Malware collection

Forum for analysis and discussion about malware.
Fedor22
Posts: 56
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: Malware collection

Post by Fedor22 » Wed Jan 30, 2019 3:50 pm

ikolor wrote:
Wed Jan 30, 2019 3:30 pm
Thanks buddy .

https://www.virustotal.com/en/file/f0fd ... 548862087/
Emotet downloader.
Downloads exe from:

Code: Select all

hxxp://www.vario-reducer.com/wp-content/bGkoUUavZySGn
hxxp://mail.saglikpersoneli.net/sohft/PTYGsf41Witt_k
Connects to CnC server:

Code: Select all

hxxp://173.73.83.146/

Antelox
Posts: 264
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Thu Jan 31, 2019 8:59 am

ikolor wrote:
Wed Jan 30, 2019 3:30 pm
Thanks buddy .

https://www.virustotal.com/en/file/f0fd ... 548862087/
I have got also Qakbot/QBot from the distribution URLs contacted by the doc:

Code: Select all

hxxp://kadinveyasam.org/wp-content/languages/EZ22B35GBTu9z_N
hxxp://mail.saglikpersoneli.net/sohft/PTYGsf41Witt_k
hxxp://mingroups.vn/NYV82LSYWEs_s1
hxxp://www.ontamada.ru/RDUstD0DxgOP
hxxp://www.vario-reducer.com/wp-content/bGkoUUavZySGn
Binary downloaded: https://www.virustotal.com/en/file/6cf9 ... /analysis/

BR,

Antelox

ikolor
Posts: 325
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Fri Feb 01, 2019 1:25 pm

You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 325
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Sat Feb 02, 2019 1:55 pm

You do not have the required permissions to view the files attached to this post.

Fedor22
Posts: 56
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: Malware collection

Post by Fedor22 » Sat Feb 02, 2019 3:38 pm

I don't found some kind of malicious here. It's just false positive, not malware.

ikolor
Posts: 325
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Sat Feb 02, 2019 4:06 pm

You do not have the required permissions to view the files attached to this post.

Fedor22
Posts: 56
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: Malware collection

Post by Fedor22 » Sat Feb 02, 2019 7:09 pm

ikolor wrote:
Sat Feb 02, 2019 4:06 pm
thanks you

https://www.virustotal.com/en/file/70f7 ... 549123460/
Emotet banker (not downloader).
Connects to CnC servers:

Code: Select all

hxxp://201.142.199.76
hxxp://190.159.143.96

ikolor
Posts: 325
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Sat Feb 02, 2019 8:39 pm

You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 325
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Fri Feb 08, 2019 3:55 pm

You do not have the required permissions to view the files attached to this post.

Fedor22
Posts: 56
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: Malware collection

Post by Fedor22 » Fri Feb 08, 2019 5:00 pm

It's XMR-Stak bitcoin miner, also contains dll component.

Post Reply