Page 3 of 7

Re: Malware collection

PostPosted:Wed Jan 30, 2019 3:50 pm
by Fedor22
ikolor wrote: Wed Jan 30, 2019 3:30 pm Thanks buddy .

https://www.virustotal.com/en/file/f0fd ... 548862087/
Emotet downloader.
Downloads exe from:
Code: Select all
hxxp://www.vario-reducer.com/wp-content/bGkoUUavZySGn
hxxp://mail.saglikpersoneli.net/sohft/PTYGsf41Witt_k
Connects to CnC server:
Code: Select all
hxxp://173.73.83.146/

Re: Malware collection

PostPosted:Thu Jan 31, 2019 8:59 am
by Antelox
ikolor wrote: Wed Jan 30, 2019 3:30 pm Thanks buddy .

https://www.virustotal.com/en/file/f0fd ... 548862087/
I have got also Qakbot/QBot from the distribution URLs contacted by the doc:
Code: Select all
hxxp://kadinveyasam.org/wp-content/languages/EZ22B35GBTu9z_N
hxxp://mail.saglikpersoneli.net/sohft/PTYGsf41Witt_k
hxxp://mingroups.vn/NYV82LSYWEs_s1
hxxp://www.ontamada.ru/RDUstD0DxgOP
hxxp://www.vario-reducer.com/wp-content/bGkoUUavZySGn
Binary downloaded: https://www.virustotal.com/en/file/6cf9 ... /analysis/

BR,

Antelox

Re: Malware collection

PostPosted:Fri Feb 01, 2019 1:25 pm
by ikolor

Re: Malware collection

PostPosted:Sat Feb 02, 2019 1:55 pm
by ikolor

Re: Malware collection

PostPosted:Sat Feb 02, 2019 3:38 pm
by Fedor22
ikolor wrote: Sat Feb 02, 2019 1:55 pm I don't know .

https://www.virustotal.com/en/file/d2e1 ... 549115491/

http://mywedphoto.ru/
I don't found some kind of malicious here. It's just false positive, not malware.

Re: Malware collection

PostPosted:Sat Feb 02, 2019 4:06 pm
by ikolor

Re: Malware collection

PostPosted:Sat Feb 02, 2019 7:09 pm
by Fedor22
ikolor wrote: Sat Feb 02, 2019 4:06 pm thanks you

https://www.virustotal.com/en/file/70f7 ... 549123460/
Emotet banker (not downloader).
Connects to CnC servers:
Code: Select all
hxxp://201.142.199.76
hxxp://190.159.143.96

Re: Malware collection

PostPosted:Sat Feb 02, 2019 8:39 pm
by ikolor

Re: Malware collection

PostPosted:Fri Feb 08, 2019 3:55 pm
by ikolor

Re: Malware collection

PostPosted:Fri Feb 08, 2019 5:00 pm
by Fedor22
ikolor wrote: Fri Feb 08, 2019 3:55 pm next

https://www.virustotal.com/en/file/c8a2 ... 549641274/
It's XMR-Stak bitcoin miner, also contains dll component.