IOC Radar Logo
IOCRadar
IOC Radar Logo
IOCRadar

0fd96944d78425a7c06a36823c2ee5934323a8ab

Hash
18%
SIGNAL STRENGTHModerate Noise
FIRST SEEN2025-03-31 09:40:05
LAST SEEN2025-04-23 06:40:46
CATEGORY
malware
win32 malware
telnet threat
port scan
operation system spesific attack(windows os)
database spesific attack(postgresql)
protocol spesific attack(rdp)
database spesific attack(mysql)
port scanning and brute force attempts
ssh attack
MITRE
T1595 - Active Scanning
T1499.002 - Endpoint DoS
T1499.003 - Network DoS
T1496 - Resource Hijacking
T1190 - Exploit Public-Facing Application
T1059.003 - SQL Injection
T1505.002 - Server Software Component
T1110.002 - Brute Force
T1076 - Remote Desktop Protocol
T1563 - Remote Services
TAGS
protocol exploitation
distributed attacks
command and control
process injection
database security
credential stuffing
remote services
network security
vulnerability management
windows malware
Eye Icon
SOCRadar
AI Insight

The presence of SHA1 hash 0fd96944d78425a7c06a36823c2ee5934323a8ab within the environment is a significant indicator of potential malware infection. This hash is associated with multiple suspicious files, including variants of mrt.exe and mrtstub.exe, which are known components of the Microsoft Malicious Software Removal Tool (MSRT). While MSRT itself is benign, attackers frequently disguise malware using similar names to evade detection and trick users. This IOC is likely related to a widespread malware campaign attempting to leverage trust in legitimate Microsoft tools, thereby posing a high risk of system compromise, data theft, and disruption of services.

Summary

Hash Type:
sha1
MD5:
-
SHA-1:
-
SHA-256:
-
Files:
mrtstub.exe
File Type:
exe

Top Classifications

Campaign:
-
Industry:
-
Country:
-
Region:
-
Threat Actors:
-
Malware:
-

Feed Sources

Feed Source
Count
Date
SOCRadar Threat Exchange Services
3
2025-04-23
AlienVault OTX Feeds
3
2025-04-23

Threat Activity Timeline

Last 24 hours
Dormant
Last 7 Days
Minimal Activity
Last Month
Minimal Activity
Last 3 Months
Minimal Activity
Extended Threat Intelligence
Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.