DEV Community

THREAT CHAIN
THREAT CHAIN

Posted on • Originally published at threatchain.io

Malware Alert: file (Unknown)

#security #malware #cybersecurity #unknown

This article was originally published on ThreatChain — decentralized threat intelligence.

Active Threat Alert

A new malware sample has been indexed by ThreatChain.

  • File Name: file
  • Family / Signature: Unknown
  • File Type: EXE
  • File Size: 4,007,064 bytes
  • Origin Country: US
  • Tags: A, dropped-by-GCleaner, exe, MIX1.file, signed

Indicator of Compromise (IOC) 

SHA256: 20af3012045290cdced79c306e1fb8d5eac82a09a3771a4552f492ad4fa125ad
Enter fullscreen mode Exit fullscreen mode

Vendor Intelligence

  • vxCube: clean1
  • Intezer: unknown
  • Triage: vidar
  • FileScan-IO: LIKELY_MALICIOUS

YARA Matches

command_and_control, CP_Script_Inject_Detector, DebuggerCheck_API, DebuggerCheckQueryInfo, DebuggerCheck_RemoteAPI

Recommendations

  1. Block the hash. Add the SHA256 above to your EDR, SIEM, and email gateway blocklists.
  2. Hunt in your environment. Search endpoint telemetry for this hash and file name file.
  3. Monitor for related activity. Check ThreatChain for additional samples in the Unknown family.

Get the Sample

Security researchers can download this sample (password-protected ZIP, password infected) directly from ThreatChain:

Download Sample

Search any threat hash free at threatchain.io — 2.6M+ indicators indexed and growing, updated hourly.

Top comments (0)