Managed XDR

localfile (Bozok, NetWire, BlackShades, DarkComet, Remcos, NanoCore, ISFB, Vertex Loader, Poison Ivy) — malware analysis report

File info

Filename: localfile
File type: POSIX tar archive
File size: 13.7 MB
First seen: 2025-09-05 00:49
Last seen: 2026-06-07 19:53

Environment

w10/x86 en

Hashes

SHA1: 62d09bceb461531165f6f536ab034cf7a0f7dfde
SHA256: 4f2cdbd02bfea75932444694f1d3c317c79041be76b0adb6a091e72fcf9284d0
MD5: 18ea858f966113154acd965a1548787c

Malwares

Bozok
NetWire
BlackShades
DarkComet
Remcos
NanoCore
ISFB
Vertex Loader
Poison Ivy

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1003.001 yara_rules: Static rules

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

Other

no_graphical_activity: No graphic activity

writes_data: Writes big amount of data to disk

many_files_in_archive: The archive contains more than 5 files

Related reports

Managed XDR