Malware Analysis Reports

Analysis Report
Spear Phishing e-mail - link - Microsoft Word document - Emotet

http://leonfurniturestore.com/sec.myacc.resourses.biz/

Analysis Report
Formbook info stealer malware

MD5: 287782734f94678617b7028b029320ab

Analysis Report
Classic Paypal Phishing

https://a1.bedirectip.com/c/myaccount/signin/?country.x=US&locale.x=en_US

Analysis Report
ADWIND/JRAT detecting via Java Runtime information

19cd10627207bcf7f7c41ee26cbdd174

Analysis Report
CVE-2018-15982 dropping Hacking-Team RAT

92b1c50c3ddf8289e85cbb7f8eead077

Analysis Report
Emotet e-Banking delivered via PDF

SHA256: d742ce0096cd0d3b2c47063f9f33cb46ba085887bd7c084fda08235c4fa26d7e

Analysis Report
Trojan spreading via VNC brute force

MD5: 642c7ad7b1608f00ba6159250b41ef75

Analysis Report
Trojanized Adobe installer with Remote Utilities RAT

MD5: eda8e4f2df81e0ba5b88d73de9779205

Analysis Report
CryptoMiner using xmrig and xmr-stak

MD5: d3fa184981b21e46f81da37f7c2cf41e

Analysis Report
Ursnif using COM InternetExplorer

MD5: 9cb0d02cbc93981015f6c050a0778cfd

Analysis Report
Supply chain infection with Monero miner

MD5: 0ae326bf4b644c91f155c3d0ba23881f

Analysis Report
Bitcoin miner, overwrites Adobe Reader Update for persistence starts

MD5: 52e10c90700a37a33a132d8e67120f39

Analysis Report
VBA document dropping Empire via HTA, decoy targeting Spiez Convergence in Switzerland

MD5: 0e7b32d23fbd6d62a593c234bafa2311

Analysis Report
Word document, OLE reference to external RTF, CVE 2017-11882, TrickBot

MD5: 70162476205496513fd88e9069372e53

Analysis Report
SynAck Ransomware using Doppelgänging injection technique

MD5: 6f772eb660bc05fc26df86c98ca49abc

Analysis Report
Lokibot dropping Adwind RAT

MD5: d87bda9120de373ab47fe445b99b6298

Analysis Report
Netflix Phishing

hxxp://confirm-your-info-51783[.]confiry0[.]beget[.]tech/151604749699341/nfx/

Analysis Report
Zeus Panda e-Banking trojan

MD5: a77ad824e5058d6504a791d0289ffc3d

Analysis Report
Hacking Team Remote Control System Spyware

MD5: c0618556e9ef16b35b042bc29aeb9291

Analysis Report
Hacking Team Remote Control System Spyware

MD5: c0618556e9ef16b35b042bc29aeb9291

Analysis Report
Malicious office document targeting several government entities, dropping Sofacy

MD5: 56f98e3ed00e48ff9cb89dea5f6e11c1

Analysis Report
Excel sheet exploiting Adobe Flash Player vulnerability CVE-2018-4878

MD5: 5f97c5ea28c0401abc093069a50aa1f8

Analysis Report
Turla / KopiLuwak Backdoor

MD5: 7c378d78b7a89aef27e8a3c5066b8511

Analysis Report
Coinminer

MD5: 3b574b67bf5a80c43e6430d69b72e6ec

Analysis Report
RTF exploiting CVE 2017-11882

MD5: 11f71f387e87bbb2b97b6c27f78320e4

Analysis Report
FIN7 / Carbanak Trojan

MD5: a00ae556a61907d43332449169c88844

Analysis Report
Bad Rabbit new version of NotPetya

MD5: fbbdc39af1139aebba4da004475e8839

Analysis Report
CVE-2017-11292

MD5: 0e0f7e17b8926d9bfd43a320d703e41b

Analysis Report
Emotet Banking Trojan

hxxp://austinfilmschool.org/Invoice-Dated-17-Oct-17-372510608/VR-AOFGB/2017/

Analysis Report
CVE-2017-8759 dropping FinFisher / FinSpy

MD5: 24a3d1d2f36824dfa190d8f93da26432

Analysis Report
AES based Phishing Page for Office 360

hxxps://login.microsoftonlineoww.recentviralvideos.com

Analysis Report
ADWIND Java RAT

MD5: 4a1f885f0cb4392ae2ad7ae06b05811e

Analysis Report
New Locky Ransomware Diablo6 Variant

MD5: 544bc1c6ecd95d89d96b5e75c3121fea

Analysis Report
Petya Ransomware loaded with EternalBlue SMBv1 Exploit

MD5: 71b6a493388e7d0b40c83ce903bc6b04

Analysis Report
Paypal Phishing

Analysis Report
PPS Lure, using HREF Mouse Over to drop payloads

MD5: 823c408af2d2b19088935a07c03b4222

Analysis Report
Wanna Cry Ransomware

MD5: 577cd71ea0456348914312df22e12a5a

Analysis Report
Malicious Word document, CVE-2017-0199, dropping Dridex e-Banking trojan

MD5: 8b6f6bdefdc6b42abf9f372123152ab2

Analysis Report
Cerber Ransomware

MD5: b858dc628617f4bfbb977a7348b0c512

Analysis Report
Nice powershell analysis of Locky & Konvter

MD5: 2161f8cf7b6c1a1a3a6fdc41083566a5

Analysis Report
Office Document Spear Phish target Mongolian Government

MD5: 614875cf37898562aa115a64f17b0117

Analysis Report
Digitally signed VBA dropper, nice VBA analysis

MD5: 2b83bd1d97eb911e9d53765edb5ea79e

Analysis Report
Malicious document using Macro / Shellcode to drop files (Hancitor dropper)

MD5: 85965f7ce5e44f1836ebcaff4a8aef31

Analysis Report
Analyis of malicious document using ENIGMA0X3 UAC Bypass

MD5: 1144eeaebb15044fa64f4d9bb5670349

Analysis Report
Locky Ransomware

MD5: 2790910b716c116879386d7d3784a8a5

Analysis Report
Golden-Eye Ransomware

MD5: af813168402e60cfdf7c78a0d70d86e9

Analysis Report
Macro based downloader, drops ransomware, uses ScriptControl.AddCode obfuscation

MD5: c2f43e6ef53280758b84f3beaca99b4b

Analysis Report
Macro based downloader, that utilizes bitsadmin feature to download final payload

MD5: 43b8cc7dc3ff1987354e974d77216b1b

Analysis Report
Macro Shellcode execution via EnumResourceTypes, callback

MD5: 3ebd49f7168ff668d617a174b1e7c30a

Analysis Report
e-Banking Trojan Retefe, installing fake root cert & TOR

MD5: ff8e9c668d9bb0460029eaaca75fd498

Analysis Report
Retefe e-Banking Trojan

MD5: 0977eb0c066706384646987f9ded4e06

Analysis Report
HydraCrypt Ransomware, encryption keys / pws / settings and more

MD5: 5f2d13576e4906501c91b8bf400e0890

Analysis Report
Malicious document dropping Dridex

MD5: 439bee4cbe16605193aa73e7bb75b731

Analysis Report
CryptoWall Ransomware

MD5: 56b08b321a1b76104376186df2bf5238

Analysis Report
TeslaCrypt Ransomware

MD5: 43855c9d765fe7da2adcc4e6fb9d237c

Analysis Report
UPS Invoice Spam, malicious doc dropping Dyre

MD5: 7d4fbadc67855bfece4e6dd5f07ee7f6

Analysis Report
Nice behavior graphs

MD5: 51365b90cd5e3671852e5c28eab20a63

Analysis Report
Info Stealer, PE file in BAT trick

MD5: 6071a0cf7861302564bd4fc44396e7a4

Analysis Report
Dyre, e-Banking trojan, ready to go for Microsoft Edge Browser

MD5: ad0d7d0903cb059b87892a099fe21d7e

Analysis Report
Trojan including many evasion tricks

MD5: 40D19FBA73C6B011814E2C6920E8792F

Analysis Report
Cidox/Rovnix Bootkit Analysis

MD5: cbdda646a20d95f078393506ecdc0796

Analysis Report
HackingTeam CVE-2015-0349 Flash 0-day being used by malware

Analysis Report
Rombertik Analysis, Analysis Detection Based on PE Resource Hash, overwrites MBR

MD5: f504ef6e9a269e354de802872dc5e209

Analysis Report
Rombertik Analysis with many anti analysis tricks

f504ef6e9a269e354de802872dc5e209

Analysis Report
Nice Rootkit Analysis of Win32.Vikim

MD5: 6f6d18dd0b2c54d34c44ff0a274399e0

Analysis Report
Malicious Office Document using heavy obfuscation

MD5: 3aa72aacd5b215b6003d6b408fc65b33

Execution Graph
Evasive sample executing only at specific dates

MD5: 0af4ef5069f47a371a0caf22ae2006a6

Execution Graph
Evasive sample checking mouse and cursor movement

MD5: 3616a11fa463644fa20d2317c5971378

Execution Graph
Evasive sample detecting Joe Sandbox by looking at the installed software

MD5: d80e956259c858eaccb53c1affaf8141

Analysis Report
Evasive sample executing only at specific dates

MD5: 0af4ef5069f47a371a0caf22ae2006a6

Analysis Report
Evasive sample checking mouse and cursor movement

MD5: 3616a11fa463644fa20d2317c5971378

Analysis Report
Evasive sample detecting Joe Sandbox by looking at the installed software

MD5: d80e956259c858eaccb53c1affaf8141

Analysis Report
Nice Ransomlocker analysis

MD5: 49ad164c1f4785fd7b092fd1456d7a10

Analysis Report
Browse of URL found in malicious Word document, drops ransomware

URL analysis

Analysis Report
Word with embedded VBA macro, needs user actions to trigger

MD5: 7ed4999012308d6f63abd7652a9f1ac0

Analysis Report
Stealth doc dropping Trojan Dridex

MD5: d221ab599418bbc890cf3f515babb287

Analysis Report
Dyre Banking Trojan Analysis

MD5: 08cea5ca7a6c1bceebe4adc7fd9404d1

Analysis Report
Nice Zeus Banking Trojan Analysis

MD5: 4d08934bd040ed25dfa46542e396cb05

Analysis Report
Nice CBT Ransomware Locker Analysis

MD5: 521BD488A5DE44D84E9D145D3EB8A238