Malware collection

Forum for analysis and discussion about malware.
ikolor
Posts: 328
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Fri Feb 08, 2019 6:40 pm

You do not have the required permissions to view the files attached to this post.
Fedor22
Posts: 57
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Fri Feb 08, 2019 7:23 pm

ikolor wrote:
Fri Feb 08, 2019 6:40 pm
thanks you

https://www.virustotal.com/en/file/36db ... 549651050/
Emotet downloader.
Downloads exe from:

Code: Select all

hxxp://kynangdaotao.com/PpfjSFJN12uX
Connects to CnC server:

Code: Select all

hxxp://133.242.164.31:7080/
ikolor
Posts: 328
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Tue Feb 12, 2019 7:43 pm

You do not have the required permissions to view the files attached to this post.
Antelox
Posts: 266
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Wed Feb 13, 2019 10:23 am

Geodo/Emotet doc downloader.

Downloads this: https://www.virustotal.com/en/file/acf4 ... /analysis/

BR,

Antelox
ikolor
Posts: 328
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Thu Feb 14, 2019 11:30 am

You do not have the required permissions to view the files attached to this post.
Fedor22
Posts: 57
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Thu Feb 14, 2019 12:51 pm

ikolor wrote:
Thu Feb 14, 2019 11:30 am
Thanks .I can't find good malware sorry for it.

https://www.virustotal.com/en/file/2401 ... 550144002/


https://www.virustotal.com/en/file/2a51 ... 550143653/
The fisrt sample is Drupal JavaScript, not malicious.
The second sample is Emotet downloader.
Downloads exe from:

Code: Select all

hxxp://hifucancertreatment.com/wp-content/uploads/PKL8EApdvFOUn79
Connects to CnC server:

Code: Select all

hxxp://67.254.13.154/
ikolor
Posts: 328
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Thu Feb 14, 2019 7:12 pm

You do not have the required permissions to view the files attached to this post.
Antelox
Posts: 266
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Fri Feb 15, 2019 10:11 am

ikolor wrote:
Thu Feb 14, 2019 7:12 pm
Thanks you .Next file who knows

https://www.virustotal.com/en/file/d1e2 ... 550171450/
PDF phishing.

Links involved:

Code: Select all

hxxps://www.djfernandodg.com.ve/OndrvE/drive/syn/
hxxps://www.djfernandodg.com.ve/OndrvE/drive/syn/ODL.html
hxxps://www.djfernandodg.com.ve/OndrvE/drive/syn/MYM.html
hxxps://www.djfernandodg.com.ve/OndrvE/drive/syn/OLK.html
hxxps://www.djfernandodg.com.ve/OndrvE/drive/syn/HML.html
hxxps://www.djfernandodg.com.ve/OndrvE/drive/syn/AII.html
BR,

Antelox
ikolor
Posts: 328
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Fri Feb 15, 2019 7:32 pm

You do not have the required permissions to view the files attached to this post.
Post Reply