Search found 164 matches

by Cody Johnston
Thu Nov 08, 2018 5:29 pm
Forum: General Discussion
Topic: VBOX Sandbox Escape - Guest to Host
Replies: 1
Views: 274

VBOX Sandbox Escape - Guest to Host

Hi All! I haven't tested this myself yet, but it seems that someone has found a bug that allows escaping VBOX from guest to host. Here is a link to the full writeup, there is code in there but it's not ready-made for people to just go and use, as the code is within the writeup: https://github.com/Mo...
by Cody Johnston
Thu Aug 10, 2017 11:45 pm
Forum: Completed Malware Requests
Topic: BKDR_OWAUTH.A - Bronze Union
Replies: 1
Views: 3763

Re: BKDR_OWAUTH.A - Bronze Union

Associated with https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizations Can you please upload samples of below? https://virustotal.com/en/file/0e823a5b64ee761b70315548d484b5b9c4b61968b5068f9a8687c612ddbfeb80/analysis/ cd5aaa37ee165071f914ceec8fd09e0f https://virustotal....
by Cody Johnston
Fri Jul 28, 2017 7:37 pm
Forum: Malware
Topic: Malware collection
Replies: 315
Views: 467806

Re: Malware collection

Thanks you a lot. https://www.virustotal.com/en/file/1291d86163aba76ad8d38665f405eb314234aa23463f2008b9afaca3252da588/analysis/1501258949/ Downloads GlobelImposter ransomware from: hxxp://rghuston.com/gxrdcca/ https://www.virustotal.com/en/file/2c42d67534ccb9c418adbe4a0a6d237d7cb8598775d2d5efe22960...
by Cody Johnston
Sat Jul 22, 2017 7:46 am
Forum: Malware
Topic: Malware collection
Replies: 315
Views: 467806

Re: Malware collection

https://www.virustotal.com/en/file/c4600108d457504ad84493dde0c63d811d01d4c913ae2a62c61dc5e6cf890545/analysis/ That is called 'RevengeRAT' this.ID = "SGFja2VkIEJ5IEhhbGxhag=="; ID string says 'Hacked By Hallaj' It gets the payload from pastebin: hxxps://pastebin.com/raw/UCXsTaZ8 then loads it using ...
by Cody Johnston
Sat Jul 15, 2017 4:09 am
Forum: Malware
Topic: Malware collection
Replies: 315
Views: 467806

Re: Malware collection

Sorry I ask but this scanner can show real malware code .And it is malware scrip https://quttera.com/detailed_report/mswia.gov.pl mswia.gov.pl/pl/batony/785%2CBezpieczny-Autobus-sprawdz-informacje-o-autobusie-lub-autokarze.html [[function getCookie(d){var b=d+"=";var a=document.cookie.split(";");fo...
by Cody Johnston
Mon Jul 10, 2017 12:09 am
Forum: Malware
Topic: Malware collection
Replies: 315
Views: 467806

Re: Malware collection

https://www.virustotal.com/en/file/f559c9e3f2f90e1037fb13486bf815fb42553975232ddfee87b9b72c89fbadb8/analysis/1499619085/ This one is MacKeeper. It is a PUP for mac OS, it's not necessarily malware but it is also not very useful. https://www.virustotal.com/en/file/a92058800cb534d9ce94f6e046346de5526...
by Cody Johnston
Sun Jul 09, 2017 7:18 am
Forum: Malware
Topic: looking for malware from Antivirus Hacker's Handbook
Replies: 3
Views: 6511

Re: looking for malware from Antivirus Hacker's Handbook

SHA1: 88b6a40a8aa0b8a6d515722d9801f8fb7d332482; MD5: 066c50f26a67619caae5816f96eae52d
Virus total link: https://www.virustotal.com/en/file/05d4 ... /analysis/

The second one is FlyStudio malware with SHA1 hash 405950e1d93073134bce2660a70b5ec0cfb39eab
attached
by Cody Johnston
Sat Feb 18, 2017 1:02 am
Forum: Newbie Questions
Topic: Decrypt Cerber
Replies: 3
Views: 9520

Re: Decrypt Cerber

thiviyan wrote:anyone here can decrypt cerber locker files? PM me if anyone can..
It is not possible without the key. The key is on their server. You have 2 options:

1. Restore your files from a backup
2. Pay the ransom and hope they follow through with a decrypter that works for you
by Cody Johnston
Mon Jan 04, 2016 7:06 pm
Forum: Malware
Topic: Ransomware-as-a-service, AKA Ransom32
Replies: 5
Views: 7595

Re: Ransomware-as-a-service, AKA Ransom32

Not everyone here has access to download on VT, would you please attach the sample to your post?