Welcome back to our Triage Thursday blog series! We’re excited to share this week’s detection updates with you. In these quick posts, we highlight the latest malware families detections that have been added.

New Families This Week

• Added detection for KillMBR, Windows trojan
  • KillMBR sample:
    • 251205-k4je6axlfx
• Added detection for GhostBat RAT, Android malware
  • GhostBat RAT sample:
    • 251205-mvc8wsgn2x
• Added detection for SimpleHelp, RMM tool
  • SimpleHelp sample:
    • 251205-mwmhysgn4s
• Added detection for Iris Stealer, Windows stealer packed with PyInstaller
  • Iris Stealer sample:
    • 251205-k4kcfsxlfy
• Added detection for SoranoStealer, Windows stealer
  • SoranoStealer sample:
    • 251205-k4h5dsfm6t
• Added detection to PillagerStealer, Windows stealer
  • PillagerStealer sample:
    • 251205-k4jqxsfm6w
• Added detection for CerbfyneStealer, Windows stealer
  • CerbfyneStealer sample:
    • 251205-k4n1msxlgw
• Added detection for Powersploit, Windows post-exploitation framework
  • Powersploit sample:
    • 251205-lefhmsfn5z

New Ransomware Detection

• Added detection for Nabucur, Windows ransomware
  • Nabucur sample:
    • 251205-k4km8afm6x

Updates for Existing Families

• Updated detection for Ghostsocks, Windows proxy
  • Ghostsocks sample:
    • 251205-k4msksxlgs
• Updated detection for Nirsoft, Windows EdgeCookiesView tool
  • Nirsoft EdgeCookiesView sample:
    • 251205-mxff2agn5v
• Updated for Vidar obfuscated loader
  • Vidar sample:
    • 251205-k4m4caxlgt

If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.