DEV Community

THREAT CHAIN
THREAT CHAIN

Posted on • Originally published at threatchain.io

Malware Alert: file (OffLoader)

#security #malware #cybersecurity #offloader

This article was originally published on ThreatChain — decentralized threat intelligence.

Active Threat Alert

A new malware sample has been indexed by ThreatChain.

  • File Name: file
  • Family / Signature: OffLoader
  • File Type: EXE
  • File Size: 8,473,604 bytes
  • Origin Country: US
  • Tags: dropped-by-GCleaner, E, exe, OffLoader, US.file

Indicator of Compromise (IOC) 

SHA256: 9a5616c779815a0c7724761d62ba7a370a72b246ca17dd5de372f015007f9e8c
Enter fullscreen mode Exit fullscreen mode

Vendor Intelligence

  • vxCube: clean2
  • Intezer: unknown
  • FileScan-IO: LIKELY_MALICIOUS
  • Kaspersky: NotCategorized

YARA Matches

Borland, CP_Script_Inject_Detector, pe_detect_tls_callbacks, SHA512_Constants, shellcode

Recommendations

  1. Block the hash. Add the SHA256 above to your EDR, SIEM, and email gateway blocklists.
  2. Hunt in your environment. Search endpoint telemetry for this hash and file name file.
  3. Monitor for related activity. Check ThreatChain for additional samples in the OffLoader family.

Get the Sample

Security researchers can download this sample (password-protected ZIP, password infected) directly from ThreatChain:

Download Sample

Search any threat hash free at threatchain.io — 2.6M+ indicators indexed and growing, updated hourly.

Top comments (0)