Malware collection

Forum for analysis and discussion about malware.
ikolor
Posts: 326
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Mon Feb 18, 2019 5:33 pm

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 264
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Mon Feb 18, 2019 6:33 pm

Geodo/Emotet doc downloader

Downloads this: https://www.virustotal.com/en/file/1d3d ... /analysis/

BR,

Antelox

ikolor
Posts: 326
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Wed Feb 20, 2019 1:46 pm

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 264
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Wed Feb 20, 2019 3:19 pm

ikolor wrote:
Wed Feb 20, 2019 1:46 pm
Thanks you buddy


https://www.virustotal.com/en/file/130b ... 550670320/
Shade/Troldesh ransomware js downloader:

Downloads this: https://www.virustotal.com/en/file/267b ... /analysis/

BR,

Antelox

ikolor
Posts: 326
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Wed Feb 20, 2019 8:10 pm

You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 326
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Mon Feb 25, 2019 8:58 pm

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 264
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Tue Feb 26, 2019 8:29 am

ikolor wrote:
Mon Feb 25, 2019 8:58 pm
next ..

https://www.virustotal.com/en/file/e756 ... 551128265/
The JS drops a zip (MD5: f309252a5f81c59e6ff2fd91f6c541dd) which contains a scr file (MD5: 26e3954ea1e29b171f592bcf81e6dd60) which belongs to the DarkComet RAT.

C2:

Code: Select all

winningstar.ddns.net:5592
BR,

Antelox

ikolor
Posts: 326
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Tue Feb 26, 2019 9:13 pm

next ..
Free access .Strange for me :

209.91.183.154:8083


https://www.virustotal.com/en/file/9f6a ... 551215509/
You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 326
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Fri Mar 01, 2019 5:27 pm

You do not have the required permissions to view the files attached to this post.

Fedor22
Posts: 56
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: Malware collection

Post by Fedor22 » Fri Mar 01, 2019 6:29 pm

ikolor wrote:
Fri Mar 01, 2019 5:27 pm
next ..

https://www.virustotal.com/en/file/9ec0 ... 551461174/
It's CVE-2017-11882 exploit, downloads exe from this page:

Code: Select all

hxxp://chukwu.gq/bin/winlogon.exe
Doc file downloaded from:

Code: Select all

hxxp://bitechsolutions.org/bin/PO2241.doc

Post Reply