234283379e17bba88465cd286f7c
SHA1: aa9f6a4fcf623b89023da83c23882643cba9b5be
MD5: e122bb15a9fe5912c2812e5517760477
M20-vrgu1ZeroAccess_9be94e1aWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.9be94e1ac5349f1265c0627b48fd0fa6https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf
SHA1: a75278c4f71417018528369df3365954971ca9b4
MD5: 9be94e1ac5349f1265c0627b48fd0fa6
M20-hrez1Cerber_ae6e64f2Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.ae6e64f2fe99eea396b7167192c091f8https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 6959e3521c3ce4a39a250cfb899f52cc74b6bd1a7a1ba4ee03d4766210346fa3
SHA1: f9cda58cf62557085ac86bf0ced62570644a0a66
MD5: ae6e64f2fe99eea396b7167192c091f8
M20-xvpr1ZeroAccess_194fc911Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.194fc911595fb4024d0e008946ec6b18https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455
SHA1: fe986ea201862dff2bef345418835052910a502a
MD5: 194fc911595fb4024d0e008946ec6b18
M20-0dl21LATENTBOT_5446022cWindows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.5446022c6d14a45fd6ef412a2d6601c5https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: cb2c0ea31f33540ea223b777888d3580d32ba8ed73519ea6fafcda5238a0772d
SHA1: 08fb0245cadb2a0ee74aec2b7099d0377308993c
MD5: 5446022c6d14a45fd6ef412a2d6601c5
M20-vt1r1ZeroAccess_9ea002e2Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.9ea002e2ac906ab1aeaa2c85486955bdhttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879
SHA1: ed42de3f8149f331326198a0b4d29a3c197cd358
MD5: 9ea002e2ac906ab1aeaa2c85486955bd
M20-e4ls1ZeroAccess_2d3ecd00Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.2d3ecd0011581f113735ffd46ef8fc22https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6
SHA1: 94527d0d3644cf701459bcc337a7208be0af2f8c
MD5: 2d3ecd0011581f113735ffd46ef8fc22
M20-rrh02ZeroAccess_8f15b013Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.8f15b0136b3fbc214755ac1fa2f3347ehttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3
SHA1: 5d9dd74e93e1adfe33683d33e3ae04db099997ed
MD5: 8f15b0136b3fbc214755ac1fa2f3347e
M20-qkxm1Exorcist_cb3a1463Windows This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.cb3a1463f4fd3e74b8f1ca5e73b81816https://twitter.com/VK_Intel/status/1286028389518901248
SHA256: 8da469200a4b3899b23a34232eec537f12c621aa3c8766a9745d8ff721ef5296
SHA1: 2007db72d68b6c63e906aa625196a3b4ddd01a51
MD5: cb3a1463f4fd3e74b8f1ca5e73b81816
M20-i5sh1ZeroAccess_49158788Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.49158788220d59f7692de831f7e64175https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e
SHA1: b9c7532182724ddde73eb8005f1813fb906aecb4
MD5: 49158788220d59f7692de831f7e64175
M20-tytl1Cerber_d08b6626Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.d08b6626b95874a16a0b4aee087b9536https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 29b05e9f79e56a480421ca565d2ae57b6db6e6b54e15d603534686bbde6c5759
SHA1: 0fbca35bbdbf0037802c1b1be663f5bf606a69f8
MD5: d08b6626b95874a16a0b4aee087b9536
M20-j69i1Exorcist_8cc13feaWindows This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.8cc13fea61cc0ba1382a779ee46726f0https://twitter.com/VK_Intel/status/1286028389518901248
SHA256: eeb8a83d7532797d39d060ffb2a65562e8d803c4dbd8379289f99367cac2f850
SHA1: bd8ef46a02085153605a87fcc047f7ef3d0c4131
MD5: 8cc13fea61cc0ba1382a779ee46726f0
M20-g7mg1VHD_2d5da841Windows This strike sends a polymorphic malware sample known as VHD.The binary has a random section name renamed according to the PE format specification. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls.2d5da841280f2544e0516cfb40f2a0a9https://arxiv.org/abs/1801.08917
SHA256: 484f0943385861d91cc0e8bdc7128dacc1b5e367edea906d8fcd1ddf1a268c3d
SHA1: 0d4847681799f5aa38876d033156720c44354bb4
PARENTID: M20-rpz71
SSDEEP: 1536:YN5P9xb8ZqPbKx3U58YjdZqV355b38poNqa8tCBwFn5BcqMqqU+7upEu4:YN4aEU58oqZ5jT8s+cqMqqD7upEu4
MD5: 2d5da841280f2544e0516cfb40f2a0a9
M20-ke151LATENTBOT_af15076aWindows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.af15076a22576f270af0111b93fe6e03https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: 46aaea7273e79f046f7f938941a90c09fa3c04af677ef52f9ce7b1b8a3e40938
SHA1: 02d17707c6f98d84d8d18bc023a2fc5b7529e33e
MD5: af15076a22576f270af0111b93fe6e03
M20-wyxj1LATENTBOT_6ea9d27dWindows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.6ea9d27d23646fc94e05b8c5e921db99https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: 99573b10c10277d3b695f55fa7f0a6dbfd74a5c14393b2fd9edb56a94a6dab2a
SHA1: fb7f88abe94b4a0bd31a4bfaffad80db9fca678b
MD5: 6ea9d27d23646fc94e05b8c5e921db99
M20-aty01ZeroAccess_e30a52b5Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.e30a52b5e3ba0ead21a352895e02f83ahttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2
SHA1: 6fb9a827174baa672fe74cfd9d20185d0e3c8ead
MD5: e30a52b5e3ba0ead21a352895e02f83a
M20-vtg21ZeroAccess_c4c69c5aWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.c4c69c5acd63a6d9be8c893b56b43434https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727
SHA1: c962d49d63a572f20fadc677f305a0371e4fea3c
MD5: c4c69c5acd63a6d9be8c893b56b43434
M20-szh91Cerber_de77b672Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.de77b6722ec5f99fc2e5d562ebb6e864https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 0712fdbf593406d803bfc4638264b7a5d8dc95316d4988079828106e6f6925e3
SHA1: 446963841c3cea1c203afe003ee7e6108116d9cc
MD5: de77b6722ec5f99fc2e5d562ebb6e864
M20-2r9f1Cerber_a6fe0fdaWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.a6fe0fda24d5a34b151ba42d11d3af2bhttps://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 34959098859ac166ece6bf7c8edc1f28feefa4cec1f26eeb531466449ee4345d
SHA1: 1b74e9cb36473bb8c1b7839c708199ccab5fb4c1
MD5: a6fe0fda24d5a34b151ba42d11d3af2b
M20-2k0f1ZeroAccess_9aa64232Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.9aa64232ca7425b4831bb10687293399https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372
SHA1: 04fd8e73b0b4483c9bd0e9f14be45c8c05017713
MD5: 9aa64232ca7425b4831bb10687293399
M20-rpz71VHD_dd00a861Windows This strike sends a malware sample known as VHD. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls.dd00a8610bb84b54e99ae8099db1fc20https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
SHA256: 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473
SHA1: 3d31b2f6a6c59194cad3347d08197bd79f020274
MD5: dd00a8610bb84b54e99ae8099db1fc20
M20-ez7x1ZeroAccess_ba15b25fWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.ba15b25f7eac496cc69525ac079338ffhttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d
SHA1: 583b68aeca848c03bbd4f8bcafe84876fbb47821
MD5: ba15b25f7eac496cc69525ac079338ff
M20-qtuh1Cerber_dbe1d59aWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.dbe1d59af02ee4e9ad739f6261b01648https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 350cafe8a66a3bebfc84fe7c9fc5533a976a476354583e840364e8c9d0ee1cb9
SHA1: e7ed5e94e94faab732346ae8baa1589cf1092d37
MD5: dbe1d59af02ee4e9ad739f6261b01648
M20-x4gi1HawkEye_a818e1edWindows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.a818e1ed86f7fa07ac47954694bc91fehttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465
SHA1: 770bf25d96a36b04de90cea8b97526660edb0442
MD5: a818e1ed86f7fa07ac47954694bc91fe
M20-63f21HawkEye_88b882aaWindows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.88b882aacd9a1ca0f1f7304c21aaae66https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3
SHA1: 0bb017c67f760f747e40be53771201e3141b763d
MD5: 88b882aacd9a1ca0f1f7304c21aaae66
M20-m6zl1LATENTBOT_fa20c7f3Windows This strike sends a polymorphic malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.The binary has a random section name renamed according to the PE format specification.fa20c7f3e1091c12dde319acf4b75b9ahttps://arxiv.org/abs/1801.08917
SHA256: f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5
SHA1: 9e0d78cccc353741c0c0a9fa06f3a624bd673ecc
PARENTID: M20-5u4k1
SSDEEP: 49152:prG2NAFop+qvBOedFLib4cz8kneCdpUz+P:pWFodvBOaFLiEfoe9z+P
MD5: fa20c7f3e1091c12dde319acf4b75b9a
M20-b17z1ZeroAccess_4c6089f9Windows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random contents appended in one of the existing sections in the PE file format.4c6089f91462f9f07d0de266688420e1https://arxiv.org/abs/1801.08917
SHA256: 1f86e137f43a4c4cd2bd5e647adc1ddd6afea0bea5e1940d9049507d73d63c00
SHA1: f79e25add7b9aded6e062346eefcc26150837999
PARENTID: M20-vt1r1
SSDEEP: 3072:vENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2Iw:vENUxovX8mwoLt/LUP0Id4DZ0tdb
MD5: 4c6089f91462f9f07d0de266688420e1
M20-zdt31Exorcist_f4009abeWindows This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.f4009abe9f41da41e48340c96e29d62chttps://twitter.com/VK_Intel/status/1286028389518901248
SHA256: 6db3aae21a6d80857c85f58c4c8b2cf9c6b7f8b8a9ab1d5496d18eaf9bd0bd01
SHA1: 01636cd2ab7eada533ded51728acd8cd99020c57
MD5: f4009abe9f41da41e48340c96e29d62c
M20-4nn91ZeroAccess_079c063fWindows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random bytes appended at the end of the file.079c063f97182ef3c31dfa5707c9909fhttps://attack.mitre.org/techniques/T1009/
SHA256: db38744989f553084e95a5ab04f2a98d1b9f2919d374e8d9a4e2654e0872a875
SHA1: f6310a9a0b2aec8671958c3e2eb8c1c37148b6e9
PARENTID: M20-slow1
SSDEEP: 3072:rEUIFarjgd+x6FNCYkvRBjtAWyUOJQydy/x0NZDTwb2Rj:rEU8qjc+8DCYGBjtLqHM0NdbF
MD5: 079c063f97182ef3c31dfa5707c9909f
M20-kykt1Cerber_4d71d738Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.4d71d738887d2bc046f732bf1f13391chttps://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 6edbea75b6b0904f0cbebda821805eeb3af462cde35d9af3d3ecdb6e8145e860
SHA1: 988f8c67b7a4a92dfdfd5c5a045e9441aa11122a
MD5: 4d71d738887d2bc046f732bf1f13391c
M20-9x9l1Exorcist_5a63e7d3Windows This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.5a63e7d371dd69c5625f5b48da426c14https://twitter.com/VK_Intel/status/1286028389518901248
SHA256: b1bcc54ef15f91d9291357eca02862174bd6158e95813eff1ab0c16ba48ff10e
SHA1: 63a5bd8b7ed922ad5fe498d2a15a57d1d552055a
MD5: 5a63e7d371dd69c5625f5b48da426c14
M20-c42m1Cerber_b7549aeeWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.b7549aee594d32bcc4a8389b77ae412bhttps://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 413eeaef11563646ef90407e4fdd8e0078f95dfd309fb2ada8728e45befbb313
SHA1: 287f714064835f8b47f20b185194010f4cb27810
MD5: b7549aee594d32bcc4a8389b77ae412b
M20-wnru1ZeroAccess_539f9f37Windows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random strings (lorem ipsum) appended at the end of the file.539f9f377347a58ffde24c5bf659697bhttps://attack.mitre.org/techniques/T1009/
SHA256: c2c964b5dd8fe884122198891327bd5e76c5ef32e3e465ae80032f6272fb5995
SHA1: 669642065b1c423d4639d5343d6f57a5c7fd53d0
PARENTID: M20-vt1r1
SSDEEP: 3072:5ENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2Im8:5ENUxovX8mwoLt/LUP0Id4DZ0tdbs
MD5: 539f9f377347a58ffde24c5bf659697b
M20-71wv1Exorcist_79385ed9Windows This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.79385ed97732aee0036e67824de18e28https://twitter.com/VK_Intel/status/1286028389518901248
SHA256: 8d684a790a5683b8decde9fb5a819c4a164d3032723a151a30ff26d3c2b1aabf
SHA1: 2f65a2b8ac21b3505855f7b89551cc1f31bf636e
MD5: 79385ed97732aee0036e67824de18e28
M20-98en1ZeroAccess_218c68ceWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.218c68ce147d4b49365e643806d0b1cbhttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a
SHA1: 48a4804b435dd0bd3befe2bfadb7d2587a35b3ec
MD5: 218c68ce147d4b49365e643806d0b1cb
M20-rx3d1Cerber_9f2a535dWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.9f2a535d3d35f990f291c3bbb0c0fc8ahttps://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 2778aa52eaf8d8fa2950cd2ef50faae6f49c9d7e0c55d813a36613fe63a3be73
SHA1: 12346271cbfebcf4da42e4cbce118eff9455fe61
MD5: 9f2a535d3d35f990f291c3bbb0c0fc8a
M20-k95s1Cerber_8e3ff00eWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.8e3ff00e2f4ffb177b991b68f8975001https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 24f656fed8bb0ea0e5cca4422dd61a3b7a2eeeccff942403429f722cfcdef5a3
SHA1: 85cf77cc1d7dd3d3e133f764ae025e8f0fc03e83
MD5: 8e3ff00e2f4ffb177b991b68f8975001
M20-wde81HawkEye_bc66e2a1Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.bc66e2a191d06f12b1a035975660052bhttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33
SHA1: d99332f2f99d2ef34cf3b47e2749e63c80237ad7
MD5: bc66e2a191d06f12b1a035975660052b
M20-ebbi1HawkEye_f4274360Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.f4274360fefd50fb219f0ec648bf015ehttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d
SHA1: 3faadaf938bd586fe9756a8d123569da5f29e64e
MD5: f4274360fefd50fb219f0ec648bf015e
M20-hccx1DOGcall_394e52e2Windows This strike sends a malware sample known as DOGcall. DOGcall aslo known as ROKRat is a family of malware that was initially seen from attackers originating from North Korea. The malware has a loader that drops the core payload. This sample is the final payload, and it is a Remote Access Trojan that provides the attacker with a number of functions including data exfiltration, credential harvesting, screenshots of the system, and communicating with a remote C2 server for additional received commands.394e52e219feb1a5c403714154048728https://www.carbonblack.com/blog/threat-analysis-rokrat-malware/
SHA256: 2ca7c2048f247b871e455a9ac8bcb97927dd284477e7c2c4d2454509f97413b5
SHA1: 16468fbc241be27b32ececa645898915e2e4ec94
MD5: 394e52e219feb1a5c403714154048728
M20-n1e61ZeroAccess_c4e7f9c9Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.c4e7f9c9224801d1811880efb64d1398https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983
SHA1: f41b58d9e41327b756aa5cf14ed9c56df8248442
MD5: c4e7f9c9224801d1811880efb64d1398
M20-y9411VHD_fa1f20d9Windows This strike sends a polymorphic malware sample known as VHD.The binary has random bytes appended at the end of the file. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls.fa1f20d928ae60a5dedcd3522dde2252https://attack.mitre.org/techniques/T1009/
SHA256: 824936d626c2bbfc30da6a6767411ee84a1df8c98b6ac4ea24d5a59ec799a637
SHA1: fac5ca38e4b0152ea6de2cfa4f3c4a47881889ba
PARENTID: M20-rpz71
SSDEEP: 1536:CN5P9xb8ZqPbKx3U58YjdZqV355b38poNqa8tCBwFn5BcqMqqU+7upEu46B1:CN4aEU58oqZ5jT8s+cqMqqD7upEu46X
MD5: fa1f20d928ae60a5dedcd3522dde2252
M20-sagy1Cerber_f6486529Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.f6486529e6ae82d03dca5889ff20e8d7https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 6a49ffcb3ddb3a8912c3f75ae35b846913b6d3cc6303c395f251b3e66ee1621c
SHA1: 7327dbc4d9b2315e382fd2b7bbf7614ddf048245
MD5: f6486529e6ae82d03dca5889ff20e8d7
M20-xjvr1LATENTBOT_4135552bWindows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.4135552b0045e7d67b26167f43b88a30https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: 370ea3f098df7064faf4ee7456588d023b35c497a362add49853e90090f8b6df
SHA1: 8f571ebb8b8ca739dade2d0cad262d18db506df7
MD5: 4135552b0045e7d67b26167f43b88a30
M20-opj91VHD_ccc6026aWindows This strike sends a malware sample known as VHD. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls.ccc6026acf7eadada9adaccab70ca4d6https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
SHA256: 73a10be31832c9f1cbbd798590411009da0881592a90feb472e80025dfb0ea79
SHA1: 800c8a12ac05459197256940e32234b9bc2db08b
MD5: ccc6026acf7eadada9adaccab70ca4d6
M20-5u4k1LATENTBOT_47f220f6Windows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.47f220f6110ecba74a69928c20ce9d3ehttps://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: 45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5
SHA1: e88679c01bba1a880e54ce699e1555285ada3619
MD5: 47f220f6110ecba74a69928c20ce9d3e
M20-07gu1ZeroAccess_49570ea4Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.49570ea4a111bb82d2ae773164f58c04https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca
SHA1: 321c875113e77896a7f415abb4860e2a40742f4f
MD5: 49570ea4a111bb82d2ae773164f58c04
M20-ikwy1ZeroAccess_b2401b9bWindows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has the checksum removed in the PE file format.b2401b9b875c7259ca8ed1b833c63deahttps://arxiv.org/abs/1801.08917
SHA256: 7ea363fc7e7ff355d212a74b8ff48609b64a0365320fa48ae4df854aca117375
SHA1: 3cc75e0f862c425cd5632daa02869a31e82fb306
PARENTID: M20-vt1r1
SSDEEP: 3072:PENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2Im:PENUxovX8mwoLt/LUP0Id4DZ0tdb
MD5: b2401b9b875c7259ca8ed1b833c63dea
M20-cafi1HawkEye_3ba7171cWindows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.3ba7171c8836de935a74799291ebca46https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda
SHA1: 535d5c232fba95d042b3986f82af578edc1b45fb
MD5: 3ba7171c8836de935a74799291ebca46
M20-dlsc1Cerber_aae16290Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.aae16290207f1251b6b9510a50760323https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 3f92bd7f208dafca5d89a7ba1145836f264336baab457f62269129028eb53ecd
SHA1: 76c3fdcc8feb1846b61d2520ccaefbdcea691d10
MD5: aae16290207f1251b6b9510a50760323
M20-2uua1ZeroAccess_353353e7Windows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random contents appended in one of the existing sections in the PE file format.353353e771ca42fea2cb01005485fd8fhttps://arxiv.org/abs/1801.08917
SHA256: 3f94f98176abf4ba7545ef1afeed5ba3964dc09fdf31e8c2a5c5d15aff21790e
SHA1: e8a636393698a263fcdb92b3171dc34e50cf146b
PARENTID: M20-slow1
SSDEEP: 3072:tEUIFarjgd+x6FNCYkvRBjtAWyUOJQydy/x0uZDTwb2R:tEU8qjc+8DCYGBjtLqHM0udb
MD5: 353353e771ca42fea2cb01005485fd8f
M20-j5ka1LATENTBOT_4d0b1402Windows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.4d0b14024d4a7ffcff25f2a3ce337af8https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: b43b45748709d4c332f0487c10cb4e97dfcad63db4d74acce6d85fe90787dcc3
SHA1: 8dc665e939c9f5e301a54ed542b5f01280b266fd
MD5: 4d0b14024d4a7ffcff25f2a3ce337af8
M20-8au81Exorcist_55e43a8aWindows This strike sends a polymorphic malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.The binary has a random section name renamed according to the PE format specification.55e43a8a489e4c9756a6375a15b2f102https://arxiv.org/abs/1801.08917
SHA256: 9d53b77ca6527237bfa47486e9805b2171144fc41ecf38b11db9d9bb538bcf58
SHA1: 44921473ec4473a3e59ce32a45a166a38bf43da2
PARENTID: M20-vxhj1
SSDEEP: 768:Y/w63PwCrEBP+2XES4nrr+nsUeO3za+7dqqtDbruFBT8QFJFmxCTXY+PNqHliQyW:KWQRnrUZJrCgahY+PY1/z
MD5: 55e43a8a489e4c9756a6375a15b2f102
M20-than1ZeroAccess_3a328207Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.3a3282073f5d36d0e2edd18fa20bcb5dhttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b
SHA1: fc25611cb856308715e4751d33e6e55e199f9287
MD5: 3a3282073f5d36d0e2edd18fa20bcb5d
M20-u46p1Exorcist_0d256ab0Windows This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.0d256ab0a8b8b7a3b3d4aaf566189ca6https://twitter.com/VK_Intel/status/1286028389518901248
SHA256: f86e27e58356c554269b93713ea53b797d92359f0abb25bf70fe2de278278f7f
SHA1: 2f0142e0f5a21822fd9e391246b6cc470f4089a1
MD5: 0d256ab0a8b8b7a3b3d4aaf566189ca6
M20-9jhi1Cerber_047b31baWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.047b31ba3dfe6a21c2249f646b178cc7https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 03c87da71be399ace0ed9a4ebf95e2b95d32060f273fd8ea8001e25d08cd54dd
SHA1: 6266e9c5396a5e8c15b08950ecc46d29eb95c67b
MD5: 047b31ba3dfe6a21c2249f646b178cc7
M20-pkgi1ZeroAccess_c352fae2Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.c352fae2894124a4c4e7e9c5ff99f8e5https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6
SHA1: 021339ec1dc3850503bbda1c181816d98711ca98
MD5: c352fae2894124a4c4e7e9c5ff99f8e5
M20-d0js1Exorcist_e763b9a8Windows This strike sends a polymorphic malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.The binary has been packed using upx packer, with the default options.e763b9a8460c2dc9a1229d0c8bf71ab4https://attack.mitre.org/techniques/T1045/
SHA256: a48fec2cd9b43646537f03028cf69c809d6914cc63a36535bd80adae5bb936aa
SHA1: 7772956346d9cfbb099f07f82ac12a92cc49d36f
PARENTID: M20-vxhj1
SSDEEP: 384:SfGS/SzuVgu+vufbo8YUSCw1et0HXSZFbSSfkZw51VBahZ26UcoUzOpq6:St/3+vuDzzSCw1HXkFiQVB6oUqpp
MD5: e763b9a8460c2dc9a1229d0c8bf71ab4
M20-ppaq1Cerber_53d0d6a8Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.53d0d6a85e1c7722ab507955473438ddhttps://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 2b2acc6a166aa30ff190af2b95ccbe0b31596f5ddf24661a062630a2eaafe516
SHA1: 2c86944641394951b8ef45046268874ba107c917
MD5: 53d0d6a85e1c7722ab507955473438dd
M20-mkl51Exorcist_fa4c4ac8Windows This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.fa4c4ac8b9c1b14951ae8add855f34e8https://twitter.com/VK_Intel/status/1286028389518901248
SHA256: bf6e5f9d060ebc5bb70144ca6e795bfc249c6590ab9f45e258ec9b5f3d49eeb6
SHA1: c5049dbdee3aaaf3a794edda02554789a25389bf
MD5: fa4c4ac8b9c1b14951ae8add855f34e8
M20-q6ds1ZeroAccess_7dbfa1f4Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.7dbfa1f42d8fb465ebdf98f564196984https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 1f261e7108e46792076ed1231596ad584c25f8bd72e000cda3359562f24cbcb6
SHA1: 9ade43d292ccfeea258b7caa954f511cb50177ef
MD5: 7dbfa1f42d8fb465ebdf98f564196984
M20-e87q1ZeroAccess_55d36baaWindows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has the checksum removed in the PE file format.55d36baac8bea015ef59279f331b6c88https://arxiv.org/abs/1801.08917
SHA256: 5c7e88ff6a86bb1cf5066b24a48618e09b769c580a0d73a5fcf2388e6a6ce9a4
SHA1: 2cf7aa9f9f6c55b863f839a79306f4c65a282b2d
PARENTID: M20-slow1
SSDEEP: 3072:rEUIFarjgd+x6FNCYkvRBjtAWyUOJQydy/x0NZDTwb2R:rEU8qjc+8DCYGBjtLqHM0Ndb
MD5: 55d36baac8bea015ef59279f331b6c88
M20-d8pc1LATENTBOT_5eaf2d54Windows This strike sends a polymorphic malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.The binary has the timestamp field updated in the PE file header.5eaf2d547323c5bbb89290ae1cbf9ab5https://attack.mitre.org/techniques/T1099/
SHA256: 6fab9d6547e7947cc42bc5e3bae8a8330c1d6d2531d64dc92decd78d52a8e6c6
SHA1: 67fa5dbd25279219127a0a75e10af9152b5200ac
PARENTID: M20-bu9q1
SSDEEP: 6144:C6oO0wbHincoS1kM5sLrJwIZHjX9FbjoyS:C6oO0eHacwMSLm0z9lVS
MD5: 5eaf2d547323c5bbb89290ae1cbf9ab5
M20-71zh1ZeroAccess_51d0091fWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.51d0091fd150543df73799749056996fhttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005
SHA1: 927cb43156cdeafa36c91a14fa41da02e1432da8
MD5: 51d0091fd150543df73799749056996f
M20-lcy71ZeroAccess_11451aa1Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.11451aa12c105af614f8271381983400https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1
SHA1: e392aff11c833b98bb69022618999c1f49fb19a6
MD5: 11451aa12c105af614f8271381983400
M20-vxhj1Exorcist_d4d32e75Windows This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.d4d32e7583b3fd8363ded73c91ed3d08https://twitter.com/VK_Intel/status/1286028389518901248
SHA256: 2b37a372626063afce9e08199342a41bbe4183b0d5ba7864ff61eb6e6f7c4fdf
SHA1: 4079602dce0fb495ed0ec97c5aea5988127fb50c
MD5: d4d32e7583b3fd8363ded73c91ed3d08
M20-kztm1ZeroAccess_e8a0eeafWindows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has the timestamp field updated in the PE file header.e8a0eeaf2c2ef871660694530020cec6https://attack.mitre.org/techniques/T1099/
SHA256: 7fdf01aa47db1607ba8768155ad497ba5b395cb7692e573cabdaff57775d3e4c
SHA1: da0f71420d45f7b8cfcc518d0a5155b70dd0b10a
PARENTID: M20-slow1
SSDEEP: 3072:dEUIFarjgd+x6FNCYkvRBjtAWyUOJQydy/x0NZDTwb2R:dEU8qjc+8DCYGBjtLqHM0Ndb
MD5: e8a0eeaf2c2ef871660694530020cec6
M20-snny1ZeroAccess_5752712fWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.5752712ff20c633b34db7207cee893d2https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a
SHA1: ffe140cbc76c17c2276a9ecd9b15d3aed4d3f938
MD5: 5752712ff20c633b34db7207cee893d2
M20-7dxa1Cerber_5a381543Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.5a3815434730fab61a38265930c678f9https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 5ab3a63e8d334368280d566f526718a2a10c95073059a53a9707af0bb74eeb9b
SHA1: 6c3e803fa996f51358fbe21cb52e901b76981bf8
MD5: 5a3815434730fab61a38265930c678f9
M20-kl1w1HawkEye_bd568bcaWindows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.bd568bcacc3b34646de7676d03ff741ehttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54
SHA1: 9aa3b889459f717f2cb6e81ef7151867b59630e6
MD5: bd568bcacc3b34646de7676d03ff741e
M20-wqis1Cerber_c48a35cfWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.c48a35cf1626e9cd2f2a4e5b2493790ehttps://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 2eeab773c4cc1760a51cf0e0dee6e0fdb0b1e2c5ee81e14a297e379bf4f75fd4
SHA1: 6778da03fbd9e08efce7148e05e9355fd19cf992
MD5: c48a35cf1626e9cd2f2a4e5b2493790e
M20-5s9t1VHD_efd4a87eWindows This strike sends a malware sample known as VHD. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls.efd4a87e7c5dcbb64b7313a13b4b1012https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
SHA256: 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306
SHA1: 6a7296f56410d3ee007587020ad6864d5781b4bc
MD5: efd4a87e7c5dcbb64b7313a13b4b1012
M20-j4kf1LATENTBOT_2d2484d5Windows This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.2d2484d578bfcd983acb151c89e5a120https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
SHA256: 295bc1a9feb90d0e882f6293832c37754b66a1263257ba1266a3bfc0b4bb7eee
SHA1: 4973ea0ed99aa37278a563b5be0c381601d34182
MD5: 2d2484d578bfcd983acb151c89e5a120
M20-5vbk1HawkEye_f5968828Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.f59688280c0e7c9122ba24ae6c1274b9https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77
SHA1: 71d47298f1a8c055dd34d8c23dc7b802bf6f64b0
MD5: f59688280c0e7c9122ba24ae6c1274b9
M20-zr9u1HawkEye_ed31cc34Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.ed31cc349fffdc64e35ad4b149c06d55https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6
SHA1: 4725a37fdae0fbc499f3f0a06b283cf59607533d
MD5: ed31cc349fffdc64e35ad4b149c06d55
M20-2fvi1Exorcist_f188cf26Windows This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.f188cf267d209a0209a25bda4bb75b86https://twitter.com/VK_Intel/status/1286028389518901248
SHA256: 027d99aaaa6803a07d07ce0ba1fa66964388129d3b26dcf8621a3310692b0a61
SHA1: 3ef4c199d1b5187784f4d709ab8e1cc6901716e8
MD5: f188cf267d209a0209a25bda4bb75b86
M20-wl8v1LATENTBOT_2aaa53ceWindows This strike sends a polymorphic malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.The binary has random strings (lorem ipsum) appended at the end of the file.2aaa53ce895c64e5c1e168f0b2d7ce2fhttps://attack.mitre.org/techniques/T1009/
SHA256: d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685
SHA1: 7faa14bdacf629c5959f2b1e9548150d59879d9c
PARENTID: M20-5u4k1
SSDEEP: 49152:prG2NAFop+qvBOedFLib4cz8kneCdpUz+PR:pWFodvBOaFLiEfoe9z+PR
MD5: 2aaa53ce895c64e5c1e168f0b2d7ce2f
M20-h9b31HawkEye_2a759d9cWindows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.2a759d9cc498a190f3f8c71f57e65644https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2
SHA1: 9b43a30662df0c827334b949caea8c69a4990319
MD5: 2a759d9cc498a190f3f8c71f57e65644
M20-grmc1HawkEye_600fb168Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.600fb1681d639f913b70884da6996d5ahttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb
SHA1: ecce15dc7ae33a40a5a2b63d93d93d3ae60266b6
MD5: 600fb1681d639f913b70884da6996d5a
M20-ek801ZeroAccess_1b80880fWindows This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has a random section name renamed according to the PE format specification.1b80880fd0c401f7a25e47e56105cf7bhttps://arxiv.org/abs/1801.08917
SHA256: 1130073e510f520a6a94abcc967049277dfa460cddd98416cb094f98398e6d34
SHA1: e448a3ba5a277a7f4f21c3182889e1ae86028512
PARENTID: M20-vt1r1
SSDEEP: 3072:oENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2Im:oENUxovX8mwoLt/LUP0Id4DZ0tdb
MD5: 1b80880fd0c401f7a25e47e56105cf7b
M20-1qn21Cerber_d8aaf63dWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.d8aaf63dd0d7e7a646e8edc7fcc09f87https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 40bc0cd77874e7fff3d9c3fccf64ce3676d870af88ea27caafb4b650aabe7593
SHA1: 336472b3866a582098f266bd200f43727941b899
MD5: d8aaf63dd0d7e7a646e8edc7fcc09f87
M20-slow1ZeroAccess_ff795bd8Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.ff795bd814b0102b9d01ebd74b1f2b9bhttps://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
SHA256: 38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab
SHA1: b160b18ef3de43fdb9ae808ada41f4a1f57becf7
MD5: ff795bd814b0102b9d01ebd74b1f2b9b
M20-aooa1Cerber_ebf48e14Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.ebf48e14acaa333bc1049b9fd09838f0https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 01a392328bde81495f6682e728034b82556d4019bcceb8e9fd7337525370ca82
SHA1: e0e1a1ecd728d74e592bead0d7a7e71161aaa15a
MD5: ebf48e14acaa333bc1049b9fd09838f0
M20-adfg1Exorcist_4908a364Windows This strike sends a polymorphic malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.The binary has the debug flag removed in the PE file format.4908a364b1d9467f2c9c3fcecccba202https://arxiv.org/abs/1801.08917
SHA256: f1cff1473246a59b1eb1250c8028567bf298e32f776ba4f06fa5d1c5941f15fa
SHA1: d8c24281221f1003502f37f7da45e8924c530be8
PARENTID: M20-vxhj1
SSDEEP: 768:D/w63PwCrEBP+2XES4nrr+nsUeO3za+7dqqtDbruFBT8QFJFmxCTXY+PNqHliQyW:/WQRnrUZJrCgahY+PY1/z
MD5: 4908a364b1d9467f2c9c3fcecccba202
M20-sjx01Cerber_7c4d7506Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.7c4d7506133b8cd8d584c703ff5364d2https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
SHA256: 68e5aaea215f94b30d9bfafc8f62cda3460e7f230edffc66d8902cbbb513b53c
SHA1: 208cad38cb7888a1cc84d3c259c426af3ea50da7
MD5: 7c4d7506133b8cd8d584c703ff5364d2