Malware collection
Malware collection
https://www.virustotal.com/en/file/a7ef ... /analysis/
There are collection of malware code .Above one scan on these sample.
There are collection of malware code .Above one scan on these sample.
You do not have the required permissions to view the files attached to this post.
Re: Malware collection
open directory.
an exploit and other malware
SHA256:
0305c67f80b56dc3b27ab2b27348862880bc23517ddce74e87a4a6fdcd2f0b9f
Dateiname:
17tes.doc
Erkennungsrate:
19 / 57
https://www.virustotal.com/de/file/0305 ... 500015953/
i unpacked gibsoncrypter.zip now the results of 2 exe files
SHA256:
18cae9f4f96d356db18924b182843e27e0759ef95422c1156e3588bfd60985a2
Dateiname:
BalloonFastBuilder.exe
Erkennungsrate:
1 / 63
https://www.virustotal.com/de/file/18ca ... 500016117/
SHA256:
454d6d2bc3603106bbdb151cf61ab50bfbe5cc63dc4d9a1da7c899b7c7e6e32a
Dateiname:
stub.exe
Erkennungsrate:
21 / 63
https://www.virustotal.com/de/file/454d ... 500016198/
SHA256:
dc39f1371bbb11f724fb9bb00cbe0a00b83f6cf4dbd6e60ae31bd3d82d383f9a
Dateiname:
gibtest.exe
Erkennungsrate:
17 / 62
https://www.virustotal.com/de/file/dc39 ... 500016401/
SHA256:
339764b340b4c70a02835054993c13d7a2562b8ced06168ae1318ebc0c52680e
Dateiname:
kasati.exe
Erkennungsrate:
28 / 62
https://www.virustotal.com/de/file/3397 ... 500016841/
an exploit and other malware
Code: Select all
http://no2ro.com/17tes.doc
http://no2ro.com/gibsoncrypter.zip
http://no2ro.com/gibtest.exe
http://no2ro.com/kasati.exe
http://no2ro.com/test.hta
0305c67f80b56dc3b27ab2b27348862880bc23517ddce74e87a4a6fdcd2f0b9f
Dateiname:
17tes.doc
Erkennungsrate:
19 / 57
https://www.virustotal.com/de/file/0305 ... 500015953/
i unpacked gibsoncrypter.zip now the results of 2 exe files
SHA256:
18cae9f4f96d356db18924b182843e27e0759ef95422c1156e3588bfd60985a2
Dateiname:
BalloonFastBuilder.exe
Erkennungsrate:
1 / 63
https://www.virustotal.com/de/file/18ca ... 500016117/
SHA256:
454d6d2bc3603106bbdb151cf61ab50bfbe5cc63dc4d9a1da7c899b7c7e6e32a
Dateiname:
stub.exe
Erkennungsrate:
21 / 63
https://www.virustotal.com/de/file/454d ... 500016198/
SHA256:
dc39f1371bbb11f724fb9bb00cbe0a00b83f6cf4dbd6e60ae31bd3d82d383f9a
Dateiname:
gibtest.exe
Erkennungsrate:
17 / 62
https://www.virustotal.com/de/file/dc39 ... 500016401/
SHA256:
339764b340b4c70a02835054993c13d7a2562b8ced06168ae1318ebc0c52680e
Dateiname:
kasati.exe
Erkennungsrate:
28 / 62
https://www.virustotal.com/de/file/3397 ... 500016841/
You do not have the required permissions to view the files attached to this post.
- EP_X0FF
- Global Moderator
- Posts: 4872
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
- Contact:
Re: Malware collection
Most of posts moved to dedicated malware family topics.
False positives/offtopic removed.
Some posts cannot be moved because they contain packs of different malware.
Thread bump.
False positives/offtopic removed.
Some posts cannot be moved because they contain packs of different malware.
Thread bump.
Ring0 - the source of inspiration
Re: Malware collection
Thanks for clean.
https://www.virustotal.com/en/file/fc03 ... 547571750/
https://www.virustotal.com/en/file/4955 ... 547565729/
https://www.virustotal.com/en/file/cfed ... 547565238/
https://www.virustotal.com/en/file/fc03 ... 547571750/
https://www.virustotal.com/en/file/4955 ... 547565729/
https://www.virustotal.com/en/file/cfed ... 547565238/
You do not have the required permissions to view the files attached to this post.
Re: Malware collection
The first one is Emotet downloader. Downloads exe from:ikolor wrote: ↑Tue Jan 15, 2019 3:15 pmThanks for clean.
https://www.virustotal.com/en/file/fc03 ... 547571750/
https://www.virustotal.com/en/file/4955 ... 547565729/
https://www.virustotal.com/en/file/cfed ... 547565238/
Code: Select all
hxxp://www.niteshagrico.com/z7ISltpB
Code: Select all
hxxp://187.163.213.124:443/
And the third is Emotet downloader too. Downloads exe from:
Code: Select all
hxxp://www.unitepro.mx/PyZTGc_yPRX0x_ik0aFT
Code: Select all
hxxp://187.207.58.148
Code: Select all
hxxp://201.230.255.100
Last edited by Fedor22 on Tue Jan 15, 2019 5:59 pm, edited 1 time in total.
Re: Malware collection
You do not have the required permissions to view the files attached to this post.
Re: Malware collection
More binary distribution URLs contacted by the sample fc03e1f920d4d45b7a8b7151aab189fa6abec650cfdd34687a488414e27fac7d
More binary distribution URLs contacted by the sample cfedb49ef13185d61f0e08af6c1f08fa2014e4106c974f532448ebdee25bc07e
BR,
Antelox
Code: Select all
hxxp://kynangtuhoc.com/h6pTDOH
hxxp://www.dnenes.com.mx/Wmv9Lwru
hxxp://www.hopeintlschool.org/ebIV1do
hxxp://www.niteshagrico.com/z7ISltpB
hxxp://www.tenmiengiarenhat.com/bIfcRi8Kc
Code: Select all
hxxp://www.jessie-equitation.fr/H4Nn9_X736_ajROTy
hxxp://www.kartonaza-hudetz.hr/LERDIp_zNxmr_9A2
hxxp://www.lidstroy.ru/adfdl_tnvFDCC
hxxp://www.nkalitin.ru/3ghp_FE5B5_77azu
hxxp://www.unitepro.mx/PyZTGc_yPRX0x_ik0aFT
Antelox
Re: Malware collection
USB Disk Security is not malicious but installer contains Linkzb toolbar, due to antiviruses detect this program as adware, it started from 6.4.0.1 version.ikolor wrote: ↑Tue Jan 15, 2019 5:57 pmthanks you a lot .
https://www.virustotal.com/en/file/077b ... 547574817/
Re: Malware collection
You do not have the required permissions to view the files attached to this post.
Re: Malware collection
AZORult malware.ikolor wrote: ↑Wed Jan 16, 2019 8:55 pmThanks Fedor
https://www.virustotal.com/en/file/aea1 ... 547672015/
Code: Select all
C2: hxxp://163.172.146.202/AED77D05-A028-477C-B013-04F33F1385C3/index.php
Antelox