Malware Analysis Reports
Latest behavior analysis reports generated by Joe Sandbox and Joe Reverser
Joe Reverser 1.3.0
10/04/2026
Analysis Report
HWMonitor supply chain attack installing Cobalt Strike
Joe Reverser 1.3.0
09/04/2026
Analysis Report
A custom 64-bit Windows post-exploitation tool designed to bypass Defender, dump SAM credential hashes, and escalate privileges using a multi-stage attack chain. It leverages oplock-based TOCTOU attacks, offline SAM decryption with syskey, and Defender RPC abuse, with low AV detection and no known malware family or C2 infrastructure.
Joe Reverser 1.3.0
08/04/2026
Analysis Report
A phishing email impersonates a trusted sender and uses a redirect chain to deliver a fake Microsoft sign-in page for credential harvesting. It leverages an AiTM phishing kit, legitimate platforms, and CAPTCHA evasion to bypass detection.
Joe Reverser 1.0.0
17/02/2026
Analysis Report
Multi-stage decryption from URL to dropper to payload (Vidar)
Joe Reverser 1.0.0
11/02/2026
Analysis Report
Beautiful ClickFix deploying RAT via Dll hijacking
Joe Reverser 0.9.0 (Beta)
14/01/2026
Analysis Report
LLM Bot using GenAI to generate malicious code
Joe Reverser 0.9.0 (Beta)
13/01/2026
Analysis Report
Reversing of VoidLink Stage 1
Joe Reverser 0.9.0 (Beta)
13/01/2026
Analysis Report
Reversing of VoidLink Stage 0
Joe Reverser 0.9.0 (Beta)
13/01/2026
Analysis Report
Deep Analysis of VoidLink Implants
Joe Reverser 0.9.0 (Beta)
16/12/2025
Analysis Report
Analysis of Sandbox evasion
Joe Reverser 0.9.0 (Beta)
03/12/2025
Analysis Report
Salvador Android Stealer
Joe Reverser 0.9.0 (Beta)
03/12/2025
Analysis Report
RevoltRat uses Revolt for C2 communication
Joe Reverser 0.9.0 (Beta)
1/12/2025
Analysis Report
Full reversing of MasonRAT V6 CPL incl. unpacking
Joe Reverser 0.9.0 (Beta)
28/11/2025
Analysis Report
GrokPy uses Grok LLM model to solve CAPTCHAs
Cloud 42.3.0
17/10/2025
Analysis Report
Rhadamanthys delivered by an in-browser fake Windows Update, abusing the Fullscreen API (on-click), and using ClickFix-style
Cloud 42.0.0
21/05/2025
Analysis Report
CloudFlare Theme ClickFix/CAPTCHAScam dropping Redline
Cloud 42.0.0
13/05/2025
Analysis Report
Phishing Chain from e-Mail to Catpcha to Tycoon2FA
Cloud 41.0.0
31/10/2024
Analysis Report
CloudFlare Theme ClickFix/CAPTCHAScam dropping NetSupport RAT
Cloud 40.0.0
09/07/2024
Analysis Report
EvilProxy using open redirect vulnerability
Cloud 40.0.0
10/05/2024
Analysis Report
HTML payload leading to download and installation of WSHRAT
Cloud 40.0.0
07/05/2024
Analysis Report
HTML based phisher exhibiting a large spectrum of malicious behaviors
Cloud 38.0.0
12/07/2023
Analysis Report
CVE-2023-36884 using RTF to load Word DOC via MSHTML iframe injection
Cloud 38.0.0
15/06/2023
Analysis Report
SolarMarker with file pumping, valid PE signature, Powershell dropper and .Net backdoor
Cloud 37.0.0
15/02/2023
Analysis Report
STOP Djvu Ransomware via SmokeLoader with full config extracted
Cloud 36.0.0
15/09/2022
Analysis Report
AgentTesla v3 with full malware configuration
Cloud 35.0.0
26/07/2022
Analysis Report
Stealthy new payload delivery method: HTML (showing a PW) -> ZIP encrypted -> ISO -> LNK -> Calc.exe -> DLL -> DLL -> QBOT
Cloud 33.0.0
01/02/2022
Analysis Report
noPac using CVE-2021-42287 - CVE-2021-42278 Exploit to gain DC Admin
Cloud 33.0.0
12/01/2022
Analysis Report
SysJoker Multi-Platform Backdoor
Cloud 33.0.0
23/12/2021
Analysis Report
Emotet dropped by Hidden Macro
Cloud 33.0.0
25/08/2021
Analysis Report
Kimsuky Espionage Campaign, JS instrumentation
Cloud 44.0.0
14/01/2026
Analysis Report
Digit Stealer (AppleScript-based Info Stealer Payload) on Sequoia (ARM64)
Cloud 41.0.0
26/08/2024
Analysis Report
Cthulhu Stealer on Ventura (ARM64)
Cloud 37.0.0
23/08/2023
Analysis Report
XLoader (Objective-C) on Ventura (ARM64)
Cloud 37.0.0
16/08/2023
Analysis Report
LockBit randomware analyzed on native MacMini Apple Silicon (ARM64) with macOS Ventura
Cloud 35.0.0
24/08/2022
Analysis Report
XCSSET trojan
Cloud 35.0.0
18/08/2022
Analysis Report
NukeSped with Coinbase PDF (Lazarus)
Cloud 34.0.0
04/05/2022
Analysis Report
NukeSped.N with Decoy PDF (Lazarus)
Cloud 34.0.0
28/03/2022
Analysis Report
Gimmick Trojan
Cloud 33.0.0
26/01/2022
Analysis Report
DazzlySpy Trojan implant
Cloud 33.0.0
12/01/2022
Analysis Report
SysJoker Multi-Platform Backdoor
Cloud 33.0.0
12/11/2021
Analysis Report
MACMA aka CDDS Payload used in watering hole attack campaign
Cloud 32.0.0
15/09/2021
Analysis Report
OSX ZuRu running in trojanized iTerm2
Cloud 33.0.0
22/07/2021
Analysis Report
XLoader / Formbook info stealer on macOS
Cloud 40.0.0
10/04/2024
Analysis Report
Dinodas RAT on Ubuntu 22.04 x64
Cloud 35.0.0
21/07/2022
Analysis Report
TeamTNT variant mining Raptoreum (RTM) cryptocurrency
Cloud 33.0.0
12/01/2022
Analysis Report
SysJoker Multi-Platform Backdoor
Cloud 33.0.0
30/11/2021
Analysis Report
Abcbot botnet malware
Cloud 38.0.0
28/09/2023
Analysis Report
Xenomorph, targeting over 30 different banks
Cloud 38.0.0
28/06/2023
Analysis Report
DexPro protected APK using multiple Android Zipfile parser flaws
Cloud 35.0.0
18/08/2022
Analysis Report
S.O.V.A analysis on Android 12 Snow Cone
Cloud 40.0.0
10/04/2024
Analysis Report
Dinodas RAT on Ubuntu 22.04 x64
Cloud 35.0.0
21/07/2022
Analysis Report
TeamTNT variant mining Raptoreum (RTM) cryptocurrency
Cloud 33.0.0
12/01/2022
Analysis Report
SysJoker Multi-Platform Backdoor
Cloud 33.0.0
30/11/2021
Analysis Report
Abcbot botnet malware
Cloud 34.0.0
09/05/2022
Analysis Report
Bumblebee Loader with extensive Anti-VM and Anti-Sandbox techniques
Cloud 28.0.0
24/01/2022
Analysis Report
Date-aware (<20.1.2020) Cassandra Crypter dropping AgentTesla
Cloud 40.0.0
10/07/2024
Analysis Report
Greatness phisher with full config extractor
37.1.0 Beryl
26/06/2023
Analysis Report
Strela Stealer
37.1.0 Beryl
25/06/2023
Analysis Report
Redline Clipper
37.1.0 Beryl
08/06/2023
Analysis Report
Kraken Rat
37.1.0 Beryl
22/05/2023
Analysis Report
Typhon Logger
37.0.0 Beryl
04/04/2023
Analysis Report
Stealerium
37.0.0 Beryl
22/03/2023
Analysis Report
RHADAMANTHYS
37.0.0 Beryl
22/03/2023
Analysis Report
StealC
37.0.0 Beryl
22/03/2023
Analysis Report
WshRat
37.0.0 Beryl
21/03/2023
Analysis Report
Vector Stealer
37.0.0 Beryl
17/03/2023
Analysis Report
Aurora
37.0.0 Beryl
16/03/2023
Analysis Report
Chaos
37.0.0 Beryl
16/03/2023
Analysis Report
Kovter
37.0.0 Beryl
08/03/2023
Analysis Report
Luca Stealer
37.0.0 Beryl
02/03/2023
Analysis Report
Qbot Downloader
37.0.0 Beryl
27/02/2023
Analysis Report
VenomRat
36.0.0 Rainbow Opal
17/02/2023
Analysis Report
Upatre
36.0.0 Rainbow Opal
14/02/2023
Analysis Report
JCrypt
36.0.0 Rainbow Opal
31/10/2022
Analysis Report
Nymaim
36.0.0 Rainbow Opal
31/10/2022
Analysis Report
Crimson
36.0.0 Rainbow Opal
28/10/2022
Analysis Report
LockBit ransomware
36.0.0 Rainbow Opal
24/10/2022
Analysis Report
Eternity Stealer
36.0.0 Rainbow Opal
24/10/2022
Analysis Report
PhoenixRAT
36.0.0 Rainbow Opal
23/10/2022
Analysis Report
Erbium Stealer
36.0.0 Rainbow Opal
18/10/2022
Analysis Report
CryptbotV2
36.0.0 Rainbow Opal
15/10/2022
Analysis Report
Vermin Keylogger
36.0.0 Rainbow Opal
10/10/2022
Analysis Report
S500Rat
36.0.0 Rainbow Opal
06/10/2022
Analysis Report
LummaC Stealer
36.0.0 Rainbow Opal
21/09/2022
Analysis Report
Kutaki
36.0.0 Rainbow Opal
31/08/2022
Analysis Report
Phorpiex
35.0.0 Citrine
22/07/2022
Analysis Report
Eternity Clipper
35.0.0 Citrine
08/07/2022
Analysis Report
Rook
35.0.0 Citrine
08/07/2022
Analysis Report
BumbleBee
35.0.0 Citrine
08/07/2022
Analysis Report
BlueBot
35.0.0 Citrine
08/07/2022
Analysis Report
Predator
35.0.0 Citrine
07/07/2022
Analysis Report
Tofsee
35.0.0 Citrine
07/07/2022
Analysis Report
BluStealer
35.0.0 Citrine
30/06/2022
Analysis Report
Socelars
35.0.0 Citrine
24/06/2022
Analysis Report
Xtreme RAT
34.0.0 Boulder Opal
17/03/2022
Analysis Report
Matanbuchus
34.0.0 Boulder Opal
03/03/2022
Analysis Report
Allcome clipbanker
34.0.0 Boulder Opal
16/12/2021
Analysis Report
Jester Stealer
33.0.0 White Diamond
24/10/2021
Analysis Report
BlackMatter
Cloud 33.0.0
14/10/2021
Analysis Report
DanaBot
Cloud 33.0.0
14/10/2021
Analysis Report
AveMaria
Cloud 33.0.0
13/10/2021
Analysis Report
Cryptbot Glupteba
Cloud 33.0.0
13/10/2021
Analysis Report
BitRat
Cloud 33.0.0
12/10/2021
Analysis Report
Oski
Cloud 33.0.0
12/10/2021
Analysis Report
Matiex
Cloud 33.0.0
08/10/2021
Analysis Report
Fareit Pony
Cloud 33.0.0
08/10/2021
Analysis Report
Clipboard Hijacker
Cloud 33.0.0
06/10/2021
Analysis Report
CobaltStrike
Cloud 33.0.0
04/10/2021
Analysis Report
Djvu
Cloud 33.0.0
04/10/2021
Analysis Report
Squirrelwaffle
Cloud 33.0.0
04/10/2021
Analysis Report
Jupyter
Cloud 33.0.0
30/09/2021
Analysis Report
RevengeRAT
Cloud 33.0.0
30/09/2021
Analysis Report
njRat Xtreme RAT
Cloud 33.0.0
28/09/2021
Analysis Report
SystemBC
Cloud 33.0.0
22/09/2021
Analysis Report
Phantom Miner
Cloud 33.0.0
15/09/2021
Analysis Report
Orcus
Cloud 33.0.0
07/09/2021
Analysis Report
Grandsteal
Cloud 33.0.0
03/09/2021
Analysis Report
MercurialGrabber
Cloud 33.0.0
25/08/2021
Analysis Report
BlackNet
Cloud 33.0.0
17/08/2021
Analysis Report
Caliber
Cloud 33.0.0
27/07/2021
Analysis Report
HawkEye MailPassView
Cloud 33.0.0
08/06/2021
Analysis Report
FatalRAT
Cloud 32.0.0
29/04/2021
Analysis Report
Ursnif
Cloud 32.0.0
29/04/2021
Analysis Report
NanoCore
Cloud 32.0.0
29/04/2021
Analysis Report
QBot
Cloud 32.0.0
29/04/2021
Analysis Report
Remcos
Cloud 32.0.0
29/04/2021
Analysis Report
Formbook
Cloud 32.0.0
29/04/2021
Analysis Report
Hancitor
Cloud 32.0.0
29/04/2021
Analysis Report
CryLock
Cloud 32.0.0
29/04/2021
Analysis Report
Dridex
Cloud 32.0.0
29/04/2021
Analysis Report
Lokibot
Cloud 32.0.0
29/04/2021
Analysis Report
Redline
Cloud 32.0.0
29/04/2021
Analysis Report
Metasploit
Cloud 32.0.0
29/04/2021
Analysis Report
LimeRat
Cloud 32.0.0
28/04/2021
Analysis Report
NetWire
Cloud 32.0.0
28/04/2021
Analysis Report
AsyncRat
Cloud 32.0.0
28/04/2021
Analysis Report
SmokeLoader
Cloud 32.0.0
28/04/2021
Analysis Report
njRat
Cloud 32.0.0
28/04/2021
Analysis Report
TrickBot
Cloud 32.0.0
28/04/2021
Analysis Report
Sodinokibi
Cloud 32.0.0
28/04/2021
Analysis Report
StrRat
Cloud 32.0.0
28/04/2021
Analysis Report
Snake Keylogger
Cloud 32.0.0
28/04/2021
Analysis Report
AgentTesla