Malware collection

Forum for analysis and discussion about malware.
ikolor
Posts: 320
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Malware collection

Post by ikolor » Wed Jul 29, 2015 12:58 pm

https://www.virustotal.com/en/file/a7ef ... /analysis/

There are collection of malware code .Above one scan on these sample.
You do not have the required permissions to view the files attached to this post.

markusg
Posts: 734
Joined: Mon Mar 15, 2010 2:53 pm

Re: Malware collection

Post by markusg » Fri Jul 14, 2017 7:25 am

open directory.
an exploit and other malware

Code: Select all

http://no2ro.com/17tes.doc
http://no2ro.com/gibsoncrypter.zip
http://no2ro.com/gibtest.exe
http://no2ro.com/kasati.exe
http://no2ro.com/test.hta
SHA256:
0305c67f80b56dc3b27ab2b27348862880bc23517ddce74e87a4a6fdcd2f0b9f
Dateiname:
17tes.doc
Erkennungsrate:
19 / 57
https://www.virustotal.com/de/file/0305 ... 500015953/

i unpacked gibsoncrypter.zip now the results of 2 exe files
SHA256:
18cae9f4f96d356db18924b182843e27e0759ef95422c1156e3588bfd60985a2
Dateiname:
BalloonFastBuilder.exe
Erkennungsrate:
1 / 63
https://www.virustotal.com/de/file/18ca ... 500016117/
SHA256:
454d6d2bc3603106bbdb151cf61ab50bfbe5cc63dc4d9a1da7c899b7c7e6e32a
Dateiname:
stub.exe
Erkennungsrate:
21 / 63
https://www.virustotal.com/de/file/454d ... 500016198/
SHA256:
dc39f1371bbb11f724fb9bb00cbe0a00b83f6cf4dbd6e60ae31bd3d82d383f9a
Dateiname:
gibtest.exe
Erkennungsrate:
17 / 62
https://www.virustotal.com/de/file/dc39 ... 500016401/
SHA256:
339764b340b4c70a02835054993c13d7a2562b8ced06168ae1318ebc0c52680e
Dateiname:
kasati.exe
Erkennungsrate:
28 / 62
https://www.virustotal.com/de/file/3397 ... 500016841/
You do not have the required permissions to view the files attached to this post.

User avatar
EP_X0FF
Global Moderator
Posts: 4872
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Malware collection

Post by EP_X0FF » Wed Jan 09, 2019 11:06 am

Most of posts moved to dedicated malware family topics.

False positives/offtopic removed.

Some posts cannot be moved because they contain packs of different malware.

Thread bump.
Ring0 - the source of inspiration

ikolor
Posts: 320
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Tue Jan 15, 2019 3:15 pm

You do not have the required permissions to view the files attached to this post.

Fedor22
Posts: 53
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: Malware collection

Post by Fedor22 » Tue Jan 15, 2019 5:44 pm

The first one is Emotet downloader. Downloads exe from:

Code: Select all

hxxp://www.niteshagrico.com/z7ISltpB
and connects to CnC server:

Code: Select all

hxxp://187.163.213.124:443/
The second is MSIL/APosT
And the third is Emotet downloader too. Downloads exe from:

Code: Select all

hxxp://www.unitepro.mx/PyZTGc_yPRX0x_ik0aFT
and connects to CnC servers:

Code: Select all

hxxp://187.207.58.148

Code: Select all

hxxp://201.230.255.100
Last edited by Fedor22 on Tue Jan 15, 2019 5:59 pm, edited 1 time in total.

ikolor
Posts: 320
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Tue Jan 15, 2019 5:57 pm

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 253
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Tue Jan 15, 2019 6:10 pm

More binary distribution URLs contacted by the sample fc03e1f920d4d45b7a8b7151aab189fa6abec650cfdd34687a488414e27fac7d

Code: Select all

hxxp://kynangtuhoc.com/h6pTDOH
hxxp://www.dnenes.com.mx/Wmv9Lwru
hxxp://www.hopeintlschool.org/ebIV1do
hxxp://www.niteshagrico.com/z7ISltpB
hxxp://www.tenmiengiarenhat.com/bIfcRi8Kc
More binary distribution URLs contacted by the sample cfedb49ef13185d61f0e08af6c1f08fa2014e4106c974f532448ebdee25bc07e

Code: Select all

hxxp://www.jessie-equitation.fr/H4Nn9_X736_ajROTy
hxxp://www.kartonaza-hudetz.hr/LERDIp_zNxmr_9A2
hxxp://www.lidstroy.ru/adfdl_tnvFDCC
hxxp://www.nkalitin.ru/3ghp_FE5B5_77azu
hxxp://www.unitepro.mx/PyZTGc_yPRX0x_ik0aFT
BR,

Antelox

Fedor22
Posts: 53
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: Malware collection

Post by Fedor22 » Tue Jan 15, 2019 6:22 pm

ikolor wrote:
Tue Jan 15, 2019 5:57 pm
thanks you a lot .

https://www.virustotal.com/en/file/077b ... 547574817/
USB Disk Security is not malicious but installer contains Linkzb toolbar, due to antiviruses detect this program as adware, it started from 6.4.0.1 version.

ikolor
Posts: 320
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Wed Jan 16, 2019 8:55 pm

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 253
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Thu Jan 17, 2019 10:24 am

ikolor wrote:
Wed Jan 16, 2019 8:55 pm
Thanks Fedor

https://www.virustotal.com/en/file/aea1 ... 547672015/
AZORult malware.

Code: Select all

C2: hxxp://163.172.146.202/AED77D05-A028-477C-B013-04F33F1385C3/index.php
BR,

Antelox

Post Reply