← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | Google Cloud Blog
WHITE CyberHunter_NL 2024-08-27 Modified: 2024-09-26
98
IOCs
HIGH VOLUME
A security firm, Mandiant, has identified a new method of distributing malware-as-a-service, and identified the final downloader for the malware, known as PEAKLIGHT.
powershellbase64stealthconfigurationvariationbase64 decodingdecompressionecb modegzippowershell codelogicbase64-encodedcryptbot.autoitlummac.v2shadowladderjavascriptpeaklight
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Base64-Encoded CRYPTBOT.AUTOIT LummaC.V2 SHADOWLADDER JavaScript PEAKLIGHT
Indicators of Compromise (98)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 c047ae13fc1e25bc494b17ca10aa179e 2024-08-27
FileHash-SHA1 e293c7815c0eb8fbc44d60a3e9b27bd91b44b522 SHA1 of c047ae13fc1e25bc494b17ca10aa179e 2024-08-27
FileHash-SHA256 6c30c8a2e827f48fcfc934dd34fb2cb10acb8747fd11faae085d8ad352c01fbf SHA256 of c047ae13fc1e25bc494b17ca10aa179e 2024-08-27
FileHash-MD5 059d94e8944eca4056e92d60f7044f14 2024-08-27
FileHash-MD5 236c709bbcb92aa30b7e67705ef7f55a 2024-08-27
FileHash-MD5 307f40ebc6d8a207455c96d34759f1f3 2024-08-27
FileHash-MD5 43939986a671821203bf9b6ba52a51b4 2024-08-27
FileHash-MD5 47eee41b822d953c47434377006e01fe 2024-08-27
FileHash-MD5 58c4ba9385139785e9700898cb097538 2024-08-27
FileHash-MD5 62f20122a70c0f86a98ff14e84bcc999 2024-08-27
FileHash-MD5 91423dd4f34f759aaf82aa73fa202120 2024-08-27
FileHash-MD5 95361f5f264e58d6ca4538e7b436ab67 2024-08-27
FileHash-MD5 a6c4d2072961e9a8c98712c46be588f8 2024-08-27
FileHash-MD5 b15bac961f62448c872e1dc6d3931016 2024-08-27
FileHash-MD5 b6b8164feca728db02e6b636162a2960 2024-08-27
FileHash-MD5 b716a1d24c05c6adee11ca7388b728d3 2024-08-27
FileHash-MD5 bb9641e3035ae8c0ab6117ecc82b65a1 2024-08-27
FileHash-MD5 c56b5f0201a3b3de53e561fe76912bfd 2024-08-27
FileHash-MD5 d6ea5dcdb2f88a65399f87809f43f83c 2024-08-27
FileHash-MD5 d7aff07e7cd20a5419f2411f6330f530 2024-08-27
FileHash-MD5 d8e21ac76b228ec144217d1e85df2693 2024-08-27
FileHash-MD5 dfdc331e575dae6660d6ed3c03d214bd 2024-08-27
FileHash-MD5 e7c43dc3ec4360374043b872f934ec9e 2024-08-27
FileHash-MD5 f98e0d9599d40ed032ff16de242987ca 2024-08-27
FileHash-SHA1 09d96d5804628eadb5dba5c37e9a22ca5312a3a4 SHA1 of 43939986a671821203bf9b6ba52a51b4 2024-08-27
FileHash-SHA1 1dcb61babb08fe5db711e379cb67335357a5db82 SHA1 of b15bac961f62448c872e1dc6d3931016 2024-08-27
FileHash-SHA1 2a4062e10a5de813f5688221dbeb3f3ff33eb417 SHA1 of c56b5f0201a3b3de53e561fe76912bfd 2024-08-27
FileHash-SHA1 32a0713812274d04ce726b014ac80623a6f9acda SHA1 of 95361f5f264e58d6ca4538e7b436ab67 2024-08-27
FileHash-SHA1 33bba2befa35d92f68fb62fb6c066f597ef11c81 SHA1 of f98e0d9599d40ed032ff16de242987ca 2024-08-27
FileHash-SHA1 39a190c8b7dc589c85476f3fdb27d165207cfca7 SHA1 of d8e21ac76b228ec144217d1e85df2693 2024-08-27
FileHash-SHA1 46a491abbbb434b6a1a2a1b1a793d24acd1d6c4b SHA1 of 059d94e8944eca4056e92d60f7044f14 2024-08-27
FileHash-SHA1 473d413a209280848b7a1cbb510766dc0d77a77b SHA1 of 91423dd4f34f759aaf82aa73fa202120 2024-08-27
FileHash-SHA1 6514933e53c6eb9594786a773f75595b0eafeaf7 SHA1 of e7c43dc3ec4360374043b872f934ec9e 2024-08-27
FileHash-SHA1 65bdb4f383e87f7455f29b2c6ead301076cabac2 SHA1 of a6c4d2072961e9a8c98712c46be588f8 2024-08-27
FileHash-SHA1 6f24be390aa63e8365eeab5b23e077e3f835e59d SHA1 of d6ea5dcdb2f88a65399f87809f43f83c 2024-08-27
FileHash-SHA1 77b238dd8af8ea6555f367476cdb34d520bef34b SHA1 of 58c4ba9385139785e9700898cb097538 2024-08-27
FileHash-SHA1 7e1a5db6e9c56ec3cd462dcb872a904aa77456f6 SHA1 of 62f20122a70c0f86a98ff14e84bcc999 2024-08-27
FileHash-SHA1 8067947f973d2e0e2416dacdf9f3b2464838825a SHA1 of 307f40ebc6d8a207455c96d34759f1f3 2024-08-27
FileHash-SHA1 923fb0545fad9bab123fd6f43e4b04c5c555eb4a SHA1 of bb9641e3035ae8c0ab6117ecc82b65a1 2024-08-27
FileHash-SHA1 ad42e88bbcce1640aeda1397f82c826ba764d08e SHA1 of 47eee41b822d953c47434377006e01fe 2024-08-27
FileHash-SHA1 d7647d4dab58e6a205ee73e9afca054e5e24b532 SHA1 of 236c709bbcb92aa30b7e67705ef7f55a 2024-08-27
FileHash-SHA1 dff4996b6e6b74be72ee6f526fac590a82946db1 SHA1 of d7aff07e7cd20a5419f2411f6330f530 2024-08-27
FileHash-SHA1 f89472f876829593646a5c93f22bf1209fff5d0d SHA1 of b6b8164feca728db02e6b636162a2960 2024-08-27
FileHash-SHA256 07061f3fd8c15bdd484b55baa44191aa9d045c9889234550939f46c063e6211c SHA256 of 95361f5f264e58d6ca4538e7b436ab67 2024-08-27
FileHash-SHA256 11e72df66c5673a99696cf302f1ea3aa35877b668474900e5272f0e33eb73348 SHA256 of f98e0d9599d40ed032ff16de242987ca 2024-08-27
FileHash-SHA256 218106e2f5ee44e8ae3ecf62e5c2cb1c3db50e5825f4737c9d13bbd48114ed0b SHA256 of 47eee41b822d953c47434377006e01fe 2024-08-27
FileHash-SHA256 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d SHA256 of c56b5f0201a3b3de53e561fe76912bfd 2024-08-27
FileHash-SHA256 31fa6a32b73ceef86560bdad24f0b69c50bf035cb1b18ccbf7a97857a39deb64 SHA256 of d8e21ac76b228ec144217d1e85df2693 2024-08-27
FileHash-SHA256 34dcc780d2a2357c52019d87a0720802a92f358d15320247c80cc21060fb6f57 SHA256 of d6ea5dcdb2f88a65399f87809f43f83c 2024-08-27
FileHash-SHA256 3f86ca59335214a918870d86a47b21cc77f941dfcb32b7ba97620021621e7444 SHA256 of 43939986a671821203bf9b6ba52a51b4 2024-08-27
FileHash-SHA256 658ac17f4047ccc594edfd7c038701fe2c72ec2edf4aefe6f3c2dd28ab3dd471 SHA256 of e7c43dc3ec4360374043b872f934ec9e 2024-08-27
FileHash-SHA256 8235bd354b95a117a50922b994732cba101815a26a502ab9dc039a533329e2a5 SHA256 of b6b8164feca728db02e6b636162a2960 2024-08-27
FileHash-SHA256 973bbef82c2feecd5e3fbf75eac3e14fdce767cde712281ca2fbefc9eac218d2 SHA256 of a6c4d2072961e9a8c98712c46be588f8 2024-08-27
FileHash-SHA256 98a93c1e0708be18eea76134a5d49a052373c38458c8fb434339ca4c3e37a5ab SHA256 of d7aff07e7cd20a5419f2411f6330f530 2024-08-27
FileHash-SHA256 9fa7cacb5730faacc2b17d735c45ee1370130d863c3366d08ec013afe648bfa6 SHA256 of 059d94e8944eca4056e92d60f7044f14 2024-08-27
FileHash-SHA256 a1010375ee640ecb61d0912243ff7ca8ea56f3ad3eeacb0f109bff56f519c1fb SHA256 of 236c709bbcb92aa30b7e67705ef7f55a 2024-08-27
FileHash-SHA256 bf1a0c67b433f52ebd304553f022baa34bfbca258c932d2b4b8b956b1467bfa5 SHA256 of b15bac961f62448c872e1dc6d3931016 2024-08-27
FileHash-SHA256 d6b2e83093cdaa1c59777b91a68ebd801161cf0e8f6499ca41fd2f99dfb2d839 SHA256 of 307f40ebc6d8a207455c96d34759f1f3 2024-08-27
FileHash-SHA256 d9158d0fd577687321a7b29c5df3712a44e7aa13f03207a158147e9e4b253b53 SHA256 of 91423dd4f34f759aaf82aa73fa202120 2024-08-27
FileHash-SHA256 e3bf61f6f96d1a121a1f7f47188cd36fc51f4565ca8cd8fc07207e56a038e7ca SHA256 of 62f20122a70c0f86a98ff14e84bcc999 2024-08-27
FileHash-SHA256 e63d29cda8af6ad95286c11996f0ac32a70ac24c1c2baa78d22593babd826a41 SHA256 of 58c4ba9385139785e9700898cb097538 2024-08-27
FileHash-SHA256 ead01fc10a3a7c5bef4f37a8137724c290716d07f4f032d5057f2a198834d5d7 SHA256 of bb9641e3035ae8c0ab6117ecc82b65a1 2024-08-27
URL http://62.133.61.56/Downloads 2024-08-27
URL http://62.133.61.56/Downloads/Full 2024-08-27
URL http://62.133.61.56/Downloads/Full%20Video%20HD%20 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5 2024-08-27
URL http://gceight8vt.top/upload.php 2024-08-27
URL https://brewdogebar.com/code.vue 2024-08-27
URL https://forikabrof.click/flkhfaiouwrqkhfasdrhfsa.png 2024-08-27
domain brewdogebar.com 2024-08-27
domain considerrycurrentyws.shop 2024-08-27
domain deprivedrinkyfaiir.shop 2024-08-27
domain detailbaconroollyws.shop 2024-08-27
domain forikabrof.click 2024-08-27
domain gceight8vt.top 2024-08-27
domain horsedwollfedrwos.shop 2024-08-27
domain messtimetabledkolvk.shop 2024-08-27
domain patternapplauderw.shop 2024-08-27
domain relaxtionflouwerwi.shop 2024-08-27
domain tropicalironexpressiw.shop 2024-08-27
domain understanndtytonyguw.shop 2024-08-27
URL https://fatodex.b-cdn.net/K1.zip 2024-08-27
URL https://fatodex.b-cdn.net/K2.zip 2024-08-27
URL https://fatodex.b-cdn.net/fatodex 2024-08-27
URL https://matodown.b-cdn.net/K1.zip 2024-08-27
URL https://matodown.b-cdn.net/K2.zip 2024-08-27
URL https://matodown.b-cdn.net/matodown 2024-08-27
URL https://nextomax.b-cdn.net/L1.zip 2024-08-27
URL https://nextomax.b-cdn.net/L2.zip 2024-08-27
URL https://nextomax.b-cdn.net/nexto 2024-08-27
URL https://nextomax.b-cdn.net/video.mp4 2024-08-27
URL https://potexo.b-cdn.net/K1.zip 2024-08-27
URL https://potexo.b-cdn.net/K2.zip 2024-08-27
URL https://potexo.b-cdn.net/potexo 2024-08-27
domain x264.zip 2024-08-27
hostname fatodex.b-cdn.net 2024-08-27
hostname matodown.b-cdn.net 2024-08-27
hostname nextomax.b-cdn.net 2024-08-27
hostname potexo.b-cdn.net 2024-08-27
References (1)
↗ https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware