Ares Malware: The Grandson of the Kronos Banking Trojan

1. Samples
2. SHA256 Hash Module Name
3. da767e6faf97d73997f397eae71b372a549dd6331bf8ec0ebd398ef8cfe9a47e Osiris sample
4. 5e7642e945bd05ecea77921cb3464b6da8db59e5ff38240608e3cbb44b07fb1d Osiris sample
5. 7498e37c332d55c14247ae4b675e726336a8683900d8fd1da412905567d2de4a Ares sample
6. e5d624b7060c0e885abe11a0973a43a355c9930fc6912ff5eac83d1a9eec9c29 Ares sample
7. 035793d479c4229693fc6dcceaa639cd51ae89334b43e552b9c47a6dea68ce30 Ares sample with embedded Startup module
8. 94b084ea925990742f4eaaada1eef9a42c13066bf4f4c7a3b12a1509e32ff9e6 Ares Stealer sample
9. 09897c6ef88b9e9bc20917a2b47ec86ff2b727a2923678f5e2df6bb6437d3312 Ares VNC plugin
10. 896cebf465257f60347e58ffd7ec61629cf530956ef9b00e94f8b40ef9b30581 DarkCrypter with second-stage BMPack and Osiris sample
11. 956ae36f40d0d847daa00d7964906e7e9d1671d0f3f2e7d257d5a8d324388c31 DarkCrypter sample with encrypted Ares payload
12. 6c5dac9043b2f112543f3eca6503d4bcc70d762b47d75dcb85f9767c603de56f DarkCrypter sample with compressed Ares TOR payload
13. b3348405cd0fa66661b46bc6cbab97b55708be26a2ed7a745e1632b46d1b3f41 DarkCrypter sample with encrypted Ares payload
14. 4044abad9a846e203f131c65b1f84bb2b79f94000d1d7be6c6d6a8e27ac76940 BMPack sample with Osiris payload
15.  
16. Network Indicators
17. Domain / IP Address Description
18. http://ylnfkeznzg7o4xjf[.]onion/kpanel/connect.php Osiris C2 URL
19. http://m3r7ifpzkdix4rf5[.]onion/kpanel/connect.php Osiris C2 URL
20. http://qqkzfkax24p4elax[.]onion/kpanel/connect.php Osiris C2 URL
21. https://securebankingapp[.]com Osiris web inject domain
22. http://vbyrduc537l5po3w[.]onion/panel/connect.php Ares C2 URL
23. http://wifoweijijfoiwjweoi[.]xyz/panel/connect.php Ares C2 URL
24. http://ddkiiqefmiir[.]xyz/panel/connect.php Ares C2 URL
25. http://ddkiilefmjim[.]xyz/panel/connect.php Ares C2 URL
26. http://ddkiieeelkif[.]xyz/panel/connect.php Ares C2 URL
27. http://ddkiiofelkkq[.]xyz/panel/connect.php Ares C2 URL
28. http://ddkiihfelikh[.]xyz/panel/connect.php Ares C2 URL
29. http://ddkiiffdkijh[.]xyz/panel/connect.php Ares C2 URL
30. http://ddkiigedliji[.]xyz/panel/connect.php Ares C2 URL
31. http://ddkiirfdmjks[.]xyz/panel/connect.php Ares C2 URL
32. http://ddkiitefkkju[.]xyz/panel/connect.php Ares C2 URL
33. http://mydynamite.dynv6[.]net/panel/connect.php Ares C2 URL
34. http://cabletv[.]top/panel/connect.php Ares C2 URL
35.  
36.