Search found 163 matches

by Cody Johnston
Thu Nov 08, 2018 5:29 pm
Forum: General Discussion
Topic: VBOX Sandbox Escape - Guest to Host
Replies: 1
Views: 1208

VBOX Sandbox Escape - Guest to Host

Hi All! I haven't tested this myself yet, but it seems that someone has found a bug that allows escaping VBOX from guest to host. Here is a link to the full writeup, there is code in there but it's not ready-made for people to just go and use, as the code is within the writeup: https://github.com/Mo...
by Cody Johnston
Thu Aug 10, 2017 11:45 pm
Forum: Completed Malware Requests
Topic: BKDR_OWAUTH.A - Bronze Union
Replies: 1
Views: 3988

Re: BKDR_OWAUTH.A - Bronze Union

Associated with https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizations Can you please upload samples of below? https://virustotal.com/en/file/0e823a5b64ee761b70315548d484b5b9c4b61968b5068f9a8687c612ddbfeb80/analysis/ cd5aaa37ee165071f914ceec8fd09e0f https://virustotal....
by Cody Johnston
Fri Jul 28, 2017 7:37 pm
Forum: Malware
Topic: O97M/Donoff
Replies: 1
Views: 251

Re: Malware collection

Thanks you a lot. https://www.virustotal.com/en/file/1291d86163aba76ad8d38665f405eb314234aa23463f2008b9afaca3252da588/analysis/1501258949/ Downloads GlobelImposter ransomware from: hxxp://rghuston.com/gxrdcca/ https://www.virustotal.com/en/file/2c42d67534ccb9c418adbe4a0a6d237d7cb8598775d2d5efe22960...
by Cody Johnston
Sat Jul 22, 2017 7:46 am
Forum: Malware
Topic: RevengeRAT
Replies: 5
Views: 726

Re: Malware collection

https://www.virustotal.com/en/file/c4600108d457504ad84493dde0c63d811d01d4c913ae2a62c61dc5e6cf890545/analysis/ That is called 'RevengeRAT' this.ID = "SGFja2VkIEJ5IEhhbGxhag=="; ID string says 'Hacked By Hallaj' It gets the payload from pastebin: hxxps://pastebin.com/raw/UCXsTaZ8 then loads it using ...
by Cody Johnston
Mon Jul 10, 2017 12:09 am
Forum: Malware
Topic: OSX/Mackeeper
Replies: 3
Views: 328

Re: Malware collection

https://www.virustotal.com/en/file/f559c9e3f2f90e1037fb13486bf815fb42553975232ddfee87b9b72c89fbadb8/analysis/1499619085/ This one is MacKeeper. It is a PUP for mac OS, it's not necessarily malware but it is also not very useful. https://www.virustotal.com/en/file/a92058800cb534d9ce94f6e046346de5526...
by Cody Johnston
Sun Jul 09, 2017 7:18 am
Forum: Malware
Topic: looking for malware from Antivirus Hacker's Handbook
Replies: 3
Views: 6930

Re: looking for malware from Antivirus Hacker's Handbook

SHA1: 88b6a40a8aa0b8a6d515722d9801f8fb7d332482; MD5: 066c50f26a67619caae5816f96eae52d
Virus total link: https://www.virustotal.com/en/file/05d4 ... /analysis/

The second one is FlyStudio malware with SHA1 hash 405950e1d93073134bce2660a70b5ec0cfb39eab
attached
by Cody Johnston
Sat Feb 18, 2017 1:02 am
Forum: Newbie Questions
Topic: Decrypt Cerber
Replies: 3
Views: 9813

Re: Decrypt Cerber

thiviyan wrote:anyone here can decrypt cerber locker files? PM me if anyone can..
It is not possible without the key. The key is on their server. You have 2 options:

1. Restore your files from a backup
2. Pay the ransom and hope they follow through with a decrypter that works for you
by Cody Johnston
Mon Jan 04, 2016 7:06 pm
Forum: Malware
Topic: Ransomware-as-a-service, AKA Ransom32
Replies: 5
Views: 8951

Re: Ransomware-as-a-service, AKA Ransom32

Not everyone here has access to download on VT, would you please attach the sample to your post?
by Cody Johnston
Mon Jul 27, 2015 8:23 pm
Forum: Malware
Topic: Encryptor RaaS
Replies: 1
Views: 3829

Encryptor RaaS

I came across this post on Reddit today, looks like someone has a new Ransomware As A Service up and running. Original Thread: https://www.reddit.com/r/Malware/comments/3err9u/a_new_toxlike_ransomware/ Generate Encryptor: hxxp://encryptor3awk6px.onion/ Get Decrypter: hxxp://decryptoraveidf7.onion/ T...