Stairwell - Regin

Sophisticated malware discovered in 2014, used for stealthy surveillance since at least 2003.

# Properties

magic	exe
mime type	application/vnd.microsoft.portable-executable
size	11.4 kB
entropy	6.523753643
md5	06665b...413e50
sha1	9f0dc0...f9e486
sha256	f1d903...e69e1e
imphash	a9c104...4e8ad7
tlsh	c5325d...73708f

Internet Results

Regin Backdoor - Yara Rules - Pastebin.com

Pastebin

Nov 24, 2014 ... f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e. f89549fc84a8d0f8617841c6aa4bb1678ea2b6081c1f7f74ab1aebd4db4176e4.

hack_lu_2017/Kmeans algorithm.ipynb at master · sebdraven ...

GitHub

... b'f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e', b'f1e6081aee5d1c045ceb89235794a197f4e107d988ad15f65265c90a88beff40', b ...

hack_lu_2017/DBscan Algorithm.ipynb at master · sebdraven ...

GitHub

... , b'Backdoor.MSIL.Tyupkin')], b'330': [(b'f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e', b'Trojan.Regin')], b'331': [(b ...

tech-CSI/known_256hashes.txt at master · CpanelInc/tech-CSI ...

GitHub

cPanel Security Scan. Contribute to CpanelInc/tech-CSI development by creating an account on GitHub.

mimikatz ...

tria.ge

... Temp\.tmpg9JMtM\f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e.exe.exe". 2⤵. PID:6428. C:\Users\Admin\AppData\Local\Temp\.tmpg9JMtM ...