Blog.

Welcome back to our Triage Thursday™ blog series! We’re excited to share this week’s detection updates with you. In these quick posts, we highlight the latest malware families detections that have been added.

New Windows Families This Week

• Added detection and extraction for GeckoStealer, Windows stealer
  • GeckoStealer sample:
    • 260519-ttmjhabx7m
• Added detection and extraction for NeedleStealer, Windows stealer
  • NeedleStealer sample:
    • 260519-tt9zssht6s
• Added detection and extraction for AstarionRat, Windows RAT
  • AstarionRat sample:
    • 260519-t3z6ysbz4m
• Added detection for Eternidade Stealer and Eternidade Loader, Windows stealer
  • Eternidade sample:
    • 260519-tv45yaby2n
• Added detection for NebulaStealer, Windows stealer
  • NebulaStealer sample:
    • 260519-twp3eaby4k
• Added detection for NexusStealer, Windows stealer
  • NexusStealer sample:
    • 260519-tzc71sby8p
• Added detection for DarkLoader, Windows loader
  • DarkLoader sample:
    • 260519-tz19vaby9r
• Added detection for SeroRAT, Windows RAT
  • SeroRAT sample:
    • 260519-t1hh5abz2r

Detection for Android

• Added detection for AnubisSpy, Android spyware
  • AnubisSpy sample:
    • 260515-qh11zaay7z
• Added detection for BankBot-YNRK, Android banking trojan
  • BankBot-YNRK sample:
    • 260515-qh75aadz2j
• Added detection for GnatSpy, Android spyware
  • GnatSpy sample:
    • 260515-qh6w8ady9p
• Added detection for PixBankBot, Android banking trojan
  • PixBankBot
• Added detection for Skygofree, Android spyware
  • Skygofree sample:
    • 260515-qh8qtadz2n
• Added detection for Slempo, Android banking trojan
  • Slempo sample:
    • 260515-qh5zxsay9z
• Added detection for ThiefBot, Android banking trojan
  • ThiefBot sample:
    • 260515-qh4rvsdy9j
• Added detection for VAMP, Android spyware
  • VAMP sample:
    • 260515-qh9ccadz2q

Detection for Linux and Network Families

• Added detection for DeadBolt, Linux ransomware
  • DeadBolt sample:
    • 260515-qh282aay81
• Added detection for Diamorphine, Linux rootkit
  • Diamorphine sample:
    • 260515-qh6lfsaz2t
• Added detection for Slnya, Linux ransomware
  • Slnya sample:
    • 260515-qh2x9say8z
• Added detection for Specter, Linux botnet
  • Specter sample:
    • 260515-qhc9xaay6y
• Added detection for SSHdKit, Linux credential-theft trojan
  • SSHdKit sample:
    • 260514-aep7asgy7z
• Added detection for xHide, Linux hacktool
  • [xHide] sample:
    • 260515-qkj58sdz3r
• Added detection for KadNap, router botnet
  • KadNap sample:
    • 260515-qh8e2sdz2l
• Added detection for Equation Laser, Windows backdoor (APT Equation Group)
  • EquationLaser sample:
    • 260515-qh8qtadz2m

Detection for Ransomware

• Cockblocker sample:
  • 260515-qh82ksdz2p
• CryptoDarkRubix sample:
  • 260515-qh6lfsdy9n
• CryptoPatronum sample:
  • 260515-qh282aay9s
• Cylance sample:
  • 260515-qh4rvsay9w
• DarkWorld sample:
  • 260515-qh6w8ady9q
• Rex sample:
  • 260521-hpx9naaz6x
• Vovabol sample:
  • 260515-qh8e2sdz2k

Updates for Existing Families

• Updated detection and extraction for Remus stealer, new variant
  • Remus sample:
    • 260513-ve58qscz4w
• Updated detection and extraction for Vidar
  • Vidar sample:
    • 260521-hrjjaaaz8w
• Updated detection and extraction for LotusLite, Windows backdoor
  • LotusLite sample:
    • 260515-qh1efaay7x

If you have any feedback, questions, or issues about Triage™ feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.