Page 1 of 7

Malware collection

PostPosted:Wed Jul 29, 2015 12:58 pm
by ikolor
https://www.virustotal.com/en/file/a7ef ... /analysis/

There are collection of malware code .Above one scan on these sample.

Re: Malware collection

PostPosted:Fri Jul 14, 2017 7:25 am
by markusg
open directory.
an exploit and other malware
Code: Select all
http://no2ro.com/17tes.doc
http://no2ro.com/gibsoncrypter.zip
http://no2ro.com/gibtest.exe
http://no2ro.com/kasati.exe
http://no2ro.com/test.hta
SHA256:
0305c67f80b56dc3b27ab2b27348862880bc23517ddce74e87a4a6fdcd2f0b9f
Dateiname:
17tes.doc
Erkennungsrate:
19 / 57
https://www.virustotal.com/de/file/0305 ... 500015953/

i unpacked gibsoncrypter.zip now the results of 2 exe files
SHA256:
18cae9f4f96d356db18924b182843e27e0759ef95422c1156e3588bfd60985a2
Dateiname:
BalloonFastBuilder.exe
Erkennungsrate:
1 / 63
https://www.virustotal.com/de/file/18ca ... 500016117/
SHA256:
454d6d2bc3603106bbdb151cf61ab50bfbe5cc63dc4d9a1da7c899b7c7e6e32a
Dateiname:
stub.exe
Erkennungsrate:
21 / 63
https://www.virustotal.com/de/file/454d ... 500016198/
SHA256:
dc39f1371bbb11f724fb9bb00cbe0a00b83f6cf4dbd6e60ae31bd3d82d383f9a
Dateiname:
gibtest.exe
Erkennungsrate:
17 / 62
https://www.virustotal.com/de/file/dc39 ... 500016401/
SHA256:
339764b340b4c70a02835054993c13d7a2562b8ced06168ae1318ebc0c52680e
Dateiname:
kasati.exe
Erkennungsrate:
28 / 62
https://www.virustotal.com/de/file/3397 ... 500016841/

Re: Malware collection

PostPosted:Wed Jan 09, 2019 11:06 am
by EP_X0FF
Most of posts moved to dedicated malware family topics.

False positives/offtopic removed.

Some posts cannot be moved because they contain packs of different malware.

Thread bump.

Re: Malware collection

PostPosted:Tue Jan 15, 2019 3:15 pm
by ikolor

Re: Malware collection

PostPosted:Tue Jan 15, 2019 5:44 pm
by Fedor22
ikolor wrote: Tue Jan 15, 2019 3:15 pm Thanks for clean.

https://www.virustotal.com/en/file/fc03 ... 547571750/

https://www.virustotal.com/en/file/4955 ... 547565729/

https://www.virustotal.com/en/file/cfed ... 547565238/
The first one is Emotet downloader. Downloads exe from:
Code: Select all
hxxp://www.niteshagrico.com/z7ISltpB
and connects to CnC server:
Code: Select all
hxxp://187.163.213.124:443/
The second is MSIL/APosT
And the third is Emotet downloader too. Downloads exe from:
Code: Select all
hxxp://www.unitepro.mx/PyZTGc_yPRX0x_ik0aFT
and connects to CnC servers:
Code: Select all
hxxp://187.207.58.148
Code: Select all
hxxp://201.230.255.100

Re: Malware collection

PostPosted:Tue Jan 15, 2019 5:57 pm
by ikolor

Re: Malware collection

PostPosted:Tue Jan 15, 2019 6:10 pm
by Antelox
More binary distribution URLs contacted by the sample fc03e1f920d4d45b7a8b7151aab189fa6abec650cfdd34687a488414e27fac7d
Code: Select all
hxxp://kynangtuhoc.com/h6pTDOH
hxxp://www.dnenes.com.mx/Wmv9Lwru
hxxp://www.hopeintlschool.org/ebIV1do
hxxp://www.niteshagrico.com/z7ISltpB
hxxp://www.tenmiengiarenhat.com/bIfcRi8Kc
More binary distribution URLs contacted by the sample cfedb49ef13185d61f0e08af6c1f08fa2014e4106c974f532448ebdee25bc07e
Code: Select all
hxxp://www.jessie-equitation.fr/H4Nn9_X736_ajROTy
hxxp://www.kartonaza-hudetz.hr/LERDIp_zNxmr_9A2
hxxp://www.lidstroy.ru/adfdl_tnvFDCC
hxxp://www.nkalitin.ru/3ghp_FE5B5_77azu
hxxp://www.unitepro.mx/PyZTGc_yPRX0x_ik0aFT
BR,

Antelox

Re: Malware collection

PostPosted:Tue Jan 15, 2019 6:22 pm
by Fedor22
ikolor wrote: Tue Jan 15, 2019 5:57 pm thanks you a lot .

https://www.virustotal.com/en/file/077b ... 547574817/
USB Disk Security is not malicious but installer contains Linkzb toolbar, due to antiviruses detect this program as adware, it started from 6.4.0.1 version.

Re: Malware collection

PostPosted:Wed Jan 16, 2019 8:55 pm
by ikolor

Re: Malware collection

PostPosted:Thu Jan 17, 2019 10:24 am
by Antelox
ikolor wrote: Wed Jan 16, 2019 8:55 pm Thanks Fedor

https://www.virustotal.com/en/file/aea1 ... 547672015/
AZORult malware.
Code: Select all
C2: hxxp://163.172.146.202/AED77D05-A028-477C-B013-04F33F1385C3/index.php
BR,

Antelox