Page 5 of 7

Re: Malware collection

PostPosted:Mon Feb 18, 2019 5:33 pm
by ikolor

Re: Malware collection

PostPosted:Mon Feb 18, 2019 6:33 pm
by Antelox
ikolor wrote: Mon Feb 18, 2019 5:33 pm thanks

https://www.virustotal.com/en/file/c87e ... 550511084/
Geodo/Emotet doc downloader

Downloads this: https://www.virustotal.com/en/file/1d3d ... /analysis/

BR,

Antelox

Re: Malware collection

PostPosted:Wed Feb 20, 2019 1:46 pm
by ikolor

Re: Malware collection

PostPosted:Wed Feb 20, 2019 3:19 pm
by Antelox
ikolor wrote: Wed Feb 20, 2019 1:46 pm Thanks you buddy


https://www.virustotal.com/en/file/130b ... 550670320/
Shade/Troldesh ransomware js downloader:

Downloads this: https://www.virustotal.com/en/file/267b ... /analysis/

BR,

Antelox

Re: Malware collection

PostPosted:Wed Feb 20, 2019 8:10 pm
by ikolor

Re: Malware collection

PostPosted:Mon Feb 25, 2019 8:58 pm
by ikolor

Re: Malware collection

PostPosted:Tue Feb 26, 2019 8:29 am
by Antelox
ikolor wrote: Mon Feb 25, 2019 8:58 pm next ..

https://www.virustotal.com/en/file/e756 ... 551128265/
The JS drops a zip (MD5: f309252a5f81c59e6ff2fd91f6c541dd) which contains a scr file (MD5: 26e3954ea1e29b171f592bcf81e6dd60) which belongs to the DarkComet RAT.

C2:
Code: Select all
winningstar.ddns.net:5592
BR,

Antelox

Re: Malware collection

PostPosted:Tue Feb 26, 2019 9:13 pm
by ikolor
next ..
Free access .Strange for me :

209.91.183.154:8083


https://www.virustotal.com/en/file/9f6a ... 551215509/

Re: Malware collection

PostPosted:Fri Mar 01, 2019 5:27 pm
by ikolor

Re: Malware collection

PostPosted:Fri Mar 01, 2019 6:29 pm
by Fedor22
ikolor wrote: Fri Mar 01, 2019 5:27 pm next ..

https://www.virustotal.com/en/file/9ec0 ... 551461174/
It's CVE-2017-11882 exploit, downloads exe from this page:
Code: Select all
hxxp://chukwu.gq/bin/winlogon.exe
Doc file downloaded from:
Code: Select all
hxxp://bitechsolutions.org/bin/PO2241.doc