Malware Analysis – djvu – c637e6b956a3968199a842f7fcfd85d4

December 11, 2022

Malware Analysis

Score: 10

  • MALWARE FAMILY: djvu
  • TAGS:family:djvu, family:redline, family:smokeloader, botnet:mario23_10, backdoor, bootkit, collection, discovery, infostealer, persistence, ransomware, trojan
  • MD5: c637e6b956a3968199a842f7fcfd85d4
  • SHA1: b71d01eb630a3e192d954712e09d61dbfd576a3d
  • ANALYSIS DATE: 2022-12-10T22:43:03Z
  • TTPS: T1114, T1067, T1060, T1112, T1012, T1082, T1120, T1222

ScoreMeaningExample
10Known badA malware family was detected.
8-9Likely maliciousOne or more known damaging malware attack patterns were detected.

Examples:
The deleting of shadow copies on Windows.
6-7Shows suspicious behaviourOne or more suspicious actions were detected. The detected actions can be malicious but also have (common) benign uses.

Examples:
Changing file permissions.
Anti-VM behaviour/trying to detect a VM.
2-5Likely benignOne or more interesting behaviours were detected. The detected actions are interesting enough to be notified about but are not directly malicious.
1No (potentially) malicious behaviour was detected.N/A
Tags: , , ,

You may have missed

359d364d607d2a420604f5ed0d65e1eceac077deb54d8fe37e6f5c66e52542af

Espionage – A Linux Packet Sniffing Suite For Automated MiTM Attacks

April 25, 2024
CISA Logo

CISA: CISA Releases Eight Industrial Control Systems Advisories

April 25, 2024
alerts

Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

April 25, 2024
image

CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

April 25, 2024
hkcert

Cisco Products Multiple Vulnerabilities

April 25, 2024