A forum for reverse engineering, OS internals and malware analysis 

Search found 163 matches

 Go to advanced search

VBOX Sandbox Escape - Guest to Host

 by Cody Johnston ¦  Thu Nov 08, 2018 5:29 pm ¦  Forum: General Discussion ¦  Topic: VBOX Sandbox Escape - Guest to Host ¦  Replies: 1 ¦  Views: 1346

Hi All! I haven't tested this myself yet, but it seems that someone has found a bug that allows escaping VBOX from guest to host. Here is a link to the full writeup, there is code in there but it's not ready-made for people to just go and use, as the code is within the writeup: https://github.com/Mo...

Re: BKDR_OWAUTH.A - Bronze Union

 by Cody Johnston ¦  Thu Aug 10, 2017 11:45 pm ¦  Forum: Completed Malware Requests ¦  Topic: BKDR_OWAUTH.A - Bronze Union ¦  Replies: 1 ¦  Views: 4001

Associated with https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizations Can you please upload samples of below? https://virustotal.com/en/file/0e823a5b64ee761b70315548d484b5b9c4b61968b5068f9a8687c612ddbfeb80/analysis/ cd5aaa37ee165071f914ceec8fd09e0f https://virustotal....

Re: Malware collection

 by Cody Johnston ¦  Fri Jul 28, 2017 7:37 pm ¦  Forum: Malware ¦  Topic: O97M/Donoff ¦  Replies: 1 ¦  Views: 267

Thanks you a lot. https://www.virustotal.com/en/file/1291d86163aba76ad8d38665f405eb314234aa23463f2008b9afaca3252da588/analysis/1501258949/ Downloads GlobelImposter ransomware from: hxxp://rghuston.com/gxrdcca/ https://www.virustotal.com/en/file/2c42d67534ccb9c418adbe4a0a6d237d7cb8598775d2d5efe22960...

Re: Malware collection

 by Cody Johnston ¦  Sat Jul 22, 2017 7:46 am ¦  Forum: Malware ¦  Topic: RevengeRAT ¦  Replies: 5 ¦  Views: 778

https://www.virustotal.com/en/file/c4600108d457504ad84493dde0c63d811d01d4c913ae2a62c61dc5e6cf890545/analysis/ That is called 'RevengeRAT' this.ID = "SGFja2VkIEJ5IEhhbGxhag=="; ID string says 'Hacked By Hallaj' It gets the payload from pastebin: hxxps://pastebin.com/raw/UCXsTaZ8 then loads it using ...

Re: ADWIND /jRAT

 by Cody Johnston ¦  Wed Jul 12, 2017 12:53 am ¦  Forum: Malware ¦  Topic: ADWIND /jRAT ¦  Replies: 1 ¦  Views: 5855

Re: Malware collection

 by Cody Johnston ¦  Mon Jul 10, 2017 12:09 am ¦  Forum: Malware ¦  Topic: OSX/Mackeeper ¦  Replies: 3 ¦  Views: 349

https://www.virustotal.com/en/file/f559c9e3f2f90e1037fb13486bf815fb42553975232ddfee87b9b72c89fbadb8/analysis/1499619085/ This one is MacKeeper. It is a PUP for mac OS, it's not necessarily malware but it is also not very useful. https://www.virustotal.com/en/file/a92058800cb534d9ce94f6e046346de5526...

Re: looking for malware from Antivirus Hacker's Handbook

 by Cody Johnston ¦  Sun Jul 09, 2017 7:18 am ¦  Forum: Malware ¦  Topic: looking for malware from Antivirus Hacker's Handbook ¦  Replies: 3 ¦  Views: 6951

SHA1: 88b6a40a8aa0b8a6d515722d9801f8fb7d332482; MD5: 066c50f26a67619caae5816f96eae52d
Virus total link: https://www.virustotal.com/en/file/05d4 ... /analysis/

The second one is FlyStudio malware with SHA1 hash 405950e1d93073134bce2660a70b5ec0cfb39eab
attached

Re: Decrypt Cerber

 by Cody Johnston ¦  Sat Feb 18, 2017 1:02 am ¦  Forum: Newbie Questions ¦  Topic: Decrypt Cerber ¦  Replies: 3 ¦  Views: 9850

thiviyan wrote:anyone here can decrypt cerber locker files? PM me if anyone can..
It is not possible without the key. The key is on their server. You have 2 options:

1. Restore your files from a backup
2. Pay the ransom and hope they follow through with a decrypter that works for you

Re: Ransomware-as-a-service, AKA Ransom32

 by Cody Johnston ¦  Mon Jan 04, 2016 7:06 pm ¦  Forum: Malware ¦  Topic: Ransomware-as-a-service, AKA Ransom32 ¦  Replies: 5 ¦  Views: 8982

Not everyone here has access to download on VT, would you please attach the sample to your post?

Encryptor RaaS

 by Cody Johnston ¦  Mon Jul 27, 2015 8:23 pm ¦  Forum: Malware ¦  Topic: Encryptor RaaS ¦  Replies: 1 ¦  Views: 3850

I came across this post on Reddit today, looks like someone has a new Ransomware As A Service up and running. Original Thread: https://www.reddit.com/r/Malware/comments/3err9u/a_new_toxlike_ransomware/ Generate Encryptor: hxxp://encryptor3awk6px.onion/ Get Decrypter: hxxp://decryptoraveidf7.onion/ T...

  • 1
  • 2
  • 3
  • 4
  • 5
  • 17