Blog.

Welcome back to our Triage Thursday™ blog series! We’re excited to share this week’s detection updates with you. In these quick posts, we highlight the latest malware families detections that have been added.

New Windows Families This Week

• Added detection and extraction for DarthVader, Windows stealer
  • DarthVader sample:
    • 260604-stjbeahw7s
• Added detection and extraction for ArtemisRAT, Windows RAT
  • ArtemisRAT sample:
    • 260604-steyzsas6j
• Added detection and extraction for XVClipper, Windows clipper
  • XVClipper sample:
    • 260604-sth1msas7n
• Added detection for Gazer, Windows backdoor
  • Gazer sample:
    • 260604-sthd4sas7m
• Added detection for Gomet, Windows backdoor
  • Gomet sample:
    • 260604-stjxyahw7t
• Added detection for GraphWorm, Windows backdoor
  • GraphWorm sample:
    • 260604-stj8pshw7w
• Added detection for WormHole, Windows proxy
  • WormHole sample:
    • 260604-stg4caas7j
• Added detection for BLUEWIPE, Windows wiper
  • BLUEWIPE sample:
    • 260604-s1ea2ahy71
• Added detection for BrushLogger, Windows keylogger
  • BrushLogger sample:
    • 260604-steyzshw6x

Detection for Android

• Added detection for Dendroid, Android RAT
  • Dendroid sample:
    • 260604-stblkaas4p
• Added detection for Koler, Android ransomware
  • Koler sample:
    • 260604-stb74ahw5x
• Added detection for MouaBad, Android trojan
  • MouaBad sample:
    • 260604-stchvsas5j
• Added detection for Ashas, Android adware
  • Ashas sample:
    • 260604-stgsksas6q
• Added detection for ATANK, Android ransomware
  • ATANK sample:
    • 260604-stem8aas5r
• Added detection for Titan, Android surveillanceware
  • Titan sample:
    • 260604-ste9raas6k
• Added detection for BADBOX, Android botnet
  • BADBOX sample:
    • 260604-std2pahw6t
• Added detection for BADCALL, Android RAT
  • BADCALL sample:
    • 260604-stjbeahw61
• Added detection for Basbanke, Android banking trojan
  • Basbanke sample:
    • 260604-stecfshw6w
• Added detection for Connic, Android banking trojan
  • Connic sample:
    • 260604-stf62sas6p
• Added detection for Cpuminer, Android miner
  • Cpuminer sample:
    • 260604-s2ryhsav9p
• Added detection for Cloud Atlas (Inception Framework), Android RAT
  • CloudAtlas sample:
    • 260604-stchvshw5y
• Added detection for BoneSpy, Android surveillanceware
  • BoneSpy sample:
    • 260604-s28k9saw3p
• Added detection for ANDROSNATCH, Android Chrome stealer (ELF)
  • ANDROSNATCH sample:
    • 260604-stjbeahw6z

Detection for Ransomware

• Global sample:
  • 260604-s4cxdaaw4r
• GoCryptoLocker sample:
  • 260604-stfwaaas6m
• HardBit sample:
  • 260604-stj8pshw7x
• Heda sample:
  • 260604-stbxbsas4q
• Hermes sample:
  • 260604-stecfsas5q
• HexaLocker sample:
  • 260604-stc5dshw5z
• Horsedeal sample:
  • 260604-ste9raas6l
• Intercobros sample:
  • 260604-stg4caas6r

Updates for Existing Families

• Updated detection and extractor for Vidar 1.8 variant
  • Vidar samples:
    • 260604-sthd4sas7l
    • 260604-stbassas4n
• Updated detection and extraction for StealC new variant
  • StealC sample:
    • 260604-sv1bbahx21
• Updated detection and extraction for xtinyloader
  • xtinyloader sample:
    • 260604-svttjahx2z

If you have any feedback, questions, or issues about Triage™ feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.