A forum for reverse engineering, OS internals and malware analysis 

Search found 6 matches

 Go to advanced search

Re: trojan.Evrial Cryptocurrency stealer

 by fonavozia ¦  Fri Mar 16, 2018 8:00 am ¦  Forum: Malware ¦  Topic: trojan.Evrial Cryptocurrency stealer ¦  Replies: 4 ¦  Views: 5690

Sample in attachment (379aa4c0fe0e2027e76341e075321fa0).

Re: trojan.Evrial Cryptocurrency stealer

 by fonavozia ¦  Fri Mar 16, 2018 7:58 am ¦  Forum: Malware ¦  Topic: trojan.Evrial Cryptocurrency stealer ¦  Replies: 4 ¦  Views: 5690

C&C address is downloaded from hxxps://github.com/sevampir/evrial (hxxps://raw.githubusercontent.com/sevampir/evrial/master/LICENSE.md/evrial)

Re: Sandboxes (Discussion)

 by fonavozia ¦  Thu Mar 15, 2018 9:38 am ¦  Forum: Malware ¦  Topic: Sandboxes (Discussion) ¦  Replies: 25 ¦  Views: 26974

After the death of malwr.com (plain simple cuckoo sandbox without the hassle) I've switched to maldun (https://www.maldun.com/dashboard/). The only drawback it's in Chinese, but the links and css classes are pretty self-explanatory, so I've already got used to all its characters :)

Re: trojan.Evrial Cryptocurrency stealer

 by fonavozia ¦  Fri Mar 02, 2018 2:23 pm ¦  Forum: Malware ¦  Topic: trojan.Evrial Cryptocurrency stealer ¦  Replies: 4 ¦  Views: 5690

C&C moved to hxxps://projectevrial.com/login/.

Re: Trojan-Ransom.BAT.Agent.ay

 by fonavozia ¦  Thu Jan 28, 2016 7:07 am ¦  Forum: Malware ¦  Topic: Trojan-Ransom.BAT.Agent.ay ¦  Replies: 2 ¦  Views: 2856

Interestingly the malware exe web sites giving different exe without the "rnd" GET parameter (attached).

Re: Trojan-Ransom.BAT.Agent.ay

 by fonavozia ¦  Thu Jan 28, 2016 6:59 am ¦  Forum: Malware ¦  Topic: Trojan-Ransom.BAT.Agent.ay ¦  Replies: 2 ¦  Views: 2856

>encrypted using strong RSA-1024 algorithm with a unique key
>xor with static alphanumeric string
Sounds good.