A forum for reverse engineering, OS internals and malware analysis 

Search found 71 matches

 Go to advanced search

Re: Malware collection

 by Fedor22 ¦  Thu Apr 25, 2019 6:31 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 62 ¦  Views: 502282

ikolor wrote: Thu Apr 25, 2019 4:27 pm Thanks

https://www.virustotal.com/en/file/e2a7 ... 556209518/
TrickBot trojan.

Re: Looking for FIN7 decoy doc

 by Fedor22 ¦  Thu Apr 25, 2019 6:16 pm ¦  Forum: Completed Malware Requests ¦  Topic: Looking for FIN7 decoy doc ¦  Replies: 2 ¦  Views: 37

Sample attached.

Re: Looking for RATANKBA samples

 by Fedor22 ¦  Wed Apr 24, 2019 1:05 pm ¦  Forum: Completed Malware Requests ¦  Topic: Looking for RATANKBA samples ¦  Replies: 4 ¦  Views: 76

Some more samples, but I don't found this:

Code: Select all
650d7b814922b58b6580041cb0aa9d27dae7e94e6d899bbb3b4aa5f1047fca0f
772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01
Other samples attached.

Re: Looking for RATANKBA samples

 by Fedor22 ¦  Wed Apr 24, 2019 12:40 pm ¦  Forum: Completed Malware Requests ¦  Topic: Looking for RATANKBA samples ¦  Replies: 4 ¦  Views: 76

Code: Select all
4722138dda262a2dca5cbf9acd40f150759c006f56b7637769282dba54de0cab
Sample attached.

Re: Malware collection

 by Fedor22 ¦  Mon Apr 15, 2019 4:11 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 62 ¦  Views: 502282

ikolor wrote: Mon Apr 15, 2019 12:47 pm What is this !!

https://www.virustotal.com/en/file/dbc0 ... 555332252/
PDF, Word phishing.
PDF and Word document contains a phishing link of Microsoft:
Code: Select all
hxxp://odontotepuy.com.ve/bossgate/office365/cha/The_BACHA

Re: TrojanDownloader:VBS/Bancos.A

 by Fedor22 ¦  Sun Apr 14, 2019 1:22 pm ¦  Forum: Completed Malware Requests ¦  Topic: TrojanDownloader:VBS/Bancos.A ¦  Replies: 2 ¦  Views: 124

Sample attached, I only found a VBS file, sorry for that.

Re: Malware collection

 by Fedor22 ¦  Fri Mar 22, 2019 4:04 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 62 ¦  Views: 502282

next https://www.virustotal.com/en/file/cd15d42de2ece59aa7b78ede50c2d3b5297f7637c928ebc92d9da2f56f055d01/analysis/1553198197/ Emotet downloader. Downloads exe from: hxxp://siamnatural.com/tmp/EmC/ Connects to CnC servers: hxxp://185.94.252.3:443/bml/tlb/ringin/ hxxp://185.94.252.3:443/ringin/arizon...

Re: Adware.IStartSurf

 by Fedor22 ¦  Fri Mar 08, 2019 6:22 pm ¦  Forum: Malware ¦  Topic: Adware.IStartSurf ¦  Replies: 1 ¦  Views: 320

I downloaded this sample from a site I was redirected to while googling. The file has unusual structure. Can somebody try analyzing this? Thanks. Virustotal: https://www.virustotal.com/#/file/e9b4b6b366e180811e7fc85c50478cc049617cc2ea8a2592cfecd90f5c535d4d It's Prepscram software bundler. It also c...

Re: B0r0nt0K ransomware

 by Fedor22 ¦  Sat Mar 02, 2019 4:55 pm ¦  Forum: Malware Requests ¦  Topic: B0r0nt0K ransomware ¦  Replies: 3 ¦  Views: 637

Curson wrote: Sat Mar 02, 2019 4:35 pm Here you are :d2e0d1ba05683f52e656580b4f7e3be7.zip

Password : infected
You attached Brontok email worm, It's not B0r0nt0K ransomware.

Re: Malware collection

 by Fedor22 ¦  Fri Mar 01, 2019 6:29 pm ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 62 ¦  Views: 502282

ikolor wrote: Fri Mar 01, 2019 5:27 pm next ..

https://www.virustotal.com/en/file/9ec0 ... 551461174/
It's CVE-2017-11882 exploit, downloads exe from this page:
Code: Select all
hxxp://chukwu.gq/bin/winlogon.exe
Doc file downloaded from:
Code: Select all
hxxp://bitechsolutions.org/bin/PO2241.doc

  • 1
  • 2
  • 3
  • 4
  • 5
  • 8