Analysis Report
Sodinokibi Ransomware with full config extraction
39d22b8f3da4a83cd957f324f2423309
Analysis Report
GuLoader dropping LuminosityLink RAT
01a54f73856cfb74a3bbba47bcec227b
Analysis Report
SmoleLoader dropping Racoon
18b04e2fd804d553d9a35e088193dea7
Analysis Report
Ave Maria RAT signed by Sectigo
MD5: 94ff625253b3920fe5b6824bd8c30482
Analysis Report
QBot/Qakbot bankink trojan
MD5: ad30987a53b1b0264d806805ce1a2561
Analysis Report
ODT (Open Office File) dropping NJRAT
MD5: 7b7064d3876fc3cb1b3593e3c173a1a2
Analysis Report
Gozi/Ursnif e-Banking Trojan
MD5: 879d9a2c75ee83443a0a913f5dc71b5c
Analysis Report
ShadowHammer Supply Chain Attack of Asus Update
MD5: 55a7aa5f0e52ba4d78c145811c830107
Analysis Report
GrandCrab 5.2 Ransomware
MD5: fe2d1caa2d52000efcd19ea1ea31d254
Analysis Report
Spear Phishing e-mail - link - Microsoft Word document - Emotet
http://leonfurniturestore.com/sec.myacc.resourses.biz/
Analysis Report
Formbook info stealer malware
MD5: 287782734f94678617b7028b029320ab
Analysis Report
Classic Paypal Phishing
https://a1.bedirectip.com/c/myaccount/signin/?country.x=US&locale.x=en_US
Analysis Report
ADWIND/JRAT detecting via Java Runtime information
MD5: 19cd10627207bcf7f7c41ee26cbdd174
Analysis Report
CVE-2018-15982 dropping Hacking-Team RAT
MD5: 92b1c50c3ddf8289e85cbb7f8eead077
Analysis Report
Emotet e-Banking delivered via PDF
SHA256: d742ce0096cd0d3b2c47063f9f33cb46ba085887bd7c084fda08235c4fa26d7e
Analysis Report
Trojan spreading via VNC brute force
MD5: 642c7ad7b1608f00ba6159250b41ef75
Analysis Report
Trojanized Adobe installer with Remote Utilities RAT
MD5: eda8e4f2df81e0ba5b88d73de9779205
Analysis Report
CryptoMiner using xmrig and xmr-stak
MD5: d3fa184981b21e46f81da37f7c2cf41e
Analysis Report
Ursnif using COM InternetExplorer
MD5: 9cb0d02cbc93981015f6c050a0778cfd
Analysis Report
Supply chain infection with Monero miner
MD5: 0ae326bf4b644c91f155c3d0ba23881f
Analysis Report
Bitcoin miner, overwrites Adobe Reader Update for persistence starts
MD5: 52e10c90700a37a33a132d8e67120f39
Analysis Report
VBA document dropping Empire via HTA, decoy targeting Spiez Convergence in Switzerland
MD5: 0e7b32d23fbd6d62a593c234bafa2311
Analysis Report
Word document, OLE reference to external RTF, CVE 2017-11882, TrickBot
MD5: 70162476205496513fd88e9069372e53
Analysis Report
SynAck Ransomware using Doppelgänging injection technique
MD5: 6f772eb660bc05fc26df86c98ca49abc
Analysis Report
Lokibot dropping Adwind RAT
MD5: d87bda9120de373ab47fe445b99b6298
Analysis Report
Netflix Phishing
hxxp://confirm-your-info-51783[.]confiry0[.]beget[.]tech/151604749699341/nfx/
Analysis Report
Zeus Panda e-Banking trojan
MD5: a77ad824e5058d6504a791d0289ffc3d
Analysis Report
Hacking Team Remote Control System Spyware
MD5: c0618556e9ef16b35b042bc29aeb9291
Analysis Report
Hacking Team Remote Control System Spyware
MD5: c0618556e9ef16b35b042bc29aeb9291
Analysis Report
Malicious office document targeting several government entities, dropping Sofacy
MD5: 56f98e3ed00e48ff9cb89dea5f6e11c1
Analysis Report
Excel sheet exploiting Adobe Flash Player vulnerability CVE-2018-4878
MD5: 5f97c5ea28c0401abc093069a50aa1f8
Analysis Report
Turla / KopiLuwak Backdoor
MD5: 7c378d78b7a89aef27e8a3c5066b8511
Analysis Report
RTF exploiting CVE 2017-11882
MD5: 11f71f387e87bbb2b97b6c27f78320e4
Analysis Report
FIN7 / Carbanak Trojan
MD5: a00ae556a61907d43332449169c88844
Analysis Report
Bad Rabbit new version of NotPetya
MD5: fbbdc39af1139aebba4da004475e8839
Analysis Report
Emotet Banking Trojan
hxxp://austinfilmschool.org/Invoice-Dated-17-Oct-17-372510608/VR-AOFGB/2017/
Analysis Report
CVE-2017-8759 dropping FinFisher / FinSpy
MD5: 24a3d1d2f36824dfa190d8f93da26432
Analysis Report
AES based Phishing Page for Office 360
hxxps://login.microsoftonlineoww.recentviralvideos.com
Analysis Report
New Locky Ransomware Diablo6 Variant
MD5: 544bc1c6ecd95d89d96b5e75c3121fea
Analysis Report
Petya Ransomware loaded with EternalBlue SMBv1 Exploit
MD5: 71b6a493388e7d0b40c83ce903bc6b04
Analysis Report
PPS Lure, using HREF Mouse Over to drop payloads
MD5: 823c408af2d2b19088935a07c03b4222
Analysis Report
Malicious Word document, CVE-2017-0199, dropping Dridex e-Banking trojan
MD5: 8b6f6bdefdc6b42abf9f372123152ab2
Analysis Report
Nice powershell analysis of Locky & Konvter
MD5: 2161f8cf7b6c1a1a3a6fdc41083566a5
Analysis Report
Office Document Spear Phish target Mongolian Government
MD5: 614875cf37898562aa115a64f17b0117
Analysis Report
Digitally signed VBA dropper, nice VBA analysis
MD5: 2b83bd1d97eb911e9d53765edb5ea79e
Analysis Report
Malicious document using Macro / Shellcode to drop files (Hancitor dropper)
MD5: 85965f7ce5e44f1836ebcaff4a8aef31
Analysis Report
Analyis of malicious document using ENIGMA0X3 UAC Bypass
MD5: 1144eeaebb15044fa64f4d9bb5670349
Analysis Report
Macro based downloader, drops ransomware, uses ScriptControl.AddCode obfuscation
MD5: c2f43e6ef53280758b84f3beaca99b4b
Analysis Report
Macro based downloader, that utilizes bitsadmin feature to download final payload
MD5: 43b8cc7dc3ff1987354e974d77216b1b
Analysis Report
Macro Shellcode execution via EnumResourceTypes, callback
MD5: 3ebd49f7168ff668d617a174b1e7c30a
Analysis Report
e-Banking Trojan Retefe, installing fake root cert & TOR
MD5: ff8e9c668d9bb0460029eaaca75fd498
Analysis Report
Retefe e-Banking Trojan
MD5: 0977eb0c066706384646987f9ded4e06
Analysis Report
HydraCrypt Ransomware, encryption keys / pws / settings and more
MD5: 5f2d13576e4906501c91b8bf400e0890
Analysis Report
Malicious document dropping Dridex
MD5: 439bee4cbe16605193aa73e7bb75b731
Analysis Report
UPS Invoice Spam, malicious doc dropping Dyre
MD5: 7d4fbadc67855bfece4e6dd5f07ee7f6
Analysis Report
Info Stealer, PE file in BAT trick
MD5: 6071a0cf7861302564bd4fc44396e7a4
Analysis Report
Dyre, e-Banking trojan, ready to go for Microsoft Edge Browser
MD5: ad0d7d0903cb059b87892a099fe21d7e
Analysis Report
Trojan including many evasion tricks
MD5: 40D19FBA73C6B011814E2C6920E8792F
Analysis Report
Cidox/Rovnix Bootkit Analysis
MD5: cbdda646a20d95f078393506ecdc0796
Analysis Report
Rombertik Analysis, Analysis Detection Based on PE Resource Hash, overwrites MBR
MD5: f504ef6e9a269e354de802872dc5e209
Analysis Report
Rombertik Analysis with many anti analysis tricks
f504ef6e9a269e354de802872dc5e209
Analysis Report
Nice Rootkit Analysis of Win32.Vikim
MD5: 6f6d18dd0b2c54d34c44ff0a274399e0
Analysis Report
Malicious Office Document using heavy obfuscation
MD5: 3aa72aacd5b215b6003d6b408fc65b33
Analysis Report
Evasive sample executing only at specific dates
MD5: 0af4ef5069f47a371a0caf22ae2006a6
Analysis Report
Evasive sample checking mouse and cursor movement
MD5: 3616a11fa463644fa20d2317c5971378
Analysis Report
Evasive sample detecting Joe Sandbox by looking at the installed software
MD5: d80e956259c858eaccb53c1affaf8141
Analysis Report
Nice Ransomlocker analysis
MD5: 49ad164c1f4785fd7b092fd1456d7a10
Analysis Report
Browse of URL found in malicious Word document, drops ransomware
URL analysis
Analysis Report
Word with embedded VBA macro, needs user actions to trigger
MD5: 7ed4999012308d6f63abd7652a9f1ac0
Analysis Report
Stealth doc dropping Trojan Dridex
MD5: d221ab599418bbc890cf3f515babb287
Analysis Report
Dyre Banking Trojan Analysis
MD5: 08cea5ca7a6c1bceebe4adc7fd9404d1
Analysis Report
Adware Bundlore
SHA256: 02835cb8f68488d57e55430bf6032bee84460ed9eb8f649a5e9e1838c3a0df4f
Analysis Report
OSX Dacls backdoor/RAT (Lazarus APT)
SHA256: 899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53
Analysis Report
OSX GMERA.1 Trojan and Stealer
SHA256: 18e1db7c37a63d987a5448b4dd25103c8053799b0deea5f45f00ca094afe2fe7
Analysis Report
OSX GMERA.2 Trojan and Stealer
SHA256: faa2799751582b8829c61cbfe2cbaf3e792960835884b61046778d17937520f4
Analysis Report
OSX NetWire
SHA256: 07a4e04ee8b4c8dc0f7507f56dc24db00537d4637afee43dbb9357d4d54f6ff4
Analysis Report
OSX OceanLotus
SHA256: e94781e3da02c7f1426fd23cbd0a375cceac8766fe79c8bc4d4458d6fe64697c
Analysis Report
OSX WinPlyer Trojan + MacSearch Adware
SHA256: c87d858c476f8fa9ac5b5f68c48dff8efe3cee4d24ab11aebeec7066b55cbc53
Analysis Report
OSX WindTail
SHA256: ad282e5ba2bc06a128eb20da753350278a2e47ab545fdab808e94a2ff7b4061e
Analysis Report
OSX LamePyre
SHA256: a899a7d33d9ba80b6f9500585fa108178753894dfd249c2ba64c9d6a601c516b
Analysis Report
OSX DarthMiner (EmPyre + XMRig)
SHA256: ebecdeac53069c9db1207b2e0d1110a73bc289e31b0d3261d903163ca4b1e31e
Analysis Report
OSX AwesomeSearch Adware Spyware
MD5: a6338a0054fe0e05574787a7a96e7b88
Analysis Report
New Crossrider variant
MD5: 653be35703942572c502e75710c56f56
Analysis Report
OSX Proton in Supply Chain Attack (Elmedia Player)
MD5: 29fb77664fc4f13ea5f65cfe01b292af
Analysis Report
Trojan OSX Snake aka Turla
MD5: 000e4225f382f9eee675dcaf3cbf9c7e
Analysis Report
iKitten / Macdownloader, Spyware
MD5: 787d664e842961f2a335139407f91a70
Analysis Report
Malicious Office document creating a Reverse Shell via VBA Macro
MD5: 952a36f4231c8628acea028b4145daec
Analysis Report
FinSpy (FinFisher) commercial trojan
SHA256: 1e9162cd0941557304a6a097dfaadf59f90bc8bbaa9879afe67b5ce0d1514be8
Analysis Report
IoT Bot with DDoS Capabilities
SHA256: 105a07a0dd8b9a0c2dcde26db29a14e033f98ee28d20f7e7115d7ccd919d60de
Analysis Report
WatchBog CoinMiner
SHA256: 26ebeac4492616baf977903bb8deb7803bd5a22d8a005f02398c188b0375dfa4
Analysis Report
CoinMiner with Brootkit user-mode rootkit
SHA256: c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa
Analysis Report
VPNFilter Bot APT, Stage 1
MD5: 5f358afee76f2a74b1a3443c6012b27b
Analysis Report
VPNFilter Bot APT, Stage 2
MD5: 87049e223dd922dc1d8180c83e2fde77
Analysis Report
VPNFilter Bot APT, Stage 2 (debug version)
MD5: 87049e223dd922dc1d8180c83e2fde77
Analysis Report
Anbuis e-Banking Trojan using COVID19 theme
MD5: 3bb8fe04c67d6b35a92968bedffb7449
Analysis Report
Cerberus e-Banking Trojan using COVID19 theme
MD5: 89dc684c914932f0bb05222d98ccae17
Analysis Report
EventBot e-Banking Trojan (dev version)
MD5: f73f66b15791a42dac86d0ced46d660f
Analysis Report
Riltok e-Banking Malware
MD5: 2f07c9b2a67104f8bc08d831c8922b6a
Analysis Report
Android Malware which is able to send Whatsapp messages
MD5: 8df5b22cabc10423533884da7648e982
Analysis Report
Spyware XLoader related to Roaming Mantis
MD5: 651b6888b3f419fc1aac535921535324
Analysis Report
Anubis e-Banking Malware
MD5: b195bb8399be64002fbca421f14b2ac1
Analysis Report
Android Clipper, stealing crypto currency via clipboard hook
MD5: 24d7783aaf34884677a601d487473f88
Analysis Report
Android Spyware / Trojan MobSTSPY on Android 8.1 Oreo
MD5: 6af7af5cf626424751990f99731170e0
Analysis Report
Android Click Fraud Trojan
MD5: 03d66dd7ec05c8aa113854d6ad502ebb
Analysis Report
BianLia Trojan / Banker using date evasion and packing
MD5: 0c52aa43d1244c604b5f073f344677d8
Analysis Report
BankBot aka Anubis 2.0
MD5: 8ad6ee283c1b5b5a855bb3857ce7f275
Analysis Report
BankBot Anubis, e-Banking Trojan, Ransomware
MD5: 7e6a3e943673f731130fc5b4aeecde1b
Analysis Report
Roaming Mantis Android banking Trojan
MD5: 03108e7f426416b0eaca9132f082d568
Analysis Report
Skygofree, Trojan / Spyware
MD5: 39fca709b416d8da592de3a3f714dce8
Analysis Report
Coin Miner via CoinHive Javascript
MD5: fc1e08187de3f4b7cb52bd09ea3c2594
Analysis Report
DoubleLocker Android Ransomware
MD5: 85cfbd81ff6729927c968fbbb2d1d84d
Analysis Report
SonicSpy Android Trojan / Bot
MD5: 544bc1c6ecd95d89d96b5e75c3121fea
Analysis Report
Banking Trojan Marcher
MD5: c824dd7a921f5bd2b63bcbf92bdbd7d8
Analysis Report
Trojan BankBot, stealing credit card and login data
MD5: beee6b598d006a6f6fc93f6b8764715f
Analysis Report
Trojan GT!tr.spy, stealing credit card and login data
MD5: d9192d7713df3029b9ba393683cb90a7
Analysis Report
Overlay e-Banking Malware
MD5: bee3746684b072867a5b202bfc5527dd
Analysis Report
APT28/Grizzlybear Lojack Double Agent
MD5: 595aff5212df3534fb8af6a587c6038e
Analysis Report
APT28/Grizzlybear related sample
MD5: f0309aa0519ee70c29bbb471352781e7
Analysis Report
Malicious RTF using CVE-2018-0802
MD5: 15a43d4c8ae9592ee06a410c58311e35
Analysis Report
FinSpy (FinFisher) commercial trojan
SHA256: 1e9162cd0941557304a6a097dfaadf59f90bc8bbaa9879afe67b5ce0d1514be8
Analysis Report
IoT Bot with DDoS Capabilities
SHA256: 105a07a0dd8b9a0c2dcde26db29a14e033f98ee28d20f7e7115d7ccd919d60de
Analysis Report
WatchBog CoinMiner
SHA256: 26ebeac4492616baf977903bb8deb7803bd5a22d8a005f02398c188b0375dfa4
Analysis Report
CoinMiner with Brootkit user-mode rootkit
SHA256: c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa
Analysis Report
VPNFilter Bot APT, Stage 1
MD5: 5f358afee76f2a74b1a3443c6012b27b
Analysis Report
VPNFilter Bot APT, Stage 2
MD5: 87049e223dd922dc1d8180c83e2fde77
Analysis Report
VPNFilter Bot APT, Stage 2 (debug version)
MD5: 87049e223dd922dc1d8180c83e2fde77
Analysis Report
Unknown loader using Instruction Hammering, dropping DarkComet
DDD60E9AE362DEF377AA70D414ED374D
Analysis Report
AgentTesla, tries to steal Putty/WinSCP info
MD5: 2689e0bd727c85849f786822b360cd28
Analysis Report
GuLoader with many evasion, including Instruction Hammering
01a54f73856cfb74a3bbba47bcec227b
Analysis Report
SmoleLoader using various VM detections, CodeIntegrity checks, etc
18b04e2fd804d553d9a35e088193dea7
Analysis Report
AgentTesla loader using RDTSC, CPUID and Win32_BaseBoard VM detection
MD5: 87e74af7016e8a9b9304dc537fa093da
Analysis Report
Azorult, using several tricks to detect sandboxes (desktop resolution, tick count, processes etc)
MD5: ff17014cbb249e173309a9e1251e4574
Analysis Report
Date-aware (<20.1.2020) Cassandra Crypter dropping AgentTesla
MD5: a24c195da4f8a5dee365875b3e3a38a1
Analysis Report
TrickBot Downloader counting total number of processes
MD5: 3e8c58262860fcbce68af93f4a022232
Analysis Report
Country (Application.LanguageSettings. LanguageID) and filename (ActiveWorkbook.Name) aware VBA dropping Ursnif
MD5: c5e1106f9654a23320132cbc61b3f29d
Analysis Report
FrenchyShellcode Packer with open window check, dropping NJRAT
MD5: 879d9a2c75ee83443a0a913f5dc71b5c
Analysis Report
GetKeyboardLayout - check English / Russian - if yes crash
MD5: 2d1ca86789091f84f0d4f6af9fd5d51d
Analysis Report
Delays execution by executing massive amount of instructions / loops for more than 3 minutes
27cf7e2be6e049b2793ad9f38218eb01
Analysis Report
Malicious document dropping Gozi, NUMBER_OF_PROCESSORS VBA check
MD5: 6f772eb660bc05fc26df86c98ca49abc
Analysis Report
Country aware VBA Macro using GetLocaleInfo
MD5: 6a9eda3eb0bfc222ab46725829faaec7
Analysis Report
Country aware VBA Macro
MD5: aacb83294ca96f6713da83363ffd9804
Analysis Report
Imminent RAT using several anti-debugging and anti-VM evasions
MD5: d6c644512c430cd64965c2259150f371
Analysis Report
Country aware VBA Office Macro
7ffdde19a2ce936c1e1ed92aeb25eb78
Analysis Report
Word Document VBA process name and count check
MD5: cd15a7c3cb1725dc9d21160c26ab9c2e
Analysis Report
Gootkit e-Banking trojan using a whole bunch of anti-analysis and anti-vm techniques
MD5: 0ee40dfb96795b73c6bc1eef31e59356
Analysis Report
Gozi 2.17 using GetLocaleInfo and GetCursorPos evasions
MD5: 7e17f0f35d50f49407841372f24fbd38
Analysis Report
BONDUPDATER using various WMI querys to check for physical hardware (fan, thermal sensors etc)
MD5: ea6321f55ea83e6f2887a2360f8e55b0
Analysis Report
Evasive Backdoor, Time Evasions, Debugger Detection, VM Detection
MD5: 9e3ea995e40b62adae78e93e6b30780c
Analysis Report
Evasive sample using GetKeyboardLayout to target French computers
MD5: fe1214a06ffc40b1ebb524f185894487
Analysis Report
Olympic Destroyer, Wiper malware targeting Olympic Games 2018 in PyeongChang
MD5: f12fc711529b48bcef52c5ca0a52335a
Analysis Report
Elise malware loaded with Sandbox evasion using CVE-2018-0802 for persistence
MD5: f12fc711529b48bcef52c5ca0a52335a
Analysis Report
Retefe using MUILanguages Sandbox evasion trick
MD5: 85fc638bd373af9a95c715bc4f8b97fc
Analysis Report
Sandbox Process DOS / overloading
MD5: 1de07d0af66cfa7b504c2f563d45437b
Analysis Report
CCleaner (signed) infected by unknown malware, IcmpSendEcho evasion
MD5: ef694b89ad7addb9a16bb6f26f1efaf7
Analysis Report
Debugger and sandbox detection (file, registry and mutex based)
MD5: 24a3d1d2f36824dfa190d8f93da26432
Analysis Report
Ransomware SyncCrypt using scheduled tasks to evade analysis
MD5: d10c1bd17c1b84a22db0d77515b7c32e
Analysis Report
Loop based & ping sleep based evasions
MD5: 4c3f80e146987a5fcd97b807071e2dd6
Analysis Report
Macro Evasions: Tasks, File Name, GeoIP check
MD5: 09f16077acf6c05e5c293835b3a75a20
Analysis Report
Zone.Identifier based evasion
MD5: 43b8cc7dc3ff1987354e974d77216b1b
Analysis Report
Time and command line based dropper evasions
c5d5058c8af64b79c9973e492aeb39d8d0e46931
Analysis Report
Extensive use of finger printing (disk, network card, files, directories etc)
MD5: 564ac87ca4114edd6a84a005092f1285
Analysis Report
Malicious Document dropping Cerber Ransom, using timer based Sleep evasion in VBS
MD5: 58258b89e076c4d378436f3b03682402
Analysis Report
TeslaCrypt, Speaker check via COM
MD5: 61f847bcb69d0fe86ad7a4ba3f057be5
Analysis Report
Nymaim, GetSystemTime, API hammering
MD5: f1a12884b999b9e572f91a94043d6e01
Analysis Report
Upatre, NtQuerySystemInformation IdleTime Evasion
MD5: 06a4059da943b09f13ab2909824968de
Analysis Report
Dyre, containing GetTickCount evasion technique
MD5: ad0d7d0903cb059b87892a099fe21d7e
Analysis Report
Multiple known evasion, including foreground window change detection, SCSI descriptor, SystemBiosVersion, VMware and VirtualBox driver file check and PhysicalDrive0 device IO 0x2D1400 trick
MD5: 40D19FBA73C6B011814E2C6920E8792F
Analysis Report
Bot / dropper using SystemBiosVersion, VideoBiosVersion, Disk Identifier and PCI devices for VM detection.
MD5: 9437eabf2fe5d32101e3fbf9f6027880
Analysis Report
Simple evasion based on CPU core check. Check is done via PEB-> NumberOfProcessors. Terminates if core count is smaller than 2.
MD5: cbdda646a20d95f078393506ecdc0796
Execution Graph
Very sophisticated evasions based on sandbox overloading (instructions and APIs), hook detection, sample file name check and memory hashing. If an analysis system / sandbox has been detected it encrypts personal files and kills the MBR.
MD5: f504ef6e9a269e354de802872dc5e209
Analysis Report
Sophisticated evasion based on user behavior detection. Watches for mouse pointer moves and window changes. Checks the size of the disk via IOCTL_DISK_GET_DRIVE_GEOMETRY_EX / DeviceIoControl. Terminates if the disk has less than 5000 cylinders.
MD5: 3616a11fa463644fa20d2317c5971378
Analysis Report
Simple evasion based on date check: only executes its payload at a particular year and month. Terminates if the year or month does not match.
MD5: 0AF4EF5069F47A371A0CAF22AE2006A6
Analysis Report
Evasion based on VM detection via Disk/Enum check. Additional evasion based on direct detection of Joe Sandbox with fingerprinting specific software installed on the analysis system. Installed software is enumerated via registry Windows\CurrentVersion\Uninstall key.
MD5: D80E956259C858EACCB53C1AFFAF8141
Analysis Report
OSAMiner
SHA256: df550039acad9e637c7c3ec2a629abf8b3f35faca18e58d447f490cf23f114e8
Analysis Report
OSX OceanLotus.F
SHA256: cfa3d506361920f9e1db9d8324dfbb3a9c79723e702d70c3dc8f51825c171420
Analysis Report
FinSpy (FinFisher) commercial trojan
SHA256: 4f3003dd2ed8dcb68133f95c14e28b168bd0f52e5ae9842f528d3f7866495cea
Analysis Report
EvilQuest (ThiefQuest) Ransomware, contains functions related to anti-analysis
SHA256: b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
Analysis Report
Nicro Android Trojan using several evasion techniques
MD5: 7b7064d3876fc3cb1b3593e3c173a1a2
Analysis Report
Cerberus using motion events (accelerator) to trigger payload
MD5: a342b423e0ca57eba3a40311096a4f50
Analysis Report
Evasive Android dropper using native libraries to detect VMs and rooted devices
MD5: f412517d1e386cbd567fbba81d1842fe
Analysis Report
Anubis Loader using motion events (accelerator) to trigger the installation
MD5: d97a63536a7225bb1e788e7c244373dc
Analysis Report
BianLia Trojan / Banker using date evasion and packing
MD5: 0c52aa43d1244c604b5f073f344677d8