Malware collection

Forum for analysis and discussion about malware.

Re: Malware collection

Postby ikolor » Fri Jul 07, 2017 11:56 am

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 238
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

Re: Malware collection

Postby Antelox » Fri Jul 07, 2017 12:45 pm

Antelox
 
Posts: 104
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 82

Re: Malware collection

Postby ikolor » Sat Jul 08, 2017 4:12 pm

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 238
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

Re: Malware collection

Postby Antelox » Sun Jul 09, 2017 11:09 am



SHA25: dfe22eeb0eef4340604d4f7886bf58e980fd0ac2b72f50b10aad7fb8055d1340

AdWare that connects to a domain which hosts HasOffer ads tracking platform.

ET TROJAN Backdoor User-Agent (InstallCapital)

Code: Select all
Domain: http://fun.losscook.bid



SHA256: b9e2390f54ebfe328452d8b79d84b0d1869d27ade8c8819f519ad2100bfb46d5

A downloader which downloads Adware/InstallMonster.umbt from combinatorial.respection.ru

The AdWare phones home to:

Code: Select all
http://hiss.apprises.ru/tracking/installer?iid=


BR,

Antelox
Antelox
 
Posts: 104
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 82

Re: Malware collection

Postby ikolor » Sun Jul 09, 2017 4:41 pm

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 238
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

Re: Malware collection

Postby Cody Johnston » Mon Jul 10, 2017 12:09 am

https://www.virustotal.com/en/file/f559c9e3f2f90e1037fb13486bf815fb42553975232ddfee87b9b72c89fbadb8/analysis/1499619085/


This one is MacKeeper. It is a PUP for mac OS, it's not necessarily malware but it is also not very useful.

https://www.virustotal.com/en/file/a92058800cb534d9ce94f6e046346de55262d0a6d54b40312ede434aa36fbbda/analysis/1499617744/


This is a chinese malicous browser extension. It changes the HOSTS file, overwrites all browser desktop icons with new shortcut (to change homepage), mostly standard stuff for malicious browser extensions.

Installs kangle web server:

https://sourceforge.net/projects/kangle/

Attached config file for it.

Contacts a lot of hosts. Attached contacted hosts full list in csv format.

Something else interesting, it seems to do something with ChromeCast:

Image

More info here: https://www.reverse.it/sample/a92058800cb534d9ce94f6e046346de55262d0a6d54b40312ede434aa36fbbda?environmentId=100
You do not have the required permissions to view the files attached to this post.
Cody Johnston
 
Posts: 156
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Reputation point: 69

Re: Malware collection

Postby markusg » Mon Jul 10, 2017 8:45 pm

28a4ccd370fe65b344ba71bb3589cf9f3a79d566f06aa0427cf1ee4c3735e78b
Dateiname:
Update.exe
Erkennungsrate:
5 / 62
https://virustotal.com/de/file/28a4ccd3 ... /analysis/
You do not have the required permissions to view the files attached to this post.
markusg
 
Posts: 709
Joined: Mon Mar 15, 2010 2:53 pm
Reputation point: 138

Re: Malware collection

Postby ikolor » Wed Jul 12, 2017 8:30 am

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 238
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

Re: Malware collection

Postby ikolor » Wed Jul 12, 2017 3:30 pm

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 238
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

Re: Malware collection

Postby Antelox » Wed Jul 12, 2017 5:15 pm



vjw0rm

Code: Select all
hxxp://lipiec.ftpserver.biz:1742/Vre


BR,

Antelox
Antelox
 
Posts: 104
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 82

PreviousNext

Return to Malware

Who is online

Users browsing this forum: No registered users and 10 guests