Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Malware Analysis Reports

Latest behavior analysis reports generated by Joe Sandbox

Cloud 38.0.0
28/09/2023

Analysis Report
Xenomorph, targeting over 30 different banks

SHA256: 259e88f593a3df5cf14924eec084d904877953c4a78ed4a2bc9660a2eaabb20b

Cloud 38.0.0
28/06/2023

Analysis Report
DexPro protected APK using multiple Android Zipfile parser flaws

SHA256: b3561bf581721c84fd92501e2d0886b284e8fa8e7dc193e41ab300a063dfe5f3

Cloud 35.0.0
18/08/2022

Analysis Report
S.O.V.A analysis on Android 12 Snow Cone

SHA256: b01b74aaf249d0740f541c081c0c0de4bf455b4b68f2634fab6cf8aafcd95d52

Cloud 33.0.0
10/09/2021

Analysis Report
S.O.V.A. Banking Trojan

SHA256: efb92fb17348eb10ba3a93ab004422c30bcf8ae72f302872e9ef3263c47133a7

Cloud 33.0.0
29/07/2021

Analysis Report
TEABot e-Banking trojan

SHA256: 89e5746d0903777ef68582733c777b9ee53c42dc4d64187398e1131cccfc0599

Cloud 28.0.0
26/03/2020

Analysis Report
Anbuis e-Banking Trojan using COVID19 theme

MD5: 3bb8fe04c67d6b35a92968bedffb7449

Cloud 28.0.0
26/03/2020

Analysis Report
Cerberus e-Banking Trojan using COVID19 theme

MD5: 89dc684c914932f0bb05222d98ccae17

Cloud 28.0.0
20/03/2020

Analysis Report
EventBot e-Banking Trojan (dev version)

MD5: f73f66b15791a42dac86d0ced46d660f

Cloud 28.0.0
25/10/2019

Analysis Report
Ginp e-Banking Trojan

MD5: 0a8d5a301d1ea44d5721045eea07fdcd

Cloud 26.0.0
28/08/2019

Analysis Report
CamScanner Necro.n

MD5: 7b7064d3876fc3cb1b3593e3c173a1a2

Cloud 26.0.0
25/07/2019

Analysis Report
Monokle RAT

MD5: a342b423e0ca57eba3a40311096a4f50

Cloud 26.0.0
12/07/2019

Analysis Report
Infector Agent Smith

MD5: 2f07c9b2a67104f8bc08d831c8922b6a

Cloud 26.0.0
25/06/2019

Analysis Report
Riltok e-Banking Malware

MD5: 2f07c9b2a67104f8bc08d831c8922b6a

Cloud 26.0.0
10/04/2019

Analysis Report
Android Malware which is able to send Whatsapp messages

MD5: 8df5b22cabc10423533884da7648e982

Cloud 26.0.0
03/04/2019

Analysis Report
Spyware XLoader related to Roaming Mantis

MD5: 651b6888b3f419fc1aac535921535324

Cloud 26.0.0
03/04/2019

Analysis Report
Adware Reptilicus

MD5: 9be7585e88c3697d1689fdd1456c2a52

Cloud 25.0.0
21/02/2019

Analysis Report
Anubis e-Banking Malware

MD5: b195bb8399be64002fbca421f14b2ac1

Cloud 25.0.0
12/02/2019

Analysis Report
Android Clipper, stealing crypto currency via clipboard hook

MD5: 24d7783aaf34884677a601d487473f88

Cloud 25.0.0
03/01/2019

Analysis Report
Android Spyware / Trojan MobSTSPY on Android 8.1 Oreo

MD5: 6af7af5cf626424751990f99731170e0

Cloud 24.0.0
09/12/2018

Analysis Report
Android Click Fraud Trojan

MD5: 03d66dd7ec05c8aa113854d6ad502ebb

Cloud 24.0.0
07/11/2018

Analysis Report
BianLia Trojan / Banker using date evasion and packing

MD5: 0c52aa43d1244c604b5f073f344677d8

Cloud 24.0.0
21/09/2018

Analysis Report
BankBot aka Anubis 2.0

MD5: 8ad6ee283c1b5b5a855bb3857ce7f275

Cloud 24.0.0
21/09/2018

Analysis Report
Monero Miner

MD5: fffb8d51838af6bb742e84b8b16239bb

Cloud 23.0.0
16/08/2018

Analysis Report
BankBot Anubis, e-Banking Trojan, Ransomware

MD5: 7e6a3e943673f731130fc5b4aeecde1b

Cloud 22.0.0
16/04/2018

Analysis Report
Roaming Mantis Android banking Trojan

MD5: 03108e7f426416b0eaca9132f082d568

Cloud 21.0.0
22/01/2018

Analysis Report
Skygofree, Trojan / Spyware

MD5: 39fca709b416d8da592de3a3f714dce8

Cloud 21.0.0
30/10/2017

Analysis Report
Coin Miner via CoinHive Javascript

MD5: fc1e08187de3f4b7cb52bd09ea3c2594

Cloud 20.0.0
16/10/2017

Analysis Report
DoubleLocker Android Ransomware

MD5: 85cfbd81ff6729927c968fbbb2d1d84d

Cloud 20.0.0
30/08/2017

Analysis Report
WireX DDOS Bot

MD5: c3f25252f8bc3361e426564ac2715109

Cloud 20.0.0
22/08/2017

Analysis Report
SonicSpy Android Trojan / Bot

MD5: 544bc1c6ecd95d89d96b5e75c3121fea

Cloud 19.0.0
29/05/2017

Analysis Report
Judy, click fraudster

MD5: 3d3eac7909186c86ae7f07c42fd61b1e

Cloud 19.0.0
12/04/2017

Analysis Report
Banking Trojan Marcher

MD5: c824dd7a921f5bd2b63bcbf92bdbd7d8

Cloud 18.0.0
27/01/2017

Analysis Report
Ransomware Charger

MD5: 2b83bd1d97eb911e9d53765edb5ea79e

Cloud 18.0.0
25/01/2017

Analysis Report
Trojan BankBot, stealing credit card and login data

MD5: beee6b598d006a6f6fc93f6b8764715f

Cloud 37.0.0
23/08/2023

Analysis Report
XLoader (Objective-C) on Ventura (ARM64)

SHA256: 453e155722ac23771d63418e39f88430b0a922bd5f4afa81dcc73db44571b79e

Cloud 37.0.0
16/08/2023

Analysis Report
LockBit randomware analyzed on native MacMini Apple Silicon (ARM64) with macOS Ventura

SHA256: 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79

Cloud 35.0.0
24/08/2022

Analysis Report
XCSSET trojan

SHA256: 483b2f45a06516439b1dbfedda52f135a4ccdeafd91192e64250305644e5ff48

Cloud 35.0.0
18/08/2022

Analysis Report
NukeSped with Coinbase PDF (Lazarus)

SHA256: fe336a032b564eef07afb2f8a478b0e0a37d9a1a6c4c1e7cd01e404cc5dd2853

Cloud 34.0.0
04/05/2022

Analysis Report
NukeSped.N with Decoy PDF (Lazarus)

SHA256: 55571ac52e1f02f18af77e2f3314382c982a37744b58732dfc15faac9d66619f

Cloud 34.0.0
28/03/2022

Analysis Report
Gimmick Trojan

SHA256: 2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f

Cloud 33.0.0
26/01/2022

Analysis Report
DazzlySpy Trojan implant

SHA256: f9ad42a9bd9ade188e997845cae1b0587bf496a35c3bffacd20fefe07860a348

Cloud 33.0.0
12/01/2022

Analysis Report
SysJoker Multi-Platform Backdoor

SHA256: 1a9a5c797777f37463b44de2b49a7f95abca786db3977dcdac0f79da739c08ac

Cloud 33.0.0
12/11/2021

Analysis Report
MACMA aka CDDS Payload used in watering hole attack campaign

SHA256: cf5edcff4053e29cb236d3ed1fe06ca93ae6f64f26e25117d68ee130b9bc60c8

Cloud 32.0.0
15/09/2021

Analysis Report
OSX ZuRu running in trojanized iTerm2

SHA256: e5126f74d430ff075d6f7edcae0c95b81a5e389bf47e4c742618a042f378a3fa

Cloud 33.0.0
22/07/2021

Analysis Report
XLoader / Formbook info stealer on macOS

SHA256: 81c4276f2e3c0ed456b08402a6a5b63d0cad68220b7a3275b3cbf0ba73faaa21

Cloud 32.0.0
09/07/2021

Analysis Report
WildPressure macOS Python (analyzed with Live Interaction)

SHA256: 1448f34fcde1e6d7df000c38a61c3dd6d5fd304f9ad60cadfa3deb875b6b088f

Cloud 31.0.0
28/04/2021

Analysis Report
Shlayer with CVE-2021-30657 exploit for bypassing Gatekeeper, File Quarantine and Application Notarization

SHA256: 70c6f9da05046525605e2066185929c2659e27a3851dc43d8aa69e2692e6154f

Cloud 28.0.0
14/05/2020

Analysis Report
Adware Bundlore

SHA256: 02835cb8f68488d57e55430bf6032bee84460ed9eb8f649a5e9e1838c3a0df4f

Cloud 28.0.0
6/05/2020

Analysis Report
OSX Dacls backdoor/RAT (Lazarus APT)

SHA256: 899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53

Cloud 27.0.0
25/09/2019

Analysis Report
OSX GMERA.1 Trojan and Stealer

SHA256: 18e1db7c37a63d987a5448b4dd25103c8053799b0deea5f45f00ca094afe2fe7

Cloud 27.0.0
25/09/2019

Analysis Report
OSX GMERA.2 Trojan and Stealer

SHA256: faa2799751582b8829c61cbfe2cbaf3e792960835884b61046778d17937520f4

Cloud 26.0.0
21/06/2019

Analysis Report
OSX NetWire

SHA256: 07a4e04ee8b4c8dc0f7507f56dc24db00537d4637afee43dbb9357d4d54f6ff4

Cloud 26.0.0
09/04/2019

Analysis Report
OSX OceanLotus

SHA256: e94781e3da02c7f1426fd23cbd0a375cceac8766fe79c8bc4d4458d6fe64697c

Cloud 25.0.0
14/02/2019

Analysis Report
OSX WinPlyer Trojan + MacSearch Adware

SHA256: c87d858c476f8fa9ac5b5f68c48dff8efe3cee4d24ab11aebeec7066b55cbc53

Cloud 24.0.0
24/12/2018

Analysis Report
OSX WindTail

SHA256: ad282e5ba2bc06a128eb20da753350278a2e47ab545fdab808e94a2ff7b4061e

Cloud 24.0.0
12/12/2018

Analysis Report
OSX LamePyre

SHA256: a899a7d33d9ba80b6f9500585fa108178753894dfd249c2ba64c9d6a601c516b

Cloud 24.0.0
10/12/2018

Analysis Report
OSX DarthMiner (EmPyre + XMRig)

SHA256: ebecdeac53069c9db1207b2e0d1110a73bc289e31b0d3261d903163ca4b1e31e

Cloud 24.0.0
07/11/2018

Analysis Report
OSX AwesomeSearch Adware Spyware

MD5: a6338a0054fe0e05574787a7a96e7b88

Cloud 24.0.0
02/11/2018

Analysis Report
OSX CoinTicker Trojan

MD5: 6e90da7669304722c9a06db0e32554ef

Cloud 24.0.0
03/10/2018

Analysis Report
OSX FairyTale Adware

MD5: 784a95029a730ccbbf1efac72d7264d6

Cloud 23.0.0
26/07/2018

Analysis Report
OSX Calisto

MD5: d7ac1b8113c94567be4a26d214964119

Cloud 23.0.0
03/07/2018

Analysis Report
OSX Dummy

MD5: 7130faced98c800e6d8b1c42eca7d3dc

Cloud 22.0.0
14/05/2018

Analysis Report
New Crossrider variant

MD5: 653be35703942572c502e75710c56f56

Cloud 21.0.0
16/01/2018

Analysis Report
DNS Hijacker, MaMi

MD5: 6e6034c13cb949156888513211b1f1ef

Cloud 21.0.0
21/11/2017

Analysis Report
OSX Proton F

MD5: 6af212f189c28a3111b2dfa63f02ab4f

Cloud 21.0.0
23/10/2017

Analysis Report
OSX Proton in Supply Chain Attack (Elmedia Player)

MD5: 29fb77664fc4f13ea5f65cfe01b292af

Cloud 20.0.0
16/06/2017

Analysis Report
MacOS MacRansom

MD5: 8fe94843a3e655209c57af587849ac3a

Cloud 19.0.0
09/05/2017

Analysis Report
Trojan OSX Proton B

MD5: 577cd71ea0456348914312df22e12a5a

Cloud 19.0.0
05/05/2017

Analysis Report
Trojan OSX Snake aka Turla

MD5: 000e4225f382f9eee675dcaf3cbf9c7e

Cloud 19.0.0
03/05/2017

Analysis Report
Spyware OSX/Dok B

MD5: 0e48346ebd57b1b6dbaa0bbad4d579dc

Cloud 19.0.0
02/05/2017

Analysis Report
Spyware OSX/Dok A

MD5: e8bdde90574d5bf285d9abb0c8a113a8

Cloud 19.0.0
23/03/2017

Analysis Report
Mac Adware Downloader

MD5: 9e4fd1941aed7df97132d833972a65ef

Cloud 18.0.0
27/02/2017

Analysis Report
Ransomware FileCoder

MD5: 1b8be665af7729618d70bad773aac423

Cloud 18.0.0
08/02/2017

Analysis Report
iKitten / Macdownloader, Spyware

MD5: 787d664e842961f2a335139407f91a70

Cloud 18.0.0
07/02/2017

Analysis Report
Malicious Office document creating a Reverse Shell via VBA Macro

MD5: 952a36f4231c8628acea028b4145daec

Cloud 18.0.0
06/01/2017

Analysis Report
Apple Mail DOS via Safari, Support Scam

X 2.0.0
29/02/2016

Analysis Report
Trojan Wirelurker

MD5: dca13b4ff64bcd6876c13bbb4a22f450

X 2.0.0
16/02/2016

Analysis Report
Trojan Flashplayer

MD5: 22e368f505c952d76529005dc99794f7

X 2.0.0
16/02/2016

Analysis Report
Ransomware Mabouia PoC

MD5: 41b631c9a1a09d95620f204f3e723b0f

X 2.0.0
16/02/2016

Analysis Report
Adware Bundlore

MD5: d030ec7964a5863a7b78adeb3a6cc153

Cloud 38.0.0
12/07/2023

Analysis Report
CVE-2023-36884 using RTF to load Word DOC via MSHTML iframe injection

SHA256: a61b2eafcf39715031357df6b01e85e0d1ea2e8ee1dfec241b114e18f7a1163f

Cloud 38.0.0
15/06/2023

Analysis Report
SolarMarker with file pumping, valid PE signature, Powershell dropper and .Net backdoor

SHA256: 6f7332625d573ccc7b14264ee0db7e671305e1206c7eaf920e17c26f7b5b64a7

Cloud 37.0.0
15/02/2023

Analysis Report
STOP Djvu Ransomware via SmokeLoader with full config extracted

SHA256: 5ea4451ca1ce36db2dc6e7a85f07c748ddbb758b65f2194d734afd08bd141126

Cloud 36.0.0
15/09/2022

Analysis Report
AgentTesla v3 with full malware configuration

SHA256: c6dae959f8e5373c6ac8746cfd8227b8d8099b692ee726aacbe18ecf1479282e

Cloud 35.0.0
26/07/2022

Analysis Report
Stealthy new payload delivery method: HTML (showing a PW) -> ZIP encrypted -> ISO -> LNK -> Calc.exe -> DLL -> DLL -> QBOT

SHA256: f5c16248418a4f1fd8dff438b26b8da7f587b77db9e180a82493bae140893687

Cloud 33.0.0
01/02/2022

Analysis Report
noPac using CVE-2021-42287 - CVE-2021-42278 Exploit to gain DC Admin

SHA256: 4e37819484e865f8e20c2aaa94ec05f3bfe3bb6f36ea4bb6df376c8d4f1ffcca

Cloud 33.0.0
12/01/2022

Analysis Report
SysJoker Multi-Platform Backdoor

SHA256: 1ffd6559d21470c40dcf9236da51e5823d7ad58c93502279871c3fe7718c901c

Cloud 33.0.0
23/12/2021

Analysis Report
Emotet dropped by Hidden Macro

SHA256: bb1f500a59544aa8e44a0377cc506dfbebca1ecb7a8c73dc72d3268803976ff5

Cloud 33.0.0
25/08/2021

Analysis Report
Kimsuky Espionage Campaign, JS instrumentation

SHA256: 20eff877aeff0afaa8a5d29fe272bdd61e49779b9e308c4a202ad868a901a5cd

Cloud 33.0.0
22/07/2021

Analysis Report
Hanictor analysis with VBA and shellcode execution graph, dropping FickerStealer

SHA256: 83c9c9beaca0a147e23995b84792f56cd130ccf262147374bd1114c2ac698fee

Cloud 33.0.0
15/07/2021

Analysis Report
Kaseya attack dropping Sodinokibi

939aae3cc456de8964cb182c75a5f8cc

Cloud 31.0.0
16/02/2021

Analysis Report
Sodinokibi Ransomware with full config extraction

39d22b8f3da4a83cd957f324f2423309

Cloud 30.0.0
17/09/2020

Analysis Report
GuLoader dropping LuminosityLink RAT

01a54f73856cfb74a3bbba47bcec227b

Cloud 29.0.0
14/09/2020

Analysis Report
SmoleLoader dropping Racoon

18b04e2fd804d553d9a35e088193dea7

Cloud 28.0.0
09/12/2019

Analysis Report
Ave Maria RAT signed by Sectigo

MD5: 94ff625253b3920fe5b6824bd8c30482

Cloud 28.0.0
13/11/2019

Analysis Report
QBot/Qakbot bankink trojan

MD5: ad30987a53b1b0264d806805ce1a2561

Cloud 28.0.0
06/11/2019

Analysis Report
Maze Ransomware

MD5: ad30987a53b1b0264d806805ce1a2561

Cloud 28.0.0
23/10/2019

Analysis Report
TrickBot v1000479

MD5: 0a8d5a301d1ea44d5721045eea07fdcd

Cloud 27.0.0
30/09/2019

Analysis Report
ODT (Open Office File) dropping NJRAT

MD5: 7b7064d3876fc3cb1b3593e3c173a1a2

Cloud 27.0.0
20/09/2019

Analysis Report
Emotet

MD5: 7b7064d3876fc3cb1b3593e3c173a1a2

Cloud 26.0.0
27/06/2019

Analysis Report
Gozi/Ursnif e-Banking Trojan

MD5: 879d9a2c75ee83443a0a913f5dc71b5c

Cloud 26.0.0
30/05/2019

Analysis Report
LockCrypt Ransomware

2d1ca86789091f84f0d4f6af9fd5d51d

Cloud 25.0.0
26/03/2019

Analysis Report
ShadowHammer Supply Chain Attack of Asus Update

MD5: 55a7aa5f0e52ba4d78c145811c830107

Cloud 25.0.0
21/03/2019

Analysis Report
GrandCrab 5.2 Ransomware

MD5: fe2d1caa2d52000efcd19ea1ea31d254

Cloud 25.0.0
20/03/2019

Analysis Report
LockerGoga Ransomware

MD5: 6f772eb660bc05fc26df86c98ca49abc

Cloud 25.0.0
13/02/2019

Analysis Report
Spear Phishing e-mail - link - Microsoft Word document - Emotet

http://leonfurniturestore.com/sec.myacc.resourses.biz/

Cloud 25.0.0
13/02/2019

Analysis Report
Formbook info stealer malware

MD5: 287782734f94678617b7028b029320ab

Cloud 25.0.0
10/02/2019

Analysis Report
Classic Paypal Phishing

https://a1.bedirectip.com/c/myaccount/signin/?country.x=US&locale.x=en_US

Cloud 25.0.0
31/12/2018

Analysis Report
ADWIND/JRAT detecting via Java Runtime information

MD5: 19cd10627207bcf7f7c41ee26cbdd174

Cloud 24.0.0
06/12/2018

Analysis Report
CVE-2018-15982 dropping Hacking-Team RAT

MD5: 92b1c50c3ddf8289e85cbb7f8eead077

Cloud 24.0.0
29/11/2018

Analysis Report
Emotet e-Banking delivered via PDF

SHA256: d742ce0096cd0d3b2c47063f9f33cb46ba085887bd7c084fda08235c4fa26d7e

Cloud 24.0.0
18/10/2018

Analysis Report
Trojan spreading via VNC brute force

MD5: 642c7ad7b1608f00ba6159250b41ef75

Cloud Basic 23.0.0
30/08/2018

Analysis Report
Trojanized Adobe installer with Remote Utilities RAT

MD5: eda8e4f2df81e0ba5b88d73de9779205

Cloud 23.0.0
17/08/2018

Analysis Report
CryptoMiner using xmrig and xmr-stak

MD5: d3fa184981b21e46f81da37f7c2cf41e

Cloud 23.0.0
14/08/2018

Analysis Report
Ursnif using COM InternetExplorer

MD5: 9cb0d02cbc93981015f6c050a0778cfd

Cloud 23.0.0
30/07/2018

Analysis Report
Supply chain infection with Monero miner

MD5: 0ae326bf4b644c91f155c3d0ba23881f

Cloud 22.0.0
26/06/2018

Analysis Report
Bitcoin miner, overwrites Adobe Reader Update for persistence starts

MD5: 52e10c90700a37a33a132d8e67120f39

Cloud 22.0.0
19/06/2018

Analysis Report
VBA document dropping Empire via HTA, decoy targeting Spiez Convergence in Switzerland

MD5: 0e7b32d23fbd6d62a593c234bafa2311

Cloud 22.0.0
31/05/2018

Analysis Report
Word document, OLE reference to external RTF, CVE 2017-11882, TrickBot

MD5: 70162476205496513fd88e9069372e53

Cloud 22.0.0
11/05/2018

Analysis Report
SynAck Ransomware using Doppelgänging injection technique

MD5: 6f772eb660bc05fc26df86c98ca49abc

Cloud 22.0.0
03/05/2018

Analysis Report
Lokibot dropping Adwind RAT

MD5: d87bda9120de373ab47fe445b99b6298

Cloud 22.0.0
07/04/2018

Analysis Report
Netflix Phishing

hxxp://confirm-your-info-51783[.]confiry0[.]beget[.]tech/151604749699341/nfx/

Cloud 22.0.0
28/02/2018

Analysis Report
Zeus Panda e-Banking trojan

MD5: a77ad824e5058d6504a791d0289ffc3d

Cloud 22.0.0
19/02/2018

Analysis Report
Hacking Team Remote Control System Spyware

MD5: c0618556e9ef16b35b042bc29aeb9291

Cloud 22.0.0
19/02/2018

Analysis Report
Hacking Team Remote Control System Spyware

MD5: c0618556e9ef16b35b042bc29aeb9291

Cloud 21.0.0
01/02/2018

Analysis Report
Excel sheet exploiting Adobe Flash Player vulnerability CVE-2018-4878

MD5: 5f97c5ea28c0401abc093069a50aa1f8

Cloud 22.0.0
30/01/2018

Analysis Report
Malicious office document targeting several government entities, dropping Sofacy

MD5: 56f98e3ed00e48ff9cb89dea5f6e11c1

Cloud 21.0.0
22/01/2018

Analysis Report
Turla / KopiLuwak Backdoor

MD5: 7c378d78b7a89aef27e8a3c5066b8511

Cloud 21.0.0
03/01/2018

Analysis Report
Coinminer

MD5: 3b574b67bf5a80c43e6430d69b72e6ec

Cloud 21.0.0
21/11/2017

Analysis Report
RTF exploiting CVE 2017-11882

MD5: 11f71f387e87bbb2b97b6c27f78320e4

Cloud 21.0.0
30/10/2017

Analysis Report
FIN7 / Carbanak Trojan

MD5: a00ae556a61907d43332449169c88844

Cloud 20.0.0
25/10/2017

Analysis Report
Bad Rabbit new version of NotPetya

MD5: fbbdc39af1139aebba4da004475e8839

Cloud 20.0.0
20/10/2017

Analysis Report
CVE-2017-11292

MD5: 0e0f7e17b8926d9bfd43a320d703e41b

Cloud 20.0.0
18/10/2017

Analysis Report
Emotet Banking Trojan

hxxp://austinfilmschool.org/Invoice-Dated-17-Oct-17-372510608/VR-AOFGB/2017/

Cloud 20.0.0
12/09/2017

Analysis Report
CVE-2017-8759 dropping FinFisher / FinSpy

MD5: 24a3d1d2f36824dfa190d8f93da26432

Cloud 20.0.0
06/09/2017

Analysis Report
AES based Phishing Page for Office 360

hxxps://login.microsoftonlineoww.recentviralvideos.com

Cloud 20.0.0
31/08/2017

Analysis Report
ADWIND Java RAT

MD5: 4a1f885f0cb4392ae2ad7ae06b05811e

Cloud 20.0.0
21/08/2017

Analysis Report
New Locky Ransomware Diablo6 Variant

MD5: 544bc1c6ecd95d89d96b5e75c3121fea

Cloud 20.0.0
27/06/2017

Analysis Report
Petya Ransomware loaded with EternalBlue SMBv1 Exploit

MD5: 71b6a493388e7d0b40c83ce903bc6b04

Cloud 19.0.0
08/06/2017

Analysis Report
Paypal Phishing

Cloud 19.0.0
29/05/2017

Analysis Report
PPS Lure, using HREF Mouse Over to drop payloads

MD5: 823c408af2d2b19088935a07c03b4222

Cloud 19.0.0
12/05/2017

Analysis Report
Wanna Cry Ransomware

MD5: 577cd71ea0456348914312df22e12a5a

Cloud 19.0.0
12/04/2017

Analysis Report
Malicious Word document, CVE-2017-0199, dropping Dridex e-Banking trojan

MD5: 8b6f6bdefdc6b42abf9f372123152ab2

Cloud 19.0.0
21/03/2017

Analysis Report
Cerber Ransomware

MD5: b858dc628617f4bfbb977a7348b0c512

Cloud 19.0.0
07/03/2017

Analysis Report
Nice powershell analysis of Locky & Konvter

MD5: 2161f8cf7b6c1a1a3a6fdc41083566a5

Cloud 18.0.0
23/02/2017

Analysis Report
Office Document Spear Phish target Mongolian Government

MD5: 614875cf37898562aa115a64f17b0117

Cloud 18.0.0
03/02/2017

Analysis Report
Digitally signed VBA dropper, nice VBA analysis

MD5: 2b83bd1d97eb911e9d53765edb5ea79e

Cloud 18.0.0
12/01/2017

Analysis Report
Malicious document using Macro / Shellcode to drop files (Hancitor dropper)

MD5: 85965f7ce5e44f1836ebcaff4a8aef31

Cloud 17.0.0
06/01/2017

Analysis Report
Analyis of malicious document using ENIGMA0X3 UAC Bypass

MD5: 1144eeaebb15044fa64f4d9bb5670349

Cloud 35.0.0
21/07/2022

Analysis Report
TeamTNT variant mining Raptoreum (RTM) cryptocurrency

SHA256: 4f4fef3aa02d725b00793b75afcd2d75ecd554a9a23cb3e7d87969b3226f72b1

Cloud 33.0.0
12/01/2022

Analysis Report
SysJoker Multi-Platform Backdoor

SHA256: bd0141e88a0d56b508bc52db4dab68a49b6027a486e4d9514ec0db006fe71eed

Cloud 33.0.0
30/11/2021

Analysis Report
Abcbot botnet malware

SHA256: 22b521f8d605635e1082f3f33a993979c37470fe2980956064aa4917ea1b28d5

Cloud 32.0.0
06/08/2021

Analysis Report
XMrig cryptominer disabling HW prefetcher in MSR registers

SHA256: 28e9b06e5a4606c9d806092a8ad78ce2ea7aa1077a08bcf3ec1d8e3d19714f08

Cloud 32.0.0
01/07/2021

Analysis Report
REvil Linux (analyzed with Live Interaction)

SHA256: ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4

Cloud 31.0.0
25/03/2021

Analysis Report
Tsunami botnet malware

SHA256: 864d438887ea34ffd06b03695267e93b48e73ec0f39d047968a1cce44448c581

Cloud 30.0.0
05/10/2020

Analysis Report
FinSpy (FinFisher) commercial trojan

SHA256: 1e9162cd0941557304a6a097dfaadf59f90bc8bbaa9879afe67b5ce0d1514be8

Cloud 28.0.0
13/12/2019

Analysis Report
IoT Bot with DDoS Capabilities

SHA256: 105a07a0dd8b9a0c2dcde26db29a14e033f98ee28d20f7e7115d7ccd919d60de

Cloud 26.0.0
25/07/2019

Analysis Report
WatchBog CoinMiner

SHA256: 26ebeac4492616baf977903bb8deb7803bd5a22d8a005f02398c188b0375dfa4

Cloud 26.0.0
02/07/2019

Analysis Report
CoinMiner with Brootkit user-mode rootkit

SHA256: c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa

Cloud 26.0.0
12/04/2019

Analysis Report
CoinMiner

MD5: eec085bae7c4dfcdcb353b095b8375fa

Cloud 24.0.0
08/10/2018

Analysis Report
BitCoinMiner

MD5: 94bfedc1dd3a8e3760fca3229a573464

Cloud 22.0.0
08/06/2018

Analysis Report
ReddisWannaMine

MD5: d02477f0c908e721701f9644afe8fe5c

Cloud 22.0.0
31/05/2018

Analysis Report
Coin mining malware

MD5: 9a0629bbb97ef2c2fd8369778aa9a0d3

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 3 (tor plugin)

MD5: b5dc976043db9b42c9f6fa889205c68a

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 2 (debug version)

MD5: 87049e223dd922dc1d8180c83e2fde77

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 2

MD5: 87049e223dd922dc1d8180c83e2fde77

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 1

MD5: 5f358afee76f2a74b1a3443c6012b27b

Cloud 31.0.0
07/04/2021

Analysis Report
Demo App for Joe Sandbox I on iOS 13

SHA256: ceeafc96b3bbd7a20749919a86b407863f9fedc83aaafa16e8d2b16c274dea8f

Class 2.0.0
29/09/2018

Analysis Report
APT28/Grizzlybear Lojack Double Agent

MD5: 595aff5212df3534fb8af6a587c6038e

Class 2.0.0
29/08/2018

Analysis Report
APT28/Grizzlybear related sample

MD5: f0309aa0519ee70c29bbb471352781e7

Class 2.0.0
29/08/2018

Analysis Report
Malicious RTF using CVE-2018-0802

MD5: 15a43d4c8ae9592ee06a410c58311e35

Class 2.0.0
29/08/2018

Analysis Report
Gozi ISFB Banking Malware

MD5: e2476ed98a57bbb14f45fd1e04d4c43c

Class 2.0.0
29/08/2018

Analysis Report
DarkComet RAT

MD5: cd1974c09f7171e19634de0e00d7efb7

Cloud 35.0.0
21/07/2022

Analysis Report
TeamTNT variant mining Raptoreum (RTM) cryptocurrency

SHA256: 4f4fef3aa02d725b00793b75afcd2d75ecd554a9a23cb3e7d87969b3226f72b1

Cloud 33.0.0
12/01/2022

Analysis Report
SysJoker Multi-Platform Backdoor

SHA256: bd0141e88a0d56b508bc52db4dab68a49b6027a486e4d9514ec0db006fe71eed

Cloud 33.0.0
30/11/2021

Analysis Report
Abcbot botnet malware

SHA256: 22b521f8d605635e1082f3f33a993979c37470fe2980956064aa4917ea1b28d5

Cloud 32.0.0
06/08/2021

Analysis Report
XMrig cryptominer disabling HW prefetcher in MSR registers

SHA256: 28e9b06e5a4606c9d806092a8ad78ce2ea7aa1077a08bcf3ec1d8e3d19714f08

Cloud 32.0.0
01/07/2021

Analysis Report
REvil Linux (analyzed with Live Interaction)

SHA256: ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4

Cloud 31.0.0
25/03/2021

Analysis Report
Tsunami botnet malware

SHA256: 864d438887ea34ffd06b03695267e93b48e73ec0f39d047968a1cce44448c581

Cloud 30.0.0
05/10/2020

Analysis Report
FinSpy (FinFisher) commercial trojan

SHA256: 1e9162cd0941557304a6a097dfaadf59f90bc8bbaa9879afe67b5ce0d1514be8

Cloud 28.0.0
13/12/2019

Analysis Report
IoT Bot with DDoS Capabilities

SHA256: 105a07a0dd8b9a0c2dcde26db29a14e033f98ee28d20f7e7115d7ccd919d60de

Cloud 26.0.0
25/07/2019

Analysis Report
WatchBog CoinMiner

SHA256: 26ebeac4492616baf977903bb8deb7803bd5a22d8a005f02398c188b0375dfa4

Cloud 26.0.0
02/07/2019

Analysis Report
CoinMiner with Brootkit user-mode rootkit

SHA256: c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa

Cloud 26.0.0
12/04/2019

Analysis Report
CoinMiner

MD5: eec085bae7c4dfcdcb353b095b8375fa

Cloud 24.0.0
08/10/2018

Analysis Report
BitCoinMiner

MD5: 94bfedc1dd3a8e3760fca3229a573464

Cloud 22.0.0
08/06/2018

Analysis Report
ReddisWannaMine

MD5: d02477f0c908e721701f9644afe8fe5c

Cloud 22.0.0
31/05/2018

Analysis Report
Coin mining malware

MD5: 9a0629bbb97ef2c2fd8369778aa9a0d3

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 3 (tor plugin)

MD5: b5dc976043db9b42c9f6fa889205c68a

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 2 (debug version)

MD5: 87049e223dd922dc1d8180c83e2fde77

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 2

MD5: 87049e223dd922dc1d8180c83e2fde77

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 1

MD5: 5f358afee76f2a74b1a3443c6012b27b

Cloud 26.0.0
16/09/2019

Analysis Report
Nicro Android Trojan using several evasion techniques

MD5: 7b7064d3876fc3cb1b3593e3c173a1a2

Cloud 26.0.0
14/08/2019

Analysis Report
Cerberus using motion events (accelerator) to trigger payload

MD5: a342b423e0ca57eba3a40311096a4f50

Cloud 26.0.0
21/02/2019

Analysis Report
Evasive Android dropper using native libraries to detect VMs and rooted devices

MD5: f412517d1e386cbd567fbba81d1842fe

Cloud 25.0.0
20/01/2019

Analysis Report
Anubis Loader using motion events (accelerator) to trigger the installation

MD5: d97a63536a7225bb1e788e7c244373dc

Cloud 24.0.0
07/11/2018

Analysis Report
BianLia Trojan / Banker using date evasion and packing

MD5: 0c52aa43d1244c604b5f073f344677d8

Cloud 24.0.0
27/10/2018

Analysis Report
Banking Trojan Dropper with Anti-Emulator and Anti-Sandbox Stub

MD5: cfa7fdb907e9165a9299fb164dda3b90

Cloud 21.0.0
22/12/2017

Analysis Report
Loapi multi Layer unpacking trojan with Mining capabilities

MD5: 3b574b67bf5a80c43e6430d69b72e6ec

Cloud 31.0.0
15/01/2021

Analysis Report
OSAMiner

SHA256: df550039acad9e637c7c3ec2a629abf8b3f35faca18e58d447f490cf23f114e8

Cloud 31.0.0
02/12/2020

Analysis Report
OSX OceanLotus.F

SHA256: cfa3d506361920f9e1db9d8324dfbb3a9c79723e702d70c3dc8f51825c171420

Cloud 30.0.0
28/09/2020

Analysis Report
FinSpy (FinFisher) commercial trojan

SHA256: 4f3003dd2ed8dcb68133f95c14e28b168bd0f52e5ae9842f528d3f7866495cea

Cloud 29.0.0
01/07/2020

Analysis Report
EvilQuest (ThiefQuest) Ransomware, contains functions related to anti-analysis

SHA256: b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a

Cloud 26.0.0
01/07/2019

Analysis Report
OSX CrescentCore, VM-aware rogue software installer

SHA256: 45eab9f25158b677877a447b052f024c44c80744bcfae59deb660c47a9cbf1ac

Cloud 20.0.0
16/06/2017

Analysis Report
MacOS MacRansom, queries model and CPU count information

MD5: 8fe94843a3e655209c57af587849ac3a

Cloud 34.0.0
09/05/2022

Analysis Report
Bumblebee Loader with extensive Anti-VM and Anti-Sandbox techniques

SHA256: c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb

Cloud 28.0.0
24/01/2022

Analysis Report
Date-aware (<20.1.2020) Cassandra Crypter dropping AgentTesla

MD5: a24c195da4f8a5dee365875b3e3a38a1

Cloud 28.0.0
22/01/2022

Analysis Report
TrickBot Downloader counting total number of processes

MD5: 3e8c58262860fcbce68af93f4a022232

Cloud 33.0.0
14/10/2021

Analysis Report
Evasive GuLoader dropping Formbook, bare metal analysis

ab5135e71815ad27daf57be78754c85d

Cloud 32.0.0
06/04/2021

Analysis Report
Evasive JS dropper checking the video card RAM size via WMI Win32_VideoController.adapterRAM and many additional WMI checks

6cdad3b5ac021d3dbf0fb6159831cdce

Cloud 30.0.0
17/09/2020

Analysis Report
Unknown loader using Instruction Hammering, dropping DarkComet

DDD60E9AE362DEF377AA70D414ED374D

Cloud 30.0.0
17/09/2020

Analysis Report
GuLoader with many evasion, including Instruction Hammering

01a54f73856cfb74a3bbba47bcec227b

Cloud 30.0.0
17/09/2020

Analysis Report
AgentTesla, tries to steal Putty/WinSCP info

MD5: 2689e0bd727c85849f786822b360cd28

Cloud 29.0.0
14/09/2020

Analysis Report
SmoleLoader using various VM detections, CodeIntegrity checks, etc

18b04e2fd804d553d9a35e088193dea7

Cloud 28.0.0
22/04/2020

Analysis Report
AgentTesla loader using RDTSC, CPUID and Win32_BaseBoard VM detection

MD5: 87e74af7016e8a9b9304dc537fa093da

Cloud 28.0.0
24/02/2020

Analysis Report
Azorult, using several tricks to detect sandboxes (desktop resolution, tick count, processes etc)

MD5: ff17014cbb249e173309a9e1251e4574

Cloud 28.0.0
10/12/2019

Analysis Report
Country (Application.LanguageSettings. LanguageID) and filename (ActiveWorkbook.Name) aware VBA dropping Ursnif

MD5: c5e1106f9654a23320132cbc61b3f29d

Cloud 26.0.0
12/08/2019

Analysis Report
FrenchyShellcode Packer with open window check, dropping NJRAT

MD5: 879d9a2c75ee83443a0a913f5dc71b5c

Cloud 26.0.0
12/06/2019

Analysis Report
GetKeyboardLayout - check English / Russian - if yes crash

MD5: 2d1ca86789091f84f0d4f6af9fd5d51d

Cloud 26.0.0
09/05/2019

Analysis Report
Delays execution by executing massive amount of instructions / loops for more than 3 minutes

27cf7e2be6e049b2793ad9f38218eb01

Cloud 25.0.0
21/03/2019

Analysis Report
Malicious document dropping Gozi, NUMBER_OF_PROCESSORS VBA check

MD5: 6f772eb660bc05fc26df86c98ca49abc

Cloud 26.0.0
01/03/2019

Analysis Report
Country aware VBA Macro using GetLocaleInfo

MD5: 6a9eda3eb0bfc222ab46725829faaec7

Cloud 26.0.0
26/02/2019

Analysis Report
Country aware VBA Macro

MD5: aacb83294ca96f6713da83363ffd9804

Cloud 25.0.0
18/01/2019

Analysis Report
Imminent RAT using several anti-debugging and anti-VM evasions

MD5: d6c644512c430cd64965c2259150f371

Cloud 24.0.0
13/12/2018

Analysis Report
Country aware VBA Office Macro

7ffdde19a2ce936c1e1ed92aeb25eb78

Cloud 24.0.0
18/11/2018

Analysis Report
Word Document VBA process name and count check

MD5: cd15a7c3cb1725dc9d21160c26ab9c2e

Cloud 24.0.0
10/10/2018

Analysis Report
Gootkit e-Banking trojan using a whole bunch of anti-analysis and anti-vm techniques

MD5: 0ee40dfb96795b73c6bc1eef31e59356

Cloud 24.0.0
03/10/2018

Analysis Report
Gozi 2.17 using GetLocaleInfo and GetCursorPos evasions

MD5: 7e17f0f35d50f49407841372f24fbd38

Cloud 23.0.0
14/09/2018

Analysis Report
BONDUPDATER using various WMI querys to check for physical hardware (fan, thermal sensors etc)

MD5: ea6321f55ea83e6f2887a2360f8e55b0

Cloud 23.0.0
04/07/2018

Analysis Report
Evasive Backdoor, Time Evasions, Debugger Detection, VM Detection

MD5: 9e3ea995e40b62adae78e93e6b30780c

Cloud 22.0.0
08/05/2018

Analysis Report
Evasive sample using GetKeyboardLayout to target French computers

MD5: fe1214a06ffc40b1ebb524f185894487

Cloud 21.0.0
20/02/2018

Analysis Report
Olympic Destroyer, Wiper malware targeting Olympic Games 2018 in PyeongChang

MD5: f12fc711529b48bcef52c5ca0a52335a

Cloud 21.0.0
08/02/2018

Analysis Report
Elise malware loaded with Sandbox evasion using CVE-2018-0802 for persistence

MD5: f12fc711529b48bcef52c5ca0a52335a

Cloud 21.0.0
27/11/2017

Analysis Report
Retefe using MUILanguages Sandbox evasion trick

MD5: 85fc638bd373af9a95c715bc4f8b97fc

Cloud 20.0.0
09/10/2017

Analysis Report
Sandbox Process DOS / overloading

MD5: 1de07d0af66cfa7b504c2f563d45437b

Cloud 20.0.0
18/09/2017

Analysis Report
CCleaner (signed) infected by unknown malware, IcmpSendEcho evasion

MD5: ef694b89ad7addb9a16bb6f26f1efaf7

Cloud 20.0.0
12/09/2017

Analysis Report
Debugger and sandbox detection (file, registry and mutex based)

MD5: 24a3d1d2f36824dfa190d8f93da26432

Cloud 20.0.0
23/08/2017

Analysis Report
Ransomware SyncCrypt using scheduled tasks to evade analysis

MD5: d10c1bd17c1b84a22db0d77515b7c32e

Cloud 31.0.0
11/01/2021

Analysis Report
Black-T TeamTNT using Ezuri Loader

SHA256: 0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df

Cloud 31.0.0
11/01/2021

Analysis Report
Black-T TeamTNT using Ezuri Loader

SHA256: 0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df

37.1.0 Beryl
26/06/2023

Analysis Report
Strela Stealer

SHA256: 14009b05324320da1f4942c35d0cfd24b5dbc49773ce4618e6e070d74a7ffb6a

37.1.0 Beryl
25/06/2023

Analysis Report
Redline Clipper

SHA256: 9802c511f650d5eb611d309889655ac2f8daab5f87c30463b2505da99076192b

37.1.0 Beryl
08/06/2023

Analysis Report
Kraken Rat

SHA256: 0eef67dbee8912b9267f7ca7f7eb4f63547bc8d336bdddc22f98c14563c32515

37.1.0 Beryl
22/05/2023

Analysis Report
Typhon Logger

SHA256: bebd7434928eb7d1fb89a84ba41c3838fb5734f446b58b8bfb2d5dddf48e518b

37.0.0 Beryl
04/04/2023

Analysis Report
Stealerium

SHA256: 86aa79c05ad10f311c2c4d97ddc40d8fb048d25271d68387608aff6600bb5ac4

37.0.0 Beryl
22/03/2023

Analysis Report
WshRat

SHA256: 5f0329e51f347ca573ea69cd865bb03d0526d9e9e91477a4502a9fe35c3fbddf

37.0.0 Beryl
22/03/2023

Analysis Report
StealC

SHA256: b020c34a3b2b4bc4fbfa0ac4d3ca97283e2fdce71f737e1103bd638ed8f6647a

37.0.0 Beryl
22/03/2023

Analysis Report
RHADAMANTHYS

SHA256: 9e068da322450ae34e33254c3bd919c1a38c5387f10f99ce4305bc63452acea6

37.0.0 Beryl
21/03/2023

Analysis Report
Vector Stealer

SHA256: 86e233cb75b893c9e4e0d26385155c4f575e4217f2d52cba592641c996bc9cc8

37.0.0 Beryl
17/03/2023

Analysis Report
Aurora

SHA256: 5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449

37.0.0 Beryl
16/03/2023

Analysis Report
Chaos

SHA256: 074c7aa722ff77df5ed56b655cc11da0288550a7405dc439be4417c6fccf7d5f

37.0.0 Beryl
16/03/2023

Analysis Report
Kovter

SHA256: a597d34bc2464c3ace48ac04f6653f65ac4822ea8e4a5717ba9e4909b8c62240

37.0.0 Beryl
08/03/2023

Analysis Report
Luca Stealer

SHA256: 70805738871f24f390c7b1e62e6b48bc4850399992d8b62bba3160550a0a3655

37.0.0 Beryl
02/03/2023

Analysis Report
Qbot Downloader

SHA256: 56734da861a7d95f690e0172e717cc933513e37677c18c9277a2a261e55090ac

37.0.0 Beryl
27/02/2023

Analysis Report
VenomRat

SHA256: 35330f1bbbc0f361845b9b987e2f4ac70cdb96ab3f9e80161c2b8971c7df0df4

36.0.0 Rainbow Opal
17/02/2023

Analysis Report
Upatre

SHA256: 215c37360388d16653ffc1740c639d486753a9db69a8ad4f3e1b172b1b712df4

36.0.0 Rainbow Opal
14/02/2023

Analysis Report
JCrypt

SHA256: 8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c

36.0.0 Rainbow Opal
31/10/2022

Analysis Report
Crimson

SHA256: ca74472613129855bd7fc79c4a245a2f27de85086cfd191506f1c9906b9ae460

36.0.0 Rainbow Opal
31/10/2022

Analysis Report
Nymaim

SHA256: c360868055519b145bf9169b913787cd1f6533995e4d8a8556f94676a6129f96

36.0.0 Rainbow Opal
28/10/2022

Analysis Report
LockBit ransomware

SHA256: 367f5b45da98215ff297e0856e4a961c9e831e4f06457f16453f60d0cf407449

36.0.0 Rainbow Opal
24/10/2022

Analysis Report
PhoenixRAT

SHA256: 77cb17ef2f4f282f39838e7430bf040c3356e59ae8f13cbd4e670712e9f44a4e

36.0.0 Rainbow Opal
24/10/2022

Analysis Report
Eternity Stealer

SHA256: 4cb0b838560c4e859b8aa29c40fffde2f196a827eda7f69a2b766299651c50df

36.0.0 Rainbow Opal
23/10/2022

Analysis Report
Erbium Stealer

SHA256: b8490732ccb34fdd76910ee15aa3eced95ef445f2ab287d45181f98f44742df1

36.0.0 Rainbow Opal
18/10/2022

Analysis Report
CryptbotV2

SHA256: 29842f71bd503e86896ae4b274aa21a0eaa67144ad83e2df89072ea8e8458fd0

36.0.0 Rainbow Opal
15/10/2022

Analysis Report
Vermin Keylogger

SHA256: af1d446bb3abc47b5eacb7a00ebb1992be1c464cac5b0e4283b12f0500c3ad4e

36.0.0 Rainbow Opal
10/10/2022

Analysis Report
S500Rat

SHA256: b3f2810e4ba5c3341498d99807e2f200459eb2bd4d365b3ee52a20e9e12606c1

36.0.0 Rainbow Opal
06/10/2022

Analysis Report
LummaC Stealer

SHA256: f33a6585faa522f1f03b4bacbd77cb5adc0d1ad54223b89dc8f6ebb05edfe000

36.0.0 Rainbow Opal
21/09/2022

Analysis Report
Kutaki

SHA256: de09ae47bc867cc2d931c49a3b77cb6107f48e8c00c38a7c3e57b85db8a80452

36.0.0 Rainbow Opal
31/08/2022

Analysis Report
Phorpiex

SHA256: a8d0ac5762f61683d7cbcbfc53e0b650e632625d7ffabf08b45986908891ee96

35.0.0 Citrine
22/07/2022

Analysis Report
Eternity Clipper

SHA256: a23855393505a14023834569b263ceebd810a4f041716b4f606f5ba9d25c265a

35.0.0 Citrine
08/07/2022

Analysis Report
Predator

SHA256: d9536057855ddfa0656463b11191f1fd1a34f95032c676f7d3afc7cd5372068b

35.0.0 Citrine
08/07/2022

Analysis Report
Rook

SHA256: c2d46d256b8f9490c9599eea11ecef19fde7d4fdd2dea93604cee3cea8e172ac

35.0.0 Citrine
08/07/2022

Analysis Report
BumbleBee

SHA256: e6c6ad0411501c2d81863c0ecaf80ace8a5e9b6ce8329c5700890eb36991f6fb

35.0.0 Citrine
08/07/2022

Analysis Report
BlueBot

SHA256: b4851333efaf399889456f78eac0fd532e9d8791b23a86a19402c1164aed20de

35.0.0 Citrine
07/07/2022

Analysis Report
Tofsee

SHA256: a96edd53cb70eb51f8bb9fbd0b9d0777e6b65c5203fb3b73229431b49da155e4

35.0.0 Citrine
07/07/2022

Analysis Report
BluStealer

SHA256: 6e7ed6e2800cb45547906279f027fe098d08bb0dbc517ce41fe0ebe33222ab99

35.0.0 Citrine
30/06/2022

Analysis Report
Socelars

SHA256: 07a029536d442a18485d88a48362cd84a184a6e54695496b1462b7f6d9a2c2c1

35.0.0 Citrine
24/06/2022

Analysis Report
Xtreme RAT

SHA256: 484310027c8e469f5154e53c9d3543095410b68730722158848b01d5a842642c

34.0.0 Boulder Opal
17/03/2022

Analysis Report
Matanbuchus

SHA256: 490bcee7c0b9607d834fd8b3e5d01613d062fcf48be043e6f5f60c5077b55e3c

34.0.0 Boulder Opal
03/03/2022

Analysis Report
Allcome clipbanker

SHA256: 6ccf16f1d1a495de9f5e7c1b60dd09da612ba2355887ebeb56cc1cacb5d64a5e

34.0.0 Boulder Opal
16/12/2021

Analysis Report
Jester Stealer

SHA256: 2f60704e2dac47d532955485a04c195dffa41f9e638527ac42c82a224b2202ea

33.0.0 White Diamond
24/10/2021

Analysis Report
BlackMatter

SHA256: 22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6

Cloud 33.0.0
14/10/2021

Analysis Report
DanaBot

SHA256: 18ae9ea1c1d71b33777c8772248580f17a2bcecf1aa0e8f71ec15d4b33d5253b

Cloud 33.0.0
14/10/2021

Analysis Report
AveMaria

SHA256: 7eb784edddde0eddd7b21c4907916f0109334a4237a9c2eb917caf8eae81480f

Cloud 33.0.0
13/10/2021

Analysis Report
Cryptbot Glupteba

SHA256: 84f4e2b346b6f5473e2c564a6f60985c5d20f621e70a982e9aafd21354ccc66f

Cloud 33.0.0
13/10/2021

Analysis Report
BitRat

SHA256: 881003326302ab243f71138e2e39517677c9117fd73e50f8989ee9b39e86407b

Cloud 33.0.0
12/10/2021

Analysis Report
Oski

SHA256: dda5d47308c0ebcb2555cda19b4c05a88d633396909456b9ee5fcee42e197724

Cloud 33.0.0
12/10/2021

Analysis Report
Matiex

SHA256: 6e039c725ce804c6aae1d4d56d11802a125895bf71bf99e293ec333b91cbc73b

Cloud 33.0.0
08/10/2021

Analysis Report
Clipboard Hijacker

SHA256: 5bc09c3c2a751169a32cf97a62765f127bce2d0eadce3481a6a831b6fdcc044e

Cloud 33.0.0
08/10/2021

Analysis Report
Fareit Pony

SHA256: 2cec15c8fef9435abd5c332486d8ad7083eeb9eb84de9077b5bf6bb42458dba5

Cloud 33.0.0
06/10/2021

Analysis Report
CobaltStrike

SHA256: fc6401d5a9a05017e8551916ac6a39894467301d3d0349f719bb11ba1ecc38d6

Cloud 33.0.0
04/10/2021

Analysis Report
Squirrelwaffle

SHA256: da031faf0a918be7bf90705dac2ce63cfda65226360202ac1d53a6849592e9b3

Cloud 33.0.0
04/10/2021

Analysis Report
Djvu

SHA256: 0d977e55742460c71884d6040178fc8c7abf8c97136b6293da37cbf9c59b6778

Cloud 33.0.0
04/10/2021

Analysis Report
Jupyter

SHA256: 5cf24553e521de102628e1ebdadb69a6623904f08b51cf5b1ea14779e03e8682

Cloud 33.0.0
30/09/2021

Analysis Report
RevengeRAT

SHA256: b943704744a23c06174a36aa0e24ecc7ac67aad9edc9c4bd46dd1f007514796d

Cloud 33.0.0
30/09/2021

Analysis Report
njRat Xtreme RAT

SHA256: f32fb1af5db650065e6e1d02ade5506e6c0903e4bbc9ff6ff2fbf94bef6ffba4

Cloud 33.0.0
28/09/2021

Analysis Report
SystemBC

SHA256: c27741b9e50da0c369b848179c9a4f9b0362b6d5e384055c6c72fc9667a270ec

Cloud 33.0.0
22/09/2021

Analysis Report
Phantom Miner

SHA256: d83d1ebc7cffb2050517fe68343b2a4cb4e7ed7f45aa2c14a2dff25a8eeb9c8b

Cloud 33.0.0
15/09/2021

Analysis Report
Orcus

SHA256: 3ffef680021c116955e889822e935c55b05576f9a0f9bd1dde334c0ccbfca006

Cloud 33.0.0
07/09/2021

Analysis Report
Grandsteal

SHA256: dda8e5e4b93708ef5042d3e46027670a9ffa93f4c18646d0e48b13f8d1b013fe

Cloud 33.0.0
03/09/2021

Analysis Report
MercurialGrabber

SHA256: c2603d684ad273865985ea6e7ce27c9236e173d7633a72f2378a1309d9ec77ac

Cloud 33.0.0
25/08/2021

Analysis Report
BlackNet

SHA256: 4054ee21cbfc210489f119c2d717ca1ae43129fc0d07aefe322fabb3b61d079f

Cloud 33.0.0
17/08/2021

Analysis Report
Caliber

SHA256: cd80318bc4c724934435231e72cbf7cbf5942df8b36e480603237e2ed08d4a93

Cloud 33.0.0
27/07/2021

Analysis Report
HawkEye MailPassView

SHA256: 047f33e6f83796d9fc056d7006a6e8ef69696d63eceb29fb1592bb13a62e79bf

Cloud 33.0.0
08/06/2021

Analysis Report
FatalRAT

SHA256: 2d9002135a5b85b3f3962eab45859f1e59d20ded771b94f0e1127c6c162cb0f4

Cloud 32.0.0
29/04/2021

Analysis Report
NanoCore

SHA256: c4bb3e5a6f33dca9143ede298d37b20c1dd8ab6be22f2544987f53d468e0e815

Cloud 32.0.0
29/04/2021

Analysis Report
Ursnif

SHA256: fd35940bf6701f7d98b39196b19273c86c74757ca2c226cff607fa23df183e03

Cloud 32.0.0
29/04/2021

Analysis Report
CryLock

SHA256: 6bc21092f49a473b0fd4d1e1a77ce5d7e97e961334764b606b7014710fb75466

Cloud 32.0.0
29/04/2021

Analysis Report
LimeRat

SHA256: a81addf8ad395ae36a617da9fb138337c17941475c1e3f3003d2571c8cb3b84e

Cloud 32.0.0
29/04/2021

Analysis Report
Remcos

SHA256: eb9e13fd092522e4dde08e96961117f9926e3ef70ca3b225f8c388e476541a21

Cloud 32.0.0
29/04/2021

Analysis Report
Formbook

SHA256: bc4765682b3b1250e178d1154cfd56fbe1fb4ac0c8e8346d9e6f3ed6c661907d

Cloud 32.0.0
29/04/2021

Analysis Report
Metasploit

SHA256: 7793c2fd34248236e83206fdd01b547436e966bcb6cae21adcbf61550b62daea

Cloud 32.0.0
29/04/2021

Analysis Report
Hancitor

SHA256: 632752c9d2297bd6b6467bd7b93f10c99716456f31e4bf314794f2ab6aeed0a8

Cloud 32.0.0
29/04/2021

Analysis Report
Dridex

SHA256: 53dfeaa26585a77816d74ce38b16c4b1d3db0cf346d968253eae4797db1ade10

Cloud 32.0.0
29/04/2021

Analysis Report
Lokibot

SHA256: 25b6f68e2bf505cfde67c533f5d12e869b30efe831fa82fd91c2c29f59fc77ac

Cloud 32.0.0
29/04/2021

Analysis Report
Redline

SHA256: a0faa82eeb65dec2d55e0041f18eb27652dafd93dc25e105927303e277cd8df6

Cloud 32.0.0
29/04/2021

Analysis Report
QBot

SHA256: fff572167e03d2446c8abd0b5ddfe8657692ff07967bdd380881469df7df1484

Cloud 32.0.0
28/04/2021

Analysis Report
NetWire

SHA256: 1dcddce0408092a22c015e183e463020a7231e1f5ca47e71acad4ddcfb0f2385

Cloud 32.0.0
28/04/2021

Analysis Report
Sodinokibi

SHA256: 08c2d24cb9c632f9aa84254bb673c9df04d4ac23ee07e840794e9438b06e9bd2

Cloud 32.0.0
28/04/2021

Analysis Report
njRat

SHA256: bfd5d84c4fed8f9d23f94fe32bb7ee415dbe632c2ebaac642dbfdb73f89d0833

Cloud 32.0.0
28/04/2021

Analysis Report
SmokeLoader

SHA256: d73e37b3ed710e4128e3c76e2f0fd61dbb2fdcddfd8cfa51ffe244fa19433bb2

Cloud 32.0.0
28/04/2021

Analysis Report
StrRat

SHA256: b63a342fa88add92fbe34e707de613c1494f08debb6ab0e4dad851b4039dc6e4

Cloud 32.0.0
28/04/2021

Analysis Report
Snake Keylogger

SHA256: b20b1c9c785100e0e18623c7f34843a82e066f0f91af93410654733c9e7e4513

Cloud 32.0.0
28/04/2021

Analysis Report
AgentTesla

SHA256: 0b10841226c0d6fb59f308c09309e79d214ca6799ac162c1addd5455d7ef3fd7

Cloud 32.0.0
28/04/2021

Analysis Report
Amadey

SHA256: b5a399c0ea40983abc68b828ccb14efde2db90c047bbfba9ae418317ce7f036d

Cloud 32.0.0
28/04/2021

Analysis Report
AsyncRat

SHA256: 09df870092fdf14100cf041139efcf165933d0d50c6ac8bf06fdf3116f63cfa2

Cloud 32.0.0
28/04/2021

Analysis Report
Vidar

SHA256: 84343112791c187d10af9cea8fac68cf4fc03d72352f1fe2def0bf72f9a9afc7

Cloud 32.0.0
28/04/2021

Analysis Report
TrickBot

SHA256: 7d35c3abef65ed1d81d2f70944db31ba2a8cc703f1ccf8b82ca7b3929b8233e1

Cloud 32.0.0
26/04/2021

Analysis Report
XpertRat

SHA256: f8e52fa75724eb08c0ec68db6799740ad36c7178b8f0dd7c8b0ee755ff60c653

Cloud 32.0.0
26/04/2021

Analysis Report
FickerStealer

SHA256: f009a71cf1050cc8c50a9b1accf3e28f174e75eda5f5ebb4764d90baa443aa9c

Cloud 32.0.0
26/04/2021

Analysis Report
Raccoon Stealer

SHA256: a21b6b2e6336efdfe470806c0d615ede9acacd44ab317ce7e4c59cfb8de1619f

Cloud 32.0.0
26/04/2021

Analysis Report
Diamondfox

SHA256: 95b5d0e36464afc8391a9d056926e5859506ead18937669554bde42f7a6d135b

Cloud 32.0.0
24/04/2021

Analysis Report
Quasar Rat

SHA256: 1b12a22d5d562b59030df4697c4157a23766d0b34f9bd17a0ca7374e5a53e28c

Cloud 32.0.0
23/04/2021

Analysis Report
IcedID

SHA256: 15b65ccfeced9c5ae3359db9d3a0e68ad0201912b65a0578d5dd7a0f7f7b387d

Cloud 32.0.0
23/04/2021

Analysis Report
Azorult

SHA256: ba5786cfe255f158264fabd0b0cbf90b6f96ddd230a5fe82ca0c551d420f95be

Cloud 32.0.0
22/04/2021

Analysis Report
DarkComet

SHA256: e3532fb1c9e0c23e6e0b556425bceb08953c97883aacfb347789a3d8dd80099d

Cloud 32.0.0
22/04/2021

Analysis Report
GuLoader

SHA256: ec455e6dcab1f953bd685bc9674dbe7e2fbf7afcbef4d731edd9a818048f2227

Cloud 32.0.0
16/04/2021

Analysis Report
Zloader

SHA256: 938f890613dc8526bb828c3de5d5c612b7c13515062fb6ca15f8abc1424f2835

Cloud 32.0.0
15/04/2021

Analysis Report
CyberGate

SHA256: 61c2d5a213f1b68ef98f2800f02697650ccf28eb38ec07635f0bffcdf18a803a

Cloud 32.0.0
13/04/2021

Analysis Report
MassLogger Rat

SHA256: 42b24542fa7aa0e423fe98ae7f4676c3b490d30ef2cbaa68a8ce41ddbe9e4534

Cloud 32.0.0
03/04/2021

Analysis Report
DCRat

SHA256: bf6e3cf654738116a14be298176fc12524154ee51f9a2424fa117ee5b47be53a

Cloud 32.0.0
29/03/2021

Analysis Report
Hades Ransomware

SHA256: ea310cc4fd4e8669e014ff417286da5edf2d3bef20abfb0a4f4951afe260d33d

Cloud 32.0.0
29/03/2021

Analysis Report
MedusaLocker

SHA256: 4ae110bb89ddcc45bb2c4e980794195ee5eb85b5261799caedef7334f0f57cc4

34.0.0 Boulder Opal
13/03/2021

Analysis Report
BlackCat

SHA256: 66f48ee8e668dc77d5a87585f16c870e6232d1340e8cf093f536c5340891936b

34.0.0 Boulder Opal
08/03/2021

Analysis Report
NWorm

SHA256: 8c4477fd5129d549aabcbbcab1950965f7f0e0c934a60043dc7d27e57252868f

34.0.0 Boulder Opal
03/03/2021

Analysis Report
Allcome clipbanker

SHA256: 6ccf16f1d1a495de9f5e7c1b60dd09da612ba2355887ebeb56cc1cacb5d64a5e

Cloud 32.0.0
11/02/2021

Analysis Report
Emotet

SHA256: 7236c54fca0b5d561a4194766f1b47882c7c44670b2a3952e1474cd4b9025214

34.0.0 Boulder Opal
03/02/2021

Analysis Report
PhoenixKeylogger

SHA256: 0d2ada23e3ed12fff4c0e31377f1f577bcca7694b73545049a36f443d6c83215

34.0.0 Boulder Opal
06/01/2021

Analysis Report
Globeimposter

SHA256: 59e0ab333060b4e510db5d36d87f0fe267ab66b0881955649b06d91d6dd2d486

35.0.0 Citrine
24/06/2022

Analysis Report
XorDDos

SHA256: b242c3eca68edc7c09505570455398cce9b02689287690971762899d1fb2b1a8

34.0.0 Boulder Opal
23/04/2022

Analysis Report
REvil

SHA256: d42bcb0fca6d93ce4c9a78e5393f7e5949c7398ac598f7c55b76120739eac544

34.0.0 Boulder Opal
17/03/2021

Analysis Report
Plead

SHA256: e4d837dc1a700bf71b218e41ed50abdbb2ba0352394504a0cdaa12948d3daf2f

35.0.0 Citrine
24/06/2022

Analysis Report
XorDDos

SHA256: b242c3eca68edc7c09505570455398cce9b02689287690971762899d1fb2b1a8

34.0.0 Boulder Opal
23/04/2022

Analysis Report
REvil

SHA256: d42bcb0fca6d93ce4c9a78e5393f7e5949c7398ac598f7c55b76120739eac544

34.0.0 Boulder Opal
17/03/2021

Analysis Report
Plead

SHA256: e4d837dc1a700bf71b218e41ed50abdbb2ba0352394504a0cdaa12948d3daf2f