Welcome back to our Triage Thursday blog series! We’re excited to share this week’s detection updates with you. In these quick posts, we highlight the latest malware families detections that have been added.

New Families This Week

• Added detection and extraction for Herodotus, Android banking trojan
  • Herodotus sample:
    • 251121-mgsreseq5v
• Added detection for GenesisStealer, Windows stealer
  • GenesisStealer sample:
    • 251121-mlfyestnct
• Added detection for MuckStealer, Windows stealer
  • MuckStealer sample:
    • 251121-mgrt5ayjfl
• Added detection for Rubeus, Windows hatcktool
  • Rubeus sample:
    • 251121-mgql3aeq4x
• Added detection for MoDiRAT, Windows RAT
  • MoDiRAT sample:
    • 251121-mgsfnaeq5t
• Added detection for MarkiRAT family, Windows RAT
  • MarkiRAT sample:
    • 251121-mgql3aeq4y
• Added detection for Sfone family, Windows worm
  • Sfone sample:
    • 251121-mgr5wseq41
• Added detection for Dorkbot family, Windows worm
  • Dorkbot sample:
    • 251121-mgqbaseq4w
• Added detection for Aenjaris family, Windows worm
  • Aenjaris sample:
    • 251121-mgrt5ayjfn

New Ransomware Detection

• Added detection for Zarok ransomware
  • Zarok sample:
    • 251121-mgr5wseq5s

Updates for Existing Families

• Updated detection for Danabot latest version
  • Danabot sample:
    • 251121-mgqxtseq4z
• Updated extractor for Ngioweb ARM version
  • Ngioweb samples:
    • 251121-mgrt5ayjfm
    • 251121-mgr5wsyjfp
    • 251121-mgsfnayjfr

If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.