A forum for reverse engineering, OS internals and malware analysis 

Search found 45 matches

 Go to advanced search

Re: Linux/FileCoder (Linux.Encoder)

 by K_Mikhail ¦  Mon May 29, 2017 8:24 am ¦  Forum: Malware ¦  Topic: Linux/FileCoder (Linux.Encoder) ¦  Replies: 18 ¦  Views: 52306

+0970517c94e7ce891b2808ec614cd075a2fe4ec8: [0/56]: https://virustotal.com/ru/file/cdf46ec2 ... 496045816/

Re: Linux/FileCoder (Linux.Encoder)

 by K_Mikhail ¦  Fri May 26, 2017 10:57 am ¦  Forum: Malware ¦  Topic: Linux/FileCoder (Linux.Encoder) ¦  Replies: 18 ¦  Views: 52306

be9d1a4dc0755a8cb16fd441c49e3231207600a6 ( - (probably, will be Linux.Encoder.8 in some future) || HEUR:Trojan-Ransom.Linux.Cryptor.g || Linux/Filecoder.J (due to response from ESET Malware Response Team)) It's not a trojan. It's a task from CTF. Yes, thanks! The same feedback I've got from Dr.Web'...

Re: Linux/FileCoder (Linux.Encoder)

 by K_Mikhail ¦  Fri May 19, 2017 12:25 pm ¦  Forum: Malware ¦  Topic: Linux/FileCoder (Linux.Encoder) ¦  Replies: 18 ¦  Views: 52306

be9d1a4dc0755a8cb16fd441c49e3231207600a6 ( - (probably, will be Linux.Encoder.8 in some future) || HEUR:Trojan-Ransom.Linux.Cryptor.g || Linux/Filecoder.J (due to response from ESET Malware Response Team)) It's not a trojan. It's a task from CTF. Yes, thanks! The same feedback I've got from Dr.Web'...

Re: Linux/FileCoder (Linux.Encoder)

 by K_Mikhail ¦  Sun May 14, 2017 1:47 pm ¦  Forum: Malware ¦  Topic: Linux/FileCoder (Linux.Encoder) ¦  Replies: 18 ¦  Views: 52306

Linux/FileCoder (Linux.Encoder) hash-snapshot on 25th April 2017: SHA1 (Dr.Web || Kaspersky || NOD32): 810806c3967e03f2fa2b9223d24ee0e3d42209d3 (Linux.Encoder.1 || Trojan-Ransom.FreeBSD.Cryptor.a || Linux/Filecoder.A); 5bd6b41aa29bd5ea1424a31dadd7c1cfb3e09616 (Linux.Encoder.1 || Trojan-Ransom.Linux...

Linux.Zyarinig

 by K_Mikhail ¦  Wed Apr 26, 2017 11:45 am ¦  Forum: Malware ¦  Topic: Linux.Zyarinig ¦  Replies: 0 ¦  Views: 5803

Found here: [1] https://detux.org/report.php?sha256=96a81eec1f9992c1681cc8ec83a60ba5bf8139e43f9cf20ef78a5f8c9b15c75f [2] https://detux.org/report.php?sha256=2d50db92171aa4305659ee7ae72199110a1bd0c0b063dea28a5dc33e0f9c6112 VT ratio: 0/56 [3] https://www.virustotal.com/en/file/96a81eec1f9992c1681cc8ec...

Re: Linux/FileCoder (Linux.Encoder)

 by K_Mikhail ¦  Tue Apr 25, 2017 9:48 am ¦  Forum: Malware ¦  Topic: Linux/FileCoder (Linux.Encoder) ¦  Replies: 18 ¦  Views: 52306

Linux/FileCoder (Linux.Encoder) hash-snapshot on 25th April 2017: SHA1 (Dr.Web || Kaspersky || NOD32): 810806c3967e03f2fa2b9223d24ee0e3d42209d3 (Linux.Encoder.1 || Trojan-Ransom.FreeBSD.Cryptor.a || Linux/Filecoder.A); 5bd6b41aa29bd5ea1424a31dadd7c1cfb3e09616 (Linux.Encoder.1 || Trojan-Ransom.Linux....

Re: Malware in mexican ATM

 by K_Mikhail ¦  Sun Feb 19, 2017 9:59 am ¦  Forum: Malware ¦  Topic: Malware in mexican ATM ¦  Replies: 19 ¦  Views: 44230

Seems, Fireeye missed this sample for their article: Diebold.exe: https://virustotal.com/ru/file/0971c166826163093093fb199d883f2544055bdcfc671e7789bd5088992debe5/analysis/1487497822/ (also BKDR_PLOUTUS.D by TrendMicro) MD5: 328ec445fce0ec1e15972fef9ec4ce38 SHA1: ad8a7c5d1287b1fb8b8e874ba9bdb7be0ee97...

Re: Linux/Mayhem

 by K_Mikhail ¦  Thu Jan 26, 2017 10:58 pm ¦  Forum: Malware ¦  Topic: Linux/Mayhem ¦  Replies: 26 ¦  Views: 60838

Seems, this mal-family is still alive a little bit. Last found files (SHA1): dd5e5b4ea73aaea1481690908d62a981c0151bd0 (https://virustotal.com/en/file/06c02e6fd42e7f4b0e8c1ce42ba91d8385752347343706d420861ff855b31552/analysis/1485471150/) 97b27d96788325ef16bcb342cd2f070265e1a00e (https://virustotal.co...

Re: Linux.CyberEurope

 by K_Mikhail ¦  Sat Dec 17, 2016 11:10 am ¦  Forum: Malware ¦  Topic: Linux.CyberEurope ¦  Replies: 7 ¦  Views: 12314

A detailed description could be found here: http://vms.drweb.com/virus/?_is=1&i=8598627 A Trojan for Linux operating systems. Its code appears to have been written for research purposes as part of the https://cyber-europe.net project. That's interesting, because Linux.Encoder.6/HEUR:Trojan-Ransom.L...

DualToy Malware (Palo Alto analysis)

 by K_Mikhail ¦  Wed Sep 14, 2016 6:59 pm ¦  Forum: Malware ¦  Topic: DualToy Malware (Palo Alto analysis) ¦  Replies: 1 ¦  Views: 3244

Palo Alto analysis: http://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/ In a recent variant, DualToy will download a PE executable named “appdata.exe” as well as an ELF executable file named “guardmb” from the C2 server. guar...