Search found 6 matches

by fonavozia
Fri Mar 16, 2018 8:00 am
Forum: Malware
Topic: trojan.Evrial Cryptocurrency stealer
Replies: 4
Views: 5518

Re: trojan.Evrial Cryptocurrency stealer

Sample in attachment (379aa4c0fe0e2027e76341e075321fa0).
by fonavozia
Fri Mar 16, 2018 7:58 am
Forum: Malware
Topic: trojan.Evrial Cryptocurrency stealer
Replies: 4
Views: 5518

Re: trojan.Evrial Cryptocurrency stealer

C&C address is downloaded from hxxps://github.com/sevampir/evrial (hxxps://raw.githubusercontent.com/sevampir/evrial/master/LICENSE.md/evrial)
by fonavozia
Thu Mar 15, 2018 9:38 am
Forum: Malware
Topic: Sandboxes (Discussion)
Replies: 25
Views: 26408

Re: Sandboxes (Discussion)

After the death of malwr.com (plain simple cuckoo sandbox without the hassle) I've switched to maldun (https://www.maldun.com/dashboard/). The only drawback it's in Chinese, but the links and css classes are pretty self-explanatory, so I've already got used to all its characters :)
by fonavozia
Fri Mar 02, 2018 2:23 pm
Forum: Malware
Topic: trojan.Evrial Cryptocurrency stealer
Replies: 4
Views: 5518

Re: trojan.Evrial Cryptocurrency stealer

C&C moved to hxxps://projectevrial.com/login/.
by fonavozia
Thu Jan 28, 2016 7:07 am
Forum: Malware
Topic: Trojan-Ransom.BAT.Agent.ay
Replies: 2
Views: 2727

Re: Trojan-Ransom.BAT.Agent.ay

Interestingly the malware exe web sites giving different exe without the "rnd" GET parameter (attached).
by fonavozia
Thu Jan 28, 2016 6:59 am
Forum: Malware
Topic: Trojan-Ransom.BAT.Agent.ay
Replies: 2
Views: 2727

Re: Trojan-Ransom.BAT.Agent.ay

>encrypted using strong RSA-1024 algorithm with a unique key
>xor with static alphanumeric string
Sounds good.