A forum for reverse engineering, OS internals and malware analysis 

Search found 67 matches

 Go to advanced search

Re: Malware collection

 by Fedor22 ¦  Mon Apr 15, 2019 4:11 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 60 ¦  Views: 502033

ikolor wrote: Mon Apr 15, 2019 12:47 pm What is this !!

https://www.virustotal.com/en/file/dbc0 ... 555332252/
PDF, Word phishing.
PDF and Word document contains a phishing link of Microsoft:
Code: Select all
hxxp://odontotepuy.com.ve/bossgate/office365/cha/The_BACHA

Re: TrojanDownloader:VBS/Bancos.A

 by Fedor22 ¦  Sun Apr 14, 2019 1:22 pm ¦  Forum: Completed Malware Requests ¦  Topic: TrojanDownloader:VBS/Bancos.A ¦  Replies: 2 ¦  Views: 97

Sample attached, I only found a VBS file, sorry for that.

Re: Malware collection

 by Fedor22 ¦  Fri Mar 22, 2019 4:04 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 60 ¦  Views: 502033

next https://www.virustotal.com/en/file/cd15d42de2ece59aa7b78ede50c2d3b5297f7637c928ebc92d9da2f56f055d01/analysis/1553198197/ Emotet downloader. Downloads exe from: hxxp://siamnatural.com/tmp/EmC/ Connects to CnC servers: hxxp://185.94.252.3:443/bml/tlb/ringin/ hxxp://185.94.252.3:443/ringin/arizon...

Re: Adware.IStartSurf

 by Fedor22 ¦  Fri Mar 08, 2019 6:22 pm ¦  Forum: Malware ¦  Topic: Adware.IStartSurf ¦  Replies: 1 ¦  Views: 303

I downloaded this sample from a site I was redirected to while googling. The file has unusual structure. Can somebody try analyzing this? Thanks. Virustotal: https://www.virustotal.com/#/file/e9b4b6b366e180811e7fc85c50478cc049617cc2ea8a2592cfecd90f5c535d4d It's Prepscram software bundler. It also c...

Re: B0r0nt0K ransomware

 by Fedor22 ¦  Sat Mar 02, 2019 4:55 pm ¦  Forum: Malware Requests ¦  Topic: B0r0nt0K ransomware ¦  Replies: 3 ¦  Views: 607

Curson wrote: Sat Mar 02, 2019 4:35 pm Here you are :d2e0d1ba05683f52e656580b4f7e3be7.zip

Password : infected
You attached Brontok email worm, It's not B0r0nt0K ransomware.

Re: Malware collection

 by Fedor22 ¦  Fri Mar 01, 2019 6:29 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 60 ¦  Views: 502033

ikolor wrote: Fri Mar 01, 2019 5:27 pm next ..

https://www.virustotal.com/en/file/9ec0 ... 551461174/
It's CVE-2017-11882 exploit, downloads exe from this page:
Code: Select all
hxxp://chukwu.gq/bin/winlogon.exe
Doc file downloaded from:
Code: Select all
hxxp://bitechsolutions.org/bin/PO2241.doc

Re: Malware collection

 by Fedor22 ¦  Thu Feb 14, 2019 12:51 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 60 ¦  Views: 502033

Thanks .I can't find good malware sorry for it. https://www.virustotal.com/en/file/240147ddf0ca930dde92ce9b2d12c056e911aeddd8b5f60c6007b90b23d12f3c/analysis/1550144002/ https://www.virustotal.com/en/file/2a513c7ff89b67215de06bd11295f3fe11bbce26d47fe7368890f54ff6e2d067/analysis/1550143653/ The fisrt...

Re: Android Malware(All Android malware goes here)

 by Fedor22 ¦  Tue Feb 12, 2019 7:22 pm ¦  Forum: Malware ¦  Topic: Android Malware(All Android malware goes here) ¦  Replies: 105 ¦  Views: 191957

MetaMask (First clipper malware discovered on Google Play).
Attached sample from this blog:
https://www.welivesecurity.com/2019/02/ ... ogle-play/

Re: RedEye Ransomware

 by Fedor22 ¦  Tue Feb 12, 2019 3:12 pm ¦  Forum: Malware ¦  Topic: RedEye Ransomware ¦  Replies: 7 ¦  Views: 3939

hackr8 wrote: Tue Feb 12, 2019 3:11 pm New link: https://nofile.io/f/3oprc2ju2ey/RedEye.zip
Password: infected
Strange, for me it says: "File not found".

Re: Malware collection

 by Fedor22 ¦  Fri Feb 08, 2019 7:23 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 60 ¦  Views: 502033

ikolor wrote: Fri Feb 08, 2019 6:40 pm thanks you

https://www.virustotal.com/en/file/36db ... 549651050/
Emotet downloader.
Downloads exe from:
Code: Select all
hxxp://kynangdaotao.com/PpfjSFJN12uX
Connects to CnC server:
Code: Select all
hxxp://133.242.164.31:7080/

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7