Blog.

Welcome back to our Triage Thursday™ blog series! We’re excited to share this week’s detection updates with you. In these quick posts, we highlight the latest malware families detections that have been added.

New Windows Families This Week

• Added detection and extraction for 751Stealer, Windows stealer
  • 751Stealer samples:
    • Loader: 260527-trp7lsb14r
    • Dll payload: 260527-tr97sad17v
    • Injector: 260527-tr4p1ab15r
• Added detection and extraction for AntarcidaStealer, Windows stealer
  • AntarcidaStealer sample:
    • 260527-tnkgysby6r
• Added detection and extraction for SessionStealer, Windows stealer
  • SessionStealer sample:
    • 260527-tnlp1sby7n
• Added detection for ApexTraderRAT, Windows stealer
  • ApexTraderRAT sample:
    • 260527-tnmmbaby8l
• Added detection for HermesStealer, Windows stealer
  • HermesStealer sample:
    • 260527-tnld9aby7m
• Added detection for ModeloRAT, Windows RAT written in Python
  • ModeloRAT sample:
    • 260527-tnkgysby6p
• Added detection for TransferLoader, Windows loader
  • TransferLoader sample:
    • 260527-tnjwesdy5v

Detection for Android

• Added detection and extraction for ShadowRAT, Android RAT
  • ShadowRAT sample:
    • 260527-tvcexses8z
• Added detection and extraction for Sparrow, Android RAT
  • Sparrow sample:
    • 260527-txhpqaet9z
• Added detection for DevilNFC, Android NFC malware
  • DevilNFC sample:
    • 260527-tnk4gsby7j
• Added detection for DoubleAgent, Android RAT
  • DoubleAgent sample:
    • 260527-t1betaew5s
• Added detection for DroidWatcher, Android surveillanceware
  • DroidWatcher sample:
    • 260527-ty25racv4j
• Added detection for Goontact, Android spyware
  • Goontact sample:
    • 260527-t2xdnsex3s
• Added detection for Konni, Android version RAT
  • Konni sample:
    • 260527-tt3wgscs8l
• Added detection for NotCompatible, Android botnet
  • NotCompatible sample:
    • 260527-t1jq7acw4j
• Added detection for SonicSpy, Android spyware
  • SonicSpy sample:
    • 260527-t27jmsex4t

Detection for APT Groups

• Added detection for GrimBolt backdoor, APT UNC6201
  • GrimBolt sample:
    • 260528-h8l1qshw5k
• Added detection for SnowLight Loader, APT UNC5174
  • SnowLight sample:
    • 260527-tnksqady5x

Detection for Ransomware

• OscarRansomware sample:
  • 260527-tnmx3sby8m
• FuxSocy sample:
  • 260528-ja71zsbs2z
• Sfile aka Escal sample:
  • 260527-tnftrsdy3y
• FCT sample:
  • 260527-tngfasdy4s
• Firecrypt sample:
  • 260527-tng2tsdy4x
• FONIX sample:
  • 260527-tnf5jady3z
• BlackCat (ELF variant, Linux ransomware) sample:
  • 260527-tnhncsdy4z

If you have any feedback, questions, or issues about Triage™ feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.