A forum for reverse engineering, OS internals and malware analysis 

Search found 72 matches

 Go to advanced search

Re: Malware collection

 by Fedor22 ¦  Fri May 24, 2019 4:22 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 65 ¦  Views: 503609

next https://www.virustotal.com/en/file/b1514ac243b9f608459e81580031d3c42629a2a91bc603eda23e080cde4379ef/analysis/1558636756/ Emotet downloader. Downloads exe from: hxxp://golfingtrail.com/wp-content/sdqxmmt_cdpt6j-862703104/ Connects to C&C servers: hxxp://76.86.20.103/jit/stubs/ringin/ hxxp://5.6...

Re: Malware collection

 by Fedor22 ¦  Thu Apr 25, 2019 6:31 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 65 ¦  Views: 503609

ikolor wrote: Thu Apr 25, 2019 4:27 pm Thanks

https://www.virustotal.com/en/file/e2a7 ... 556209518/
TrickBot trojan.

Re: Looking for FIN7 decoy doc

 by Fedor22 ¦  Thu Apr 25, 2019 6:16 pm ¦  Forum: Completed Malware Requests ¦  Topic: Looking for FIN7 decoy doc ¦  Replies: 2 ¦  Views: 157

Sample attached.

Re: Looking for RATANKBA samples

 by Fedor22 ¦  Wed Apr 24, 2019 1:05 pm ¦  Forum: Completed Malware Requests ¦  Topic: Looking for RATANKBA samples ¦  Replies: 4 ¦  Views: 208

Some more samples, but I don't found this:

Code: Select all
650d7b814922b58b6580041cb0aa9d27dae7e94e6d899bbb3b4aa5f1047fca0f
772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01
Other samples attached.

Re: Looking for RATANKBA samples

 by Fedor22 ¦  Wed Apr 24, 2019 12:40 pm ¦  Forum: Completed Malware Requests ¦  Topic: Looking for RATANKBA samples ¦  Replies: 4 ¦  Views: 208

Code: Select all
4722138dda262a2dca5cbf9acd40f150759c006f56b7637769282dba54de0cab
Sample attached.

Re: Malware collection

 by Fedor22 ¦  Mon Apr 15, 2019 4:11 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 65 ¦  Views: 503609

ikolor wrote: Mon Apr 15, 2019 12:47 pm What is this !!

https://www.virustotal.com/en/file/dbc0 ... 555332252/
PDF, Word phishing.
PDF and Word document contains a phishing link of Microsoft:
Code: Select all
hxxp://odontotepuy.com.ve/bossgate/office365/cha/The_BACHA

Re: TrojanDownloader:VBS/Bancos.A

 by Fedor22 ¦  Sun Apr 14, 2019 1:22 pm ¦  Forum: Completed Malware Requests ¦  Topic: TrojanDownloader:VBS/Bancos.A ¦  Replies: 2 ¦  Views: 211

Sample attached, I only found a VBS file, sorry for that.

Re: Malware collection

 by Fedor22 ¦  Fri Mar 22, 2019 4:04 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 65 ¦  Views: 503609

next https://www.virustotal.com/en/file/cd15d42de2ece59aa7b78ede50c2d3b5297f7637c928ebc92d9da2f56f055d01/analysis/1553198197/ Emotet downloader. Downloads exe from: hxxp://siamnatural.com/tmp/EmC/ Connects to CnC servers: hxxp://185.94.252.3:443/bml/tlb/ringin/ hxxp://185.94.252.3:443/ringin/arizon...

Re: Adware.IStartSurf

 by Fedor22 ¦  Fri Mar 08, 2019 6:22 pm ¦  Forum: Malware ¦  Topic: Adware.IStartSurf ¦  Replies: 1 ¦  Views: 516

I downloaded this sample from a site I was redirected to while googling. The file has unusual structure. Can somebody try analyzing this? Thanks. Virustotal: https://www.virustotal.com/#/file/e9b4b6b366e180811e7fc85c50478cc049617cc2ea8a2592cfecd90f5c535d4d It's Prepscram software bundler. It also c...

Re: B0r0nt0K ransomware

 by Fedor22 ¦  Sat Mar 02, 2019 4:55 pm ¦  Forum: Malware Requests ¦  Topic: B0r0nt0K ransomware ¦  Replies: 3 ¦  Views: 764

Curson wrote: Sat Mar 02, 2019 4:35 pm Here you are :d2e0d1ba05683f52e656580b4f7e3be7.zip

Password : infected
You attached Brontok email worm, It's not B0r0nt0K ransomware.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 8