Malware Analysis Reports
Latest behavior analysis reports generated by Joe Sandbox
Check out our latest Analysis Reports of Evasive Malware
Cloud 28.0.0
09/12/2019
Analysis Report
Ave Maria RAT signed by Sectigo
MD5: 94ff625253b3920fe5b6824bd8c30482
Cloud 28.0.0
13/11/2019
Analysis Report
QBot/Qakbot bankink trojan
MD5: ad30987a53b1b0264d806805ce1a2561
Cloud 27.0.0
30/09/2019
Analysis Report
ODT (Open Office File) dropping NJRAT
MD5: 7b7064d3876fc3cb1b3593e3c173a1a2
Cloud 26.0.0
27/06/2019
Analysis Report
Gozi/Ursnif e-Banking Trojan
MD5: 879d9a2c75ee83443a0a913f5dc71b5c
Cloud 25.0.0
26/03/2019
Analysis Report
ShadowHammer Supply Chain Attack of Asus Update
MD5: 55a7aa5f0e52ba4d78c145811c830107
Cloud 25.0.0
21/03/2019
Analysis Report
GrandCrab 5.2 Ransomware
MD5: fe2d1caa2d52000efcd19ea1ea31d254
Cloud 25.0.0
13/02/2019
Analysis Report
Spear Phishing e-mail - link - Microsoft Word document - Emotet
http://leonfurniturestore.com/sec.myacc.resourses.biz/
Cloud 25.0.0
13/02/2019
Analysis Report
Formbook info stealer malware
MD5: 287782734f94678617b7028b029320ab
Cloud 25.0.0
10/02/2019
Analysis Report
Classic Paypal Phishing
https://a1.bedirectip.com/c/myaccount/signin/?country.x=US&locale.x=en_US
Cloud 25.0.0
31/12/2018
Analysis Report
ADWIND/JRAT detecting via Java Runtime information
MD5: 19cd10627207bcf7f7c41ee26cbdd174
Cloud 24.0.0
06/12/2018
Analysis Report
CVE-2018-15982 dropping Hacking-Team RAT
MD5: 92b1c50c3ddf8289e85cbb7f8eead077
Cloud 24.0.0
29/11/2018
Analysis Report
Emotet e-Banking delivered via PDF
SHA256: d742ce0096cd0d3b2c47063f9f33cb46ba085887bd7c084fda08235c4fa26d7e
Cloud 24.0.0
18/10/2018
Analysis Report
Trojan spreading via VNC brute force
MD5: 642c7ad7b1608f00ba6159250b41ef75
Cloud Basic 23.0.0
30/08/2018
Analysis Report
Trojanized Adobe installer with Remote Utilities RAT
MD5: eda8e4f2df81e0ba5b88d73de9779205
Cloud 23.0.0
17/08/2018
Analysis Report
CryptoMiner using xmrig and xmr-stak
MD5: d3fa184981b21e46f81da37f7c2cf41e
Cloud 23.0.0
14/08/2018
Analysis Report
Ursnif using COM InternetExplorer
MD5: 9cb0d02cbc93981015f6c050a0778cfd
Cloud 23.0.0
30/07/2018
Analysis Report
Supply chain infection with Monero miner
MD5: 0ae326bf4b644c91f155c3d0ba23881f
Cloud 22.0.0
26/06/2018
Analysis Report
Bitcoin miner, overwrites Adobe Reader Update for persistence starts
MD5: 52e10c90700a37a33a132d8e67120f39
Cloud 22.0.0
19/06/2018
Analysis Report
VBA document dropping Empire via HTA, decoy targeting Spiez Convergence in Switzerland
MD5: 0e7b32d23fbd6d62a593c234bafa2311
Cloud 22.0.0
31/05/2018
Analysis Report
Word document, OLE reference to external RTF, CVE 2017-11882, TrickBot
MD5: 70162476205496513fd88e9069372e53
Cloud 22.0.0
11/05/2018
Analysis Report
SynAck Ransomware using Doppelgänging injection technique
MD5: 6f772eb660bc05fc26df86c98ca49abc
Cloud 22.0.0
03/05/2018
Analysis Report
Lokibot dropping Adwind RAT
MD5: d87bda9120de373ab47fe445b99b6298
Cloud 22.0.0
07/04/2018
Analysis Report
Netflix Phishing
hxxp://confirm-your-info-51783[.]confiry0[.]beget[.]tech/151604749699341/nfx/
Cloud 22.0.0
28/02/2018
Analysis Report
Zeus Panda e-Banking trojan
MD5: a77ad824e5058d6504a791d0289ffc3d
Cloud 22.0.0
19/02/2018
Analysis Report
Hacking Team Remote Control System Spyware
MD5: c0618556e9ef16b35b042bc29aeb9291
Cloud 22.0.0
19/02/2018
Analysis Report
Hacking Team Remote Control System Spyware
MD5: c0618556e9ef16b35b042bc29aeb9291
Cloud 22.0.0
30/01/2018
Analysis Report
Malicious office document targeting several government entities, dropping Sofacy
MD5: 56f98e3ed00e48ff9cb89dea5f6e11c1
Cloud 21.0.0
01/02/2018
Analysis Report
Excel sheet exploiting Adobe Flash Player vulnerability CVE-2018-4878
MD5: 5f97c5ea28c0401abc093069a50aa1f8
Cloud 21.0.0
22/01/2018
Analysis Report
Turla / KopiLuwak Backdoor
MD5: 7c378d78b7a89aef27e8a3c5066b8511
Cloud 21.0.0
21/11/2017
Analysis Report
RTF exploiting CVE 2017-11882
MD5: 11f71f387e87bbb2b97b6c27f78320e4
Cloud 21.0.0
30/10/2017
Analysis Report
FIN7 / Carbanak Trojan
MD5: a00ae556a61907d43332449169c88844
Cloud 20.0.0
25/10/2017
Analysis Report
Bad Rabbit new version of NotPetya
MD5: fbbdc39af1139aebba4da004475e8839
Cloud 20.0.0
18/10/2017
Analysis Report
Emotet Banking Trojan
hxxp://austinfilmschool.org/Invoice-Dated-17-Oct-17-372510608/VR-AOFGB/2017/
Cloud 20.0.0
12/09/2017
Analysis Report
CVE-2017-8759 dropping FinFisher / FinSpy
MD5: 24a3d1d2f36824dfa190d8f93da26432
Cloud 20.0.0
06/09/2017
Analysis Report
AES based Phishing Page for Office 360
hxxps://login.microsoftonlineoww.recentviralvideos.com
Cloud 20.0.0
21/08/2017
Analysis Report
New Locky Ransomware Diablo6 Variant
MD5: 544bc1c6ecd95d89d96b5e75c3121fea
Cloud 20.0.0
27/06/2017
Analysis Report
Petya Ransomware loaded with EternalBlue SMBv1 Exploit
MD5: 71b6a493388e7d0b40c83ce903bc6b04
Cloud 19.0.0
29/05/2017
Analysis Report
PPS Lure, using HREF Mouse Over to drop payloads
MD5: 823c408af2d2b19088935a07c03b4222
Cloud 19.0.0
12/04/2017
Analysis Report
Malicious Word document, CVE-2017-0199, dropping Dridex e-Banking trojan
MD5: 8b6f6bdefdc6b42abf9f372123152ab2
Cloud 19.0.0
07/03/2017
Analysis Report
Nice powershell analysis of Locky & Konvter
MD5: 2161f8cf7b6c1a1a3a6fdc41083566a5
Cloud 18.0.0
23/02/2017
Analysis Report
Office Document Spear Phish target Mongolian Government
MD5: 614875cf37898562aa115a64f17b0117
Cloud 18.0.0
03/02/2017
Analysis Report
Digitally signed VBA dropper, nice VBA analysis
MD5: 2b83bd1d97eb911e9d53765edb5ea79e
Cloud 18.0.0
12/01/2017
Analysis Report
Malicious document using Macro / Shellcode to drop files (Hancitor dropper)
MD5: 85965f7ce5e44f1836ebcaff4a8aef31
Cloud 17.0.0
06/01/2017
Analysis Report
Analyis of malicious document using ENIGMA0X3 UAC Bypass
MD5: 1144eeaebb15044fa64f4d9bb5670349
Cloud 17.0.0
22/11/2016
Analysis Report
Macro based downloader, drops ransomware, uses ScriptControl.AddCode obfuscation
MD5: c2f43e6ef53280758b84f3beaca99b4b
Cloud 17.0.0
16/11/2016
Analysis Report
Macro based downloader, that utilizes bitsadmin feature to download final payload
MD5: 43b8cc7dc3ff1987354e974d77216b1b
Cloud 16.0.0
28/09/2016
Analysis Report
Macro Shellcode execution via EnumResourceTypes, callback
MD5: 3ebd49f7168ff668d617a174b1e7c30a
Cloud 16.0.0
07/09/2016
Analysis Report
e-Banking Trojan Retefe, installing fake root cert & TOR
MD5: ff8e9c668d9bb0460029eaaca75fd498
Cloud 14.0.0
10/03/2016
Analysis Report
Retefe e-Banking Trojan
MD5: 0977eb0c066706384646987f9ded4e06
Cloud 13.0.0
04/02/2016
Analysis Report
HydraCrypt Ransomware, encryption keys / pws / settings and more
MD5: 5f2d13576e4906501c91b8bf400e0890
Cloud 13.0.0
01/02/2016
Analysis Report
Malicious document dropping Dridex
MD5: 439bee4cbe16605193aa73e7bb75b731
Cloud 13.0.0
1/12/2015
Analysis Report
UPS Invoice Spam, malicious doc dropping Dyre
MD5: 7d4fbadc67855bfece4e6dd5f07ee7f6
Cloud 13.0.0
11/11/2015
Analysis Report
Info Stealer, PE file in BAT trick
MD5: 6071a0cf7861302564bd4fc44396e7a4
Cloud 13.0.0
09/10/2015
Analysis Report
Dyre, e-Banking trojan, ready to go for Microsoft Edge Browser
MD5: ad0d7d0903cb059b87892a099fe21d7e
Cloud 13.0.0
07/09/2015
Analysis Report
Trojan including many evasion tricks
MD5: 40D19FBA73C6B011814E2C6920E8792F
Cloud 12.5.0
14/07/2015
Analysis Report
Cidox/Rovnix Bootkit Analysis
MD5: cbdda646a20d95f078393506ecdc0796
Cloud 12.5.0
05/05/2015
Analysis Report
Rombertik Analysis, Analysis Detection Based on PE Resource Hash, overwrites MBR
MD5: f504ef6e9a269e354de802872dc5e209
Cloud 12.5.0
05/05/2015
Analysis Report
Rombertik Analysis with many anti analysis tricks
f504ef6e9a269e354de802872dc5e209
Cloud 12.5.0
05/05/2015
Analysis Report
Nice Rootkit Analysis of Win32.Vikim
MD5: 6f6d18dd0b2c54d34c44ff0a274399e0
Ultimate 12.5.0
05/05/2015
Analysis Report
Malicious Office Document using heavy obfuscation
MD5: 3aa72aacd5b215b6003d6b408fc65b33
Ultimate 12.0.0
20/04/2015
Analysis Report
Evasive sample executing only at specific dates
MD5: 0af4ef5069f47a371a0caf22ae2006a6
Ultimate 12.0.0
20/04/2015
Analysis Report
Evasive sample checking mouse and cursor movement
MD5: 3616a11fa463644fa20d2317c5971378
Ultimate 12.0.0
20/04/2015
Analysis Report
Evasive sample detecting Joe Sandbox by looking at the installed software
MD5: d80e956259c858eaccb53c1affaf8141
Cloud 12.0.0
19/03/2015
Analysis Report
Nice Ransomlocker analysis
MD5: 49ad164c1f4785fd7b092fd1456d7a10
Cloud 12.0.0
13/03/2015
Analysis Report
Browse of URL found in malicious Word document, drops ransomware
URL analysis
Cloud 12.0.0
13/03/2015
Analysis Report
Word with embedded VBA macro, needs user actions to trigger
MD5: 7ed4999012308d6f63abd7652a9f1ac0
Cloud 12.0.0
04/03/2015
Analysis Report
Stealth doc dropping Trojan Dridex
MD5: d221ab599418bbc890cf3f515babb287
Cloud 12.0.0
19/02/2015
Analysis Report
Dyre Banking Trojan Analysis
MD5: 08cea5ca7a6c1bceebe4adc7fd9404d1
Cloud 28.0.0
13/12/2019
Analysis Report
IoT Bot with DDoS Capabilities
SHA256: 105a07a0dd8b9a0c2dcde26db29a14e033f98ee28d20f7e7115d7ccd919d60de
Cloud 26.0.0
25/07/2019
Analysis Report
WatchBog CoinMiner
SHA256: 26ebeac4492616baf977903bb8deb7803bd5a22d8a005f02398c188b0375dfa4
Cloud 26.0.0
02/07/2019
Analysis Report
CoinMiner with Brootkit user-mode rootkit
SHA256: c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa
Cloud 22.0.0
31/05/2018
Analysis Report
VPNFilter Bot APT, Stage 1
MD5: 5f358afee76f2a74b1a3443c6012b27b
Cloud 22.0.0
31/05/2018
Analysis Report
VPNFilter Bot APT, Stage 2
MD5: 87049e223dd922dc1d8180c83e2fde77
Cloud 22.0.0
31/05/2018
Analysis Report
VPNFilter Bot APT, Stage 2 (debug version)
MD5: 87049e223dd922dc1d8180c83e2fde77
Cloud 26.0.0
25/06/2019
Analysis Report
Riltok e-Banking Malware
MD5: 2f07c9b2a67104f8bc08d831c8922b6a
Cloud 26.0.0
10/04/2019
Analysis Report
Android Malware which is able to send Whatsapp messages
MD5: 8df5b22cabc10423533884da7648e982
Cloud 26.0.0
03/04/2019
Analysis Report
Spyware XLoader related to Roaming Mantis
MD5: 651b6888b3f419fc1aac535921535324
Cloud 25.0.0
21/02/2019
Analysis Report
Anubis e-Banking Malware
MD5: b195bb8399be64002fbca421f14b2ac1
Cloud 25.0.0
12/02/2019
Analysis Report
Android Clipper, stealing crypto currency via clipboard hook
MD5: 24d7783aaf34884677a601d487473f88
Cloud 25.0.0
03/01/2019
Analysis Report
Android Spyware / Trojan MobSTSPY on Android 8.1 Oreo
MD5: 6af7af5cf626424751990f99731170e0
Cloud 24.0.0
09/12/2018
Analysis Report
Android Click Fraud Trojan
MD5: 03d66dd7ec05c8aa113854d6ad502ebb
Cloud 24.0.0
07/11/2018
Analysis Report
BianLia Trojan / Banker using date evasion and packing
MD5: 0c52aa43d1244c604b5f073f344677d8
Cloud 24.0.0
21/09/2018
Analysis Report
BankBot aka Anubis 2.0
MD5: 8ad6ee283c1b5b5a855bb3857ce7f275
Cloud 23.0.0
16/08/2018
Analysis Report
BankBot Anubis, e-Banking Trojan, Ransomware
MD5: 7e6a3e943673f731130fc5b4aeecde1b
Cloud 22.0.0
16/04/2018
Analysis Report
Roaming Mantis Android banking Trojan
MD5: 03108e7f426416b0eaca9132f082d568
Cloud 21.0.0
22/01/2018
Analysis Report
Skygofree, Trojan / Spyware
MD5: 39fca709b416d8da592de3a3f714dce8
Cloud 21.0.0
30/10/2017
Analysis Report
Coin Miner via CoinHive Javascript
MD5: fc1e08187de3f4b7cb52bd09ea3c2594
Cloud 20.0.0
16/10/2017
Analysis Report
DoubleLocker Android Ransomware
MD5: 85cfbd81ff6729927c968fbbb2d1d84d
Cloud 20.0.0
22/08/2017
Analysis Report
SonicSpy Android Trojan / Bot
MD5: 544bc1c6ecd95d89d96b5e75c3121fea
Cloud 19.0.0
12/04/2017
Analysis Report
Banking Trojan Marcher
MD5: c824dd7a921f5bd2b63bcbf92bdbd7d8
Cloud 18.0.0
25/01/2017
Analysis Report
Trojan BankBot, stealing credit card and login data
MD5: beee6b598d006a6f6fc93f6b8764715f
Cloud 17.0.0
23/11/2016
Analysis Report
Trojan GT!tr.spy, stealing credit card and login data
MD5: d9192d7713df3029b9ba393683cb90a7
Cloud 16.0.0
07/09/2016
Analysis Report
Overlay e-Banking Malware
MD5: bee3746684b072867a5b202bfc5527dd
Cloud 27.0.0
25/09/2019
Analysis Report
OSX GMERA.1 Trojan and Stealer
SHA256: 18e1db7c37a63d987a5448b4dd25103c8053799b0deea5f45f00ca094afe2fe7
Cloud 27.0.0
25/09/2019
Analysis Report
OSX GMERA.2 Trojan and Stealer
SHA256: faa2799751582b8829c61cbfe2cbaf3e792960835884b61046778d17937520f4
Cloud 26.0.0
01/07/2019
Analysis Report
OSX CrescentCore VM-aware Rogue Software Installer
SHA256: 45eab9f25158b677877a447b052f024c44c80744bcfae59deb660c47a9cbf1ac
Cloud 26.0.0
21/06/2019
Analysis Report
OSX NetWire
SHA256: 07a4e04ee8b4c8dc0f7507f56dc24db00537d4637afee43dbb9357d4d54f6ff4
Cloud 26.0.0
09/04/2019
Analysis Report
OSX OceanLotus
SHA256: e94781e3da02c7f1426fd23cbd0a375cceac8766fe79c8bc4d4458d6fe64697c
Cloud 25.0.0
14/02/2019
Analysis Report
OSX WinPlyer Trojan + MacSearch Adware
SHA256: c87d858c476f8fa9ac5b5f68c48dff8efe3cee4d24ab11aebeec7066b55cbc53
Cloud 24.0.0
24/12/2018
Analysis Report
OSX WindTail
SHA256: ad282e5ba2bc06a128eb20da753350278a2e47ab545fdab808e94a2ff7b4061e
Cloud 24.0.0
12/12/2018
Analysis Report
OSX LamePyre
SHA256: a899a7d33d9ba80b6f9500585fa108178753894dfd249c2ba64c9d6a601c516b
Cloud 24.0.0
10/12/2018
Analysis Report
OSX DarthMiner (EmPyre + XMRig)
SHA256: ebecdeac53069c9db1207b2e0d1110a73bc289e31b0d3261d903163ca4b1e31e
Cloud 24.0.0
07/11/2018
Analysis Report
OSX AwesomeSearch Adware Spyware
MD5: a6338a0054fe0e05574787a7a96e7b88
Cloud 22.0.0
14/05/2018
Analysis Report
New Crossrider variant
MD5: 653be35703942572c502e75710c56f56
Cloud 21.0.0
23/10/2017
Analysis Report
OSX Proton in Supply Chain Attack (Elmedia Player)
MD5: 29fb77664fc4f13ea5f65cfe01b292af
Cloud 19.0.0
05/05/2017
Analysis Report
Trojan OSX Snake aka Turla
MD5: 000e4225f382f9eee675dcaf3cbf9c7e
Cloud 18.0.0
08/02/2017
Analysis Report
iKitten / Macdownloader, Spyware
MD5: 787d664e842961f2a335139407f91a70
Cloud 18.0.0
07/02/2017
Analysis Report
Malicious Office document creating a Reverse Shell via VBA Macro
MD5: 952a36f4231c8628acea028b4145daec
Class 2.0.0
29/09/2018
Analysis Report
APT28/Grizzlybear Lojack Double Agent
MD5: 595aff5212df3534fb8af6a587c6038e
Class 2.0.0
29/08/2018
Analysis Report
APT28/Grizzlybear related sample
MD5: f0309aa0519ee70c29bbb471352781e7
Class 2.0.0
29/08/2018
Analysis Report
Malicious RTF using CVE-2018-0802
MD5: 15a43d4c8ae9592ee06a410c58311e35
Cloud 28.0.0
13/12/2019
Analysis Report
IoT Bot with DDoS Capabilities
SHA256: 105a07a0dd8b9a0c2dcde26db29a14e033f98ee28d20f7e7115d7ccd919d60de
Cloud 26.0.0
25/07/2019
Analysis Report
WatchBog CoinMiner
SHA256: 26ebeac4492616baf977903bb8deb7803bd5a22d8a005f02398c188b0375dfa4
Cloud 26.0.0
02/07/2019
Analysis Report
CoinMiner with Brootkit user-mode rootkit
SHA256: c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa
Cloud 22.0.0
31/05/2018
Analysis Report
VPNFilter Bot APT, Stage 1
MD5: 5f358afee76f2a74b1a3443c6012b27b
Cloud 22.0.0
31/05/2018
Analysis Report
VPNFilter Bot APT, Stage 2
MD5: 87049e223dd922dc1d8180c83e2fde77
Cloud 22.0.0
31/05/2018
Analysis Report
VPNFilter Bot APT, Stage 2 (debug version)
MD5: 87049e223dd922dc1d8180c83e2fde77