Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Malware Analysis Reports

Latest behavior analysis reports generated by Joe Sandbox

Cloud 30.0.0
17/09/2020

Analysis Report
GuLoader dropping LuminosityLink RAT

01a54f73856cfb74a3bbba47bcec227b

Cloud 29.0.0
14/09/2020

Analysis Report
SmoleLoader dropping Racoon

18b04e2fd804d553d9a35e088193dea7

Cloud 28.0.0
09/12/2019

Analysis Report
Ave Maria RAT signed by Sectigo

MD5: 94ff625253b3920fe5b6824bd8c30482

Cloud 28.0.0
13/11/2019

Analysis Report
QBot/Qakbot bankink trojan

MD5: ad30987a53b1b0264d806805ce1a2561

Cloud 28.0.0
06/11/2019

Analysis Report
Maze Ransomware

MD5: ad30987a53b1b0264d806805ce1a2561

Cloud 28.0.0
23/10/2019

Analysis Report
TrickBot v1000479

MD5: 0a8d5a301d1ea44d5721045eea07fdcd

Cloud 27.0.0
30/09/2019

Analysis Report
ODT (Open Office File) dropping NJRAT

MD5: 7b7064d3876fc3cb1b3593e3c173a1a2

Cloud 27.0.0
20/09/2019

Analysis Report
Emotet

MD5: 7b7064d3876fc3cb1b3593e3c173a1a2

Cloud 26.0.0
27/06/2019

Analysis Report
Gozi/Ursnif e-Banking Trojan

MD5: 879d9a2c75ee83443a0a913f5dc71b5c

Cloud 26.0.0
30/05/2019

Analysis Report
LockCrypt Ransomware

2d1ca86789091f84f0d4f6af9fd5d51d

Cloud 25.0.0
26/03/2019

Analysis Report
ShadowHammer Supply Chain Attack of Asus Update

MD5: 55a7aa5f0e52ba4d78c145811c830107

Cloud 25.0.0
21/03/2019

Analysis Report
GrandCrab 5.2 Ransomware

MD5: fe2d1caa2d52000efcd19ea1ea31d254

Cloud 25.0.0
20/03/2019

Analysis Report
LockerGoga Ransomware

MD5: 6f772eb660bc05fc26df86c98ca49abc

Cloud 25.0.0
13/02/2019

Analysis Report
Spear Phishing e-mail - link - Microsoft Word document - Emotet

http://leonfurniturestore.com/sec.myacc.resourses.biz/

Cloud 25.0.0
13/02/2019

Analysis Report
Formbook info stealer malware

MD5: 287782734f94678617b7028b029320ab

Cloud 25.0.0
10/02/2019

Analysis Report
Classic Paypal Phishing

https://a1.bedirectip.com/c/myaccount/signin/?country.x=US&locale.x=en_US

Cloud 25.0.0
31/12/2018

Analysis Report
ADWIND/JRAT detecting via Java Runtime information

MD5: 19cd10627207bcf7f7c41ee26cbdd174

Cloud 24.0.0
06/12/2018

Analysis Report
CVE-2018-15982 dropping Hacking-Team RAT

MD5: 92b1c50c3ddf8289e85cbb7f8eead077

Cloud 24.0.0
29/11/2018

Analysis Report
Emotet e-Banking delivered via PDF

SHA256: d742ce0096cd0d3b2c47063f9f33cb46ba085887bd7c084fda08235c4fa26d7e

Cloud 24.0.0
18/10/2018

Analysis Report
Trojan spreading via VNC brute force

MD5: 642c7ad7b1608f00ba6159250b41ef75

Cloud Basic 23.0.0
30/08/2018

Analysis Report
Trojanized Adobe installer with Remote Utilities RAT

MD5: eda8e4f2df81e0ba5b88d73de9779205

Cloud 23.0.0
17/08/2018

Analysis Report
CryptoMiner using xmrig and xmr-stak

MD5: d3fa184981b21e46f81da37f7c2cf41e

Cloud 23.0.0
14/08/2018

Analysis Report
Ursnif using COM InternetExplorer

MD5: 9cb0d02cbc93981015f6c050a0778cfd

Cloud 23.0.0
30/07/2018

Analysis Report
Supply chain infection with Monero miner

MD5: 0ae326bf4b644c91f155c3d0ba23881f

Cloud 22.0.0
26/06/2018

Analysis Report
Bitcoin miner, overwrites Adobe Reader Update for persistence starts

MD5: 52e10c90700a37a33a132d8e67120f39

Cloud 22.0.0
19/06/2018

Analysis Report
VBA document dropping Empire via HTA, decoy targeting Spiez Convergence in Switzerland

MD5: 0e7b32d23fbd6d62a593c234bafa2311

Cloud 22.0.0
31/05/2018

Analysis Report
Word document, OLE reference to external RTF, CVE 2017-11882, TrickBot

MD5: 70162476205496513fd88e9069372e53

Cloud 22.0.0
11/05/2018

Analysis Report
SynAck Ransomware using Doppelgänging injection technique

MD5: 6f772eb660bc05fc26df86c98ca49abc

Cloud 22.0.0
03/05/2018

Analysis Report
Lokibot dropping Adwind RAT

MD5: d87bda9120de373ab47fe445b99b6298

Cloud 22.0.0
07/04/2018

Analysis Report
Netflix Phishing

hxxp://confirm-your-info-51783[.]confiry0[.]beget[.]tech/151604749699341/nfx/

Cloud 22.0.0
28/02/2018

Analysis Report
Zeus Panda e-Banking trojan

MD5: a77ad824e5058d6504a791d0289ffc3d

Cloud 22.0.0
19/02/2018

Analysis Report
Hacking Team Remote Control System Spyware

MD5: c0618556e9ef16b35b042bc29aeb9291

Cloud 22.0.0
19/02/2018

Analysis Report
Hacking Team Remote Control System Spyware

MD5: c0618556e9ef16b35b042bc29aeb9291

Cloud 22.0.0
30/01/2018

Analysis Report
Malicious office document targeting several government entities, dropping Sofacy

MD5: 56f98e3ed00e48ff9cb89dea5f6e11c1

Cloud 21.0.0
01/02/2018

Analysis Report
Excel sheet exploiting Adobe Flash Player vulnerability CVE-2018-4878

MD5: 5f97c5ea28c0401abc093069a50aa1f8

Cloud 21.0.0
22/01/2018

Analysis Report
Turla / KopiLuwak Backdoor

MD5: 7c378d78b7a89aef27e8a3c5066b8511

Cloud 21.0.0
03/01/2018

Analysis Report
Coinminer

MD5: 3b574b67bf5a80c43e6430d69b72e6ec

Cloud 21.0.0
21/11/2017

Analysis Report
RTF exploiting CVE 2017-11882

MD5: 11f71f387e87bbb2b97b6c27f78320e4

Cloud 21.0.0
30/10/2017

Analysis Report
FIN7 / Carbanak Trojan

MD5: a00ae556a61907d43332449169c88844

Cloud 20.0.0
25/10/2017

Analysis Report
Bad Rabbit new version of NotPetya

MD5: fbbdc39af1139aebba4da004475e8839

Cloud 20.0.0
20/10/2017

Analysis Report
CVE-2017-11292

MD5: 0e0f7e17b8926d9bfd43a320d703e41b

Cloud 20.0.0
18/10/2017

Analysis Report
Emotet Banking Trojan

hxxp://austinfilmschool.org/Invoice-Dated-17-Oct-17-372510608/VR-AOFGB/2017/

Cloud 20.0.0
12/09/2017

Analysis Report
CVE-2017-8759 dropping FinFisher / FinSpy

MD5: 24a3d1d2f36824dfa190d8f93da26432

Cloud 20.0.0
06/09/2017

Analysis Report
AES based Phishing Page for Office 360

hxxps://login.microsoftonlineoww.recentviralvideos.com

Cloud 20.0.0
31/08/2017

Analysis Report
ADWIND Java RAT

MD5: 4a1f885f0cb4392ae2ad7ae06b05811e

Cloud 20.0.0
21/08/2017

Analysis Report
New Locky Ransomware Diablo6 Variant

MD5: 544bc1c6ecd95d89d96b5e75c3121fea

Cloud 20.0.0
27/06/2017

Analysis Report
Petya Ransomware loaded with EternalBlue SMBv1 Exploit

MD5: 71b6a493388e7d0b40c83ce903bc6b04

Cloud 19.0.0
08/06/2017

Analysis Report
Paypal Phishing

Cloud 19.0.0
29/05/2017

Analysis Report
PPS Lure, using HREF Mouse Over to drop payloads

MD5: 823c408af2d2b19088935a07c03b4222

Cloud 19.0.0
12/05/2017

Analysis Report
Wanna Cry Ransomware

MD5: 577cd71ea0456348914312df22e12a5a

Cloud 19.0.0
12/04/2017

Analysis Report
Malicious Word document, CVE-2017-0199, dropping Dridex e-Banking trojan

MD5: 8b6f6bdefdc6b42abf9f372123152ab2

Cloud 19.0.0
21/03/2017

Analysis Report
Cerber Ransomware

MD5: b858dc628617f4bfbb977a7348b0c512

Cloud 19.0.0
07/03/2017

Analysis Report
Nice powershell analysis of Locky & Konvter

MD5: 2161f8cf7b6c1a1a3a6fdc41083566a5

Cloud 18.0.0
23/02/2017

Analysis Report
Office Document Spear Phish target Mongolian Government

MD5: 614875cf37898562aa115a64f17b0117

Cloud 18.0.0
03/02/2017

Analysis Report
Digitally signed VBA dropper, nice VBA analysis

MD5: 2b83bd1d97eb911e9d53765edb5ea79e

Cloud 18.0.0
12/01/2017

Analysis Report
Malicious document using Macro / Shellcode to drop files (Hancitor dropper)

MD5: 85965f7ce5e44f1836ebcaff4a8aef31

Cloud 17.0.0
06/01/2017

Analysis Report
Analyis of malicious document using ENIGMA0X3 UAC Bypass

MD5: 1144eeaebb15044fa64f4d9bb5670349

Cloud 17.0.0
08/12/2016

Analysis Report
Locky Ransomware

MD5: 2790910b716c116879386d7d3784a8a5

Cloud 17.0.0
07/12/2016

Analysis Report
Golden-Eye Ransomware

MD5: af813168402e60cfdf7c78a0d70d86e9

Cloud 17.0.0
22/11/2016

Analysis Report
Macro based downloader, drops ransomware, uses ScriptControl.AddCode obfuscation

MD5: c2f43e6ef53280758b84f3beaca99b4b

Cloud 17.0.0
16/11/2016

Analysis Report
Macro based downloader, that utilizes bitsadmin feature to download final payload

MD5: 43b8cc7dc3ff1987354e974d77216b1b

Cloud 16.0.0
28/09/2016

Analysis Report
Macro Shellcode execution via EnumResourceTypes, callback

MD5: 3ebd49f7168ff668d617a174b1e7c30a

Cloud 16.0.0
07/09/2016

Analysis Report
e-Banking Trojan Retefe, installing fake root cert & TOR

MD5: ff8e9c668d9bb0460029eaaca75fd498

Cloud 14.0.0
10/03/2016

Analysis Report
Retefe e-Banking Trojan

MD5: 0977eb0c066706384646987f9ded4e06

Cloud 13.0.0
04/02/2016

Analysis Report
HydraCrypt Ransomware, encryption keys / pws / settings and more

MD5: 5f2d13576e4906501c91b8bf400e0890

Cloud 13.0.0
01/02/2016

Analysis Report
Malicious document dropping Dridex

MD5: 439bee4cbe16605193aa73e7bb75b731

Cloud 13.0.0
18/01/2016

Analysis Report
CryptoWall Ransomware

MD5: 56b08b321a1b76104376186df2bf5238

Cloud 13.0.0
9/12/2015

Analysis Report
TeslaCrypt Ransomware

MD5: 43855c9d765fe7da2adcc4e6fb9d237c

Cloud 13.0.0
1/12/2015

Analysis Report
UPS Invoice Spam, malicious doc dropping Dyre

MD5: 7d4fbadc67855bfece4e6dd5f07ee7f6

Cloud 13.0.0
19/11/2015

Analysis Report
Nice behavior graphs

MD5: 51365b90cd5e3671852e5c28eab20a63

Cloud 13.0.0
11/11/2015

Analysis Report
Info Stealer, PE file in BAT trick

MD5: 6071a0cf7861302564bd4fc44396e7a4

Cloud 13.0.0
09/10/2015

Analysis Report
Dyre, e-Banking trojan, ready to go for Microsoft Edge Browser

MD5: ad0d7d0903cb059b87892a099fe21d7e

Cloud 13.0.0
07/09/2015

Analysis Report
Trojan including many evasion tricks

MD5: 40D19FBA73C6B011814E2C6920E8792F

Cloud 12.5.0
14/07/2015

Analysis Report
Cidox/Rovnix Bootkit Analysis

MD5: cbdda646a20d95f078393506ecdc0796

Cloud 12.5.0
10/07/2015

Analysis Report
HackingTeam CVE-2015-0349 Flash 0-day being used by malware

Cloud 12.5.0
05/05/2015

Analysis Report
Rombertik Analysis, Analysis Detection Based on PE Resource Hash, overwrites MBR

MD5: f504ef6e9a269e354de802872dc5e209

Cloud 12.5.0
05/05/2015

Analysis Report
Rombertik Analysis with many anti analysis tricks

f504ef6e9a269e354de802872dc5e209

Cloud 12.5.0
05/05/2015

Analysis Report
Nice Rootkit Analysis of Win32.Vikim

MD5: 6f6d18dd0b2c54d34c44ff0a274399e0

Ultimate 12.5.0
05/05/2015

Analysis Report
Malicious Office Document using heavy obfuscation

MD5: 3aa72aacd5b215b6003d6b408fc65b33

Ultimate 12.0.0
20/04/2015

Analysis Report
Evasive sample executing only at specific dates

MD5: 0af4ef5069f47a371a0caf22ae2006a6

Ultimate 12.0.0
20/04/2015

Analysis Report
Evasive sample checking mouse and cursor movement

MD5: 3616a11fa463644fa20d2317c5971378

Ultimate 12.0.0
20/04/2015

Analysis Report
Evasive sample detecting Joe Sandbox by looking at the installed software

MD5: d80e956259c858eaccb53c1affaf8141

Cloud 12.0.0
19/03/2015

Analysis Report
Nice Ransomlocker analysis

MD5: 49ad164c1f4785fd7b092fd1456d7a10

Cloud 12.0.0
13/03/2015

Analysis Report
Browse of URL found in malicious Word document, drops ransomware

URL analysis

Cloud 12.0.0
13/03/2015

Analysis Report
Word with embedded VBA macro, needs user actions to trigger

MD5: 7ed4999012308d6f63abd7652a9f1ac0

Cloud 12.0.0
04/03/2015

Analysis Report
Stealth doc dropping Trojan Dridex

MD5: d221ab599418bbc890cf3f515babb287

Cloud 12.0.0
19/02/2015

Analysis Report
Dyre Banking Trojan Analysis

MD5: 08cea5ca7a6c1bceebe4adc7fd9404d1

Ultimate 12.0.0
05/02/2015

Analysis Report
Nice Zeus Banking Trojan Analysis

MD5: 4d08934bd040ed25dfa46542e396cb05

Cloud 11.0.0
29/01/2015

Analysis Report
Nice CBT Ransomware Locker Analysis

MD5: 521BD488A5DE44D84E9D145D3EB8A238

Cloud 30.0.0
05/10/2020

Analysis Report
FinSpy (FinFisher) commercial trojan

SHA256: 1e9162cd0941557304a6a097dfaadf59f90bc8bbaa9879afe67b5ce0d1514be8

Cloud 28.0.0
13/12/2019

Analysis Report
IoT Bot with DDoS Capabilities

SHA256: 105a07a0dd8b9a0c2dcde26db29a14e033f98ee28d20f7e7115d7ccd919d60de

Cloud 26.0.0
25/07/2019

Analysis Report
WatchBog CoinMiner

SHA256: 26ebeac4492616baf977903bb8deb7803bd5a22d8a005f02398c188b0375dfa4

Cloud 26.0.0
02/07/2019

Analysis Report
CoinMiner with Brootkit user-mode rootkit

SHA256: c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa

Cloud 26.0.0
12/04/2019

Analysis Report
CoinMiner

MD5: eec085bae7c4dfcdcb353b095b8375fa

Cloud 24.0.0
08/10/2018

Analysis Report
BitCoinMiner

MD5: 94bfedc1dd3a8e3760fca3229a573464

Cloud 22.0.0
08/06/2018

Analysis Report
ReddisWannaMine

MD5: d02477f0c908e721701f9644afe8fe5c

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 1

MD5: 5f358afee76f2a74b1a3443c6012b27b

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 2

MD5: 87049e223dd922dc1d8180c83e2fde77

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 2 (debug version)

MD5: 87049e223dd922dc1d8180c83e2fde77

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 3 (tor plugin)

MD5: b5dc976043db9b42c9f6fa889205c68a

Cloud 22.0.0
31/05/2018

Analysis Report
Coin mining malware

MD5: 9a0629bbb97ef2c2fd8369778aa9a0d3

Cloud 28.0.0
14/05/2020

Analysis Report
Adware Bundlore

SHA256: 02835cb8f68488d57e55430bf6032bee84460ed9eb8f649a5e9e1838c3a0df4f

Cloud 28.0.0
6/05/2020

Analysis Report
OSX Dacls backdoor/RAT (Lazarus APT)

SHA256: 899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53

Cloud 27.0.0
25/09/2019

Analysis Report
OSX GMERA.1 Trojan and Stealer

SHA256: 18e1db7c37a63d987a5448b4dd25103c8053799b0deea5f45f00ca094afe2fe7

Cloud 27.0.0
25/09/2019

Analysis Report
OSX GMERA.2 Trojan and Stealer

SHA256: faa2799751582b8829c61cbfe2cbaf3e792960835884b61046778d17937520f4

Cloud 26.0.0
21/06/2019

Analysis Report
OSX NetWire

SHA256: 07a4e04ee8b4c8dc0f7507f56dc24db00537d4637afee43dbb9357d4d54f6ff4

Cloud 26.0.0
09/04/2019

Analysis Report
OSX OceanLotus

SHA256: e94781e3da02c7f1426fd23cbd0a375cceac8766fe79c8bc4d4458d6fe64697c

Cloud 25.0.0
14/02/2019

Analysis Report
OSX WinPlyer Trojan + MacSearch Adware

SHA256: c87d858c476f8fa9ac5b5f68c48dff8efe3cee4d24ab11aebeec7066b55cbc53

Cloud 24.0.0
24/12/2018

Analysis Report
OSX WindTail

SHA256: ad282e5ba2bc06a128eb20da753350278a2e47ab545fdab808e94a2ff7b4061e

Cloud 24.0.0
12/12/2018

Analysis Report
OSX LamePyre

SHA256: a899a7d33d9ba80b6f9500585fa108178753894dfd249c2ba64c9d6a601c516b

Cloud 24.0.0
10/12/2018

Analysis Report
OSX DarthMiner (EmPyre + XMRig)

SHA256: ebecdeac53069c9db1207b2e0d1110a73bc289e31b0d3261d903163ca4b1e31e

Cloud 24.0.0
07/11/2018

Analysis Report
OSX AwesomeSearch Adware Spyware

MD5: a6338a0054fe0e05574787a7a96e7b88

Cloud 24.0.0
02/11/2018

Analysis Report
OSX CoinTicker Trojan

MD5: 6e90da7669304722c9a06db0e32554ef

Cloud 24.0.0
03/10/2018

Analysis Report
OSX FairyTale Adware

MD5: 784a95029a730ccbbf1efac72d7264d6

Cloud 23.0.0
26/07/2018

Analysis Report
OSX Calisto

MD5: d7ac1b8113c94567be4a26d214964119

Cloud 23.0.0
03/07/2018

Analysis Report
OSX Dummy

MD5: 7130faced98c800e6d8b1c42eca7d3dc

Cloud 22.0.0
14/05/2018

Analysis Report
New Crossrider variant

MD5: 653be35703942572c502e75710c56f56

Cloud 21.0.0
16/01/2018

Analysis Report
DNS Hijacker, MaMi

MD5: 6e6034c13cb949156888513211b1f1ef

Cloud 21.0.0
21/11/2017

Analysis Report
OSX Proton F

MD5: 6af212f189c28a3111b2dfa63f02ab4f

Cloud 21.0.0
23/10/2017

Analysis Report
OSX Proton in Supply Chain Attack (Elmedia Player)

MD5: 29fb77664fc4f13ea5f65cfe01b292af

Cloud 20.0.0
16/06/2017

Analysis Report
MacOS MacRansom

MD5: 8fe94843a3e655209c57af587849ac3a

Cloud 19.0.0
09/05/2017

Analysis Report
Trojan OSX Proton B

MD5: 577cd71ea0456348914312df22e12a5a

Cloud 19.0.0
05/05/2017

Analysis Report
Trojan OSX Snake aka Turla

MD5: 000e4225f382f9eee675dcaf3cbf9c7e

Cloud 19.0.0
03/05/2017

Analysis Report
Spyware OSX/Dok B

MD5: 0e48346ebd57b1b6dbaa0bbad4d579dc

Cloud 19.0.0
02/05/2017

Analysis Report
Spyware OSX/Dok A

MD5: e8bdde90574d5bf285d9abb0c8a113a8

Cloud 19.0.0
23/03/2017

Analysis Report
Mac Adware Downloader

MD5: 9e4fd1941aed7df97132d833972a65ef

Cloud 18.0.0
27/02/2017

Analysis Report
Ransomware FileCoder

MD5: 1b8be665af7729618d70bad773aac423

Cloud 18.0.0
08/02/2017

Analysis Report
iKitten / Macdownloader, Spyware

MD5: 787d664e842961f2a335139407f91a70

Cloud 18.0.0
07/02/2017

Analysis Report
Malicious Office document creating a Reverse Shell via VBA Macro

MD5: 952a36f4231c8628acea028b4145daec

Cloud 18.0.0
06/01/2017

Analysis Report
Apple Mail DOS via Safari, Support Scam

Cloud 17.0.0
11/10/2016

Analysis Report
Trojan Komplex

MD5: 81749e780d27ddd15973d19de77c9007

X 2.0.0
29/02/2016

Analysis Report
Trojan Wirelurker

MD5: dca13b4ff64bcd6876c13bbb4a22f450

X 2.0.0
16/02/2016

Analysis Report
Ransomware Mabouia PoC

MD5: 41b631c9a1a09d95620f204f3e723b0f

X 2.0.0
16/02/2016

Analysis Report
Trojan Flashplayer

MD5: 22e368f505c952d76529005dc99794f7

X 2.0.0
16/02/2016

Analysis Report
Adware Bundlore

MD5: d030ec7964a5863a7b78adeb3a6cc153

X 2.0.0
16/02/2016

Analysis Report
Trojan Adwind Java

MD5: e8388a2b7d8559c6f0f27ca91d004c7c

X 1.7.0
02/11/2015

Analysis Report
EliteKeyLogger

MD5: 582b23ca6de5c022f7d4409fda26d2e7

X 1.7.0
27/10/2015

Analysis Report
Trojan Janicab

MD5: 74bbce425ea052bfb79cc66c2ffd0719

X 1.2.0
08/12/2014

Analysis Report
Trojan Ventir

MD5: 9283c61f8cce4258c8111aaf098d21ee

X 1.0.0
29/09/2014

Analysis Report
Trojan xslcmd (with keylogger detection)

MD5: 60242ad3e1b6c4d417d4dfeb8fb464a1

X 1.0.0
17/09/2014

Analysis Report
Trojan xslcmd

MD5: 60242ad3e1b6c4d417d4dfeb8fb464a1

Cloud 28.0.0
26/03/2020

Analysis Report
Anbuis e-Banking Trojan using COVID19 theme

MD5: 3bb8fe04c67d6b35a92968bedffb7449

Cloud 28.0.0
26/03/2020

Analysis Report
Cerberus e-Banking Trojan using COVID19 theme

MD5: 89dc684c914932f0bb05222d98ccae17

Cloud 28.0.0
20/03/2020

Analysis Report
EventBot e-Banking Trojan (dev version)

MD5: f73f66b15791a42dac86d0ced46d660f

Cloud 28.0.0
25/10/2019

Analysis Report
Ginp e-Banking Trojan

MD5: 0a8d5a301d1ea44d5721045eea07fdcd

Cloud 26.0.0
28/08/2019

Analysis Report
CamScanner Necro.n

MD5: 7b7064d3876fc3cb1b3593e3c173a1a2

Cloud 26.0.0
25/07/2019

Analysis Report
Monokle RAT

MD5: a342b423e0ca57eba3a40311096a4f50

Cloud 26.0.0
12/07/2019

Analysis Report
Infector Agent Smith

MD5: 2f07c9b2a67104f8bc08d831c8922b6a

Cloud 26.0.0
25/06/2019

Analysis Report
Riltok e-Banking Malware

MD5: 2f07c9b2a67104f8bc08d831c8922b6a

Cloud 26.0.0
10/04/2019

Analysis Report
Android Malware which is able to send Whatsapp messages

MD5: 8df5b22cabc10423533884da7648e982

Cloud 26.0.0
03/04/2019

Analysis Report
Spyware XLoader related to Roaming Mantis

MD5: 651b6888b3f419fc1aac535921535324

Cloud 26.0.0
03/04/2019

Analysis Report
Adware Reptilicus

MD5: 9be7585e88c3697d1689fdd1456c2a52

Cloud 25.0.0
21/02/2019

Analysis Report
Anubis e-Banking Malware

MD5: b195bb8399be64002fbca421f14b2ac1

Cloud 25.0.0
12/02/2019

Analysis Report
Android Clipper, stealing crypto currency via clipboard hook

MD5: 24d7783aaf34884677a601d487473f88

Cloud 25.0.0
03/01/2019

Analysis Report
Android Spyware / Trojan MobSTSPY on Android 8.1 Oreo

MD5: 6af7af5cf626424751990f99731170e0

Cloud 24.0.0
09/12/2018

Analysis Report
Android Click Fraud Trojan

MD5: 03d66dd7ec05c8aa113854d6ad502ebb

Cloud 24.0.0
07/11/2018

Analysis Report
BianLia Trojan / Banker using date evasion and packing

MD5: 0c52aa43d1244c604b5f073f344677d8

Cloud 24.0.0
21/09/2018

Analysis Report
BankBot aka Anubis 2.0

MD5: 8ad6ee283c1b5b5a855bb3857ce7f275

Cloud 24.0.0
21/09/2018

Analysis Report
Monero Miner

MD5: fffb8d51838af6bb742e84b8b16239bb

Cloud 23.0.0
16/08/2018

Analysis Report
BankBot Anubis, e-Banking Trojan, Ransomware

MD5: 7e6a3e943673f731130fc5b4aeecde1b

Cloud 22.0.0
16/04/2018

Analysis Report
Roaming Mantis Android banking Trojan

MD5: 03108e7f426416b0eaca9132f082d568

Cloud 21.0.0
22/01/2018

Analysis Report
Skygofree, Trojan / Spyware

MD5: 39fca709b416d8da592de3a3f714dce8

Cloud 21.0.0
30/10/2017

Analysis Report
Coin Miner via CoinHive Javascript

MD5: fc1e08187de3f4b7cb52bd09ea3c2594

Cloud 20.0.0
16/10/2017

Analysis Report
DoubleLocker Android Ransomware

MD5: 85cfbd81ff6729927c968fbbb2d1d84d

Cloud 20.0.0
30/08/2017

Analysis Report
WireX DDOS Bot

MD5: c3f25252f8bc3361e426564ac2715109

Cloud 20.0.0
22/08/2017

Analysis Report
SonicSpy Android Trojan / Bot

MD5: 544bc1c6ecd95d89d96b5e75c3121fea

Cloud 19.0.0
29/05/2017

Analysis Report
Judy, click fraudster

MD5: 3d3eac7909186c86ae7f07c42fd61b1e

Cloud 19.0.0
12/04/2017

Analysis Report
Banking Trojan Marcher

MD5: c824dd7a921f5bd2b63bcbf92bdbd7d8

Cloud 18.0.0
27/01/2017

Analysis Report
Ransomware Charger

MD5: 2b83bd1d97eb911e9d53765edb5ea79e

Cloud 18.0.0
25/01/2017

Analysis Report
Trojan BankBot, stealing credit card and login data

MD5: beee6b598d006a6f6fc93f6b8764715f

Cloud 17.0.0
23/11/2016

Analysis Report
Trojan GT!tr.spy, stealing credit card and login data

MD5: d9192d7713df3029b9ba393683cb90a7

Cloud 16.0.0
07/09/2016

Analysis Report
Overlay e-Banking Malware

MD5: bee3746684b072867a5b202bfc5527dd

Cloud 14.0.0
24/03/2016

Analysis Report
Angry birds SMS trojan

MD5: e8d28adbf37246558d922dc89f2b0c1c

Cloud 13.0.0
29/01/2016

Analysis Report
SMS Bot

ded8e08c83cdbb7c2ba1152b35879b4

Cloud 13.0.0
29/01/2016

Analysis Report
SMS Bot

MD5: d58848f716635fc2df1d9de5c25c56d1

Mobile 3.5.0
20/02/2015

Analysis Report
Android Spy Trojan

MD5: 14d9f1a92dd984d6040cc41ed06e273e

Class 2.0.0
29/09/2018

Analysis Report
APT28/Grizzlybear Lojack Double Agent

MD5: 595aff5212df3534fb8af6a587c6038e

Class 2.0.0
29/08/2018

Analysis Report
APT28/Grizzlybear related sample

MD5: f0309aa0519ee70c29bbb471352781e7

Class 2.0.0
29/08/2018

Analysis Report
Malicious RTF using CVE-2018-0802

MD5: 15a43d4c8ae9592ee06a410c58311e35

Class 2.0.0
29/08/2018

Analysis Report
Gozi ISFB Banking Malware

MD5: e2476ed98a57bbb14f45fd1e04d4c43c

Class 2.0.0
29/08/2018

Analysis Report
DarkComet RAT

MD5: cd1974c09f7171e19634de0e00d7efb7

Cloud 17.0.0
27/10/2016

Analysis Report
YiSpecter (NoIcon)

MD5: fbf92317ca8a7d5c243ab62624701050

Cloud 17.0.0
28/10/2016

Analysis Report
YiSpecter (AdPage)

MD5: 62c6f0e3615b0771c0d189d3a7c50477

Cloud 30.0.0
05/10/2020

Analysis Report
FinSpy (FinFisher) commercial trojan

SHA256: 1e9162cd0941557304a6a097dfaadf59f90bc8bbaa9879afe67b5ce0d1514be8

Cloud 28.0.0
13/12/2019

Analysis Report
IoT Bot with DDoS Capabilities

SHA256: 105a07a0dd8b9a0c2dcde26db29a14e033f98ee28d20f7e7115d7ccd919d60de

Cloud 26.0.0
25/07/2019

Analysis Report
WatchBog CoinMiner

SHA256: 26ebeac4492616baf977903bb8deb7803bd5a22d8a005f02398c188b0375dfa4

Cloud 26.0.0
02/07/2019

Analysis Report
CoinMiner with Brootkit user-mode rootkit

SHA256: c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa

Cloud 26.0.0
12/04/2019

Analysis Report
CoinMiner

MD5: eec085bae7c4dfcdcb353b095b8375fa

Cloud 24.0.0
08/10/2018

Analysis Report
BitCoinMiner

MD5: 94bfedc1dd3a8e3760fca3229a573464

Cloud 22.0.0
08/06/2018

Analysis Report
ReddisWannaMine

MD5: d02477f0c908e721701f9644afe8fe5c

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 1

MD5: 5f358afee76f2a74b1a3443c6012b27b

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 2

MD5: 87049e223dd922dc1d8180c83e2fde77

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 2 (debug version)

MD5: 87049e223dd922dc1d8180c83e2fde77

Cloud 22.0.0
31/05/2018

Analysis Report
VPNFilter Bot APT, Stage 3 (tor plugin)

MD5: b5dc976043db9b42c9f6fa889205c68a

Cloud 22.0.0
31/05/2018

Analysis Report
Coin mining malware

MD5: 9a0629bbb97ef2c2fd8369778aa9a0d3

Cloud 30.0.0
17/09/2020

Analysis Report
Unknown loader using Instruction Hammering, dropping DarkComet

DDD60E9AE362DEF377AA70D414ED374D

Cloud 30.0.0
17/09/2020

Analysis Report
AgentTesla, tries to steal Putty/WinSCP info

MD5: 2689e0bd727c85849f786822b360cd28

Cloud 30.0.0
17/09/2020

Analysis Report
GuLoader with many evasion, including Instruction Hammering

01a54f73856cfb74a3bbba47bcec227b

Cloud 29.0.0
14/09/2020

Analysis Report
SmoleLoader using various VM detections, CodeIntegrity checks, etc

18b04e2fd804d553d9a35e088193dea7

Cloud 28.0.0
22/04/2020

Analysis Report
AgentTesla loader using RDTSC, CPUID and Win32_BaseBoard VM detection

MD5: 87e74af7016e8a9b9304dc537fa093da

Cloud 28.0.0
24/02/2020

Analysis Report
Azorult, using several tricks to detect sandboxes (desktop resolution, tick count, processes etc)

MD5: ff17014cbb249e173309a9e1251e4574

Cloud 28.0.0
24/01/20220

Analysis Report
Date-aware (<20.1.2020) Cassandra Crypter dropping AgentTesla

MD5: a24c195da4f8a5dee365875b3e3a38a1

Cloud 28.0.0
22/01/20220

Analysis Report
TrickBot Downloader counting total number of processes

MD5: 3e8c58262860fcbce68af93f4a022232

Cloud 28.0.0
10/12/2019

Analysis Report
Country (Application.LanguageSettings. LanguageID) and filename (ActiveWorkbook.Name) aware VBA dropping Ursnif

MD5: c5e1106f9654a23320132cbc61b3f29d

Cloud 26.0.0
12/08/2019

Analysis Report
FrenchyShellcode Packer with open window check, dropping NJRAT

MD5: 879d9a2c75ee83443a0a913f5dc71b5c

Cloud 26.0.0
12/06/2019

Analysis Report
GetKeyboardLayout - check English / Russian - if yes crash

MD5: 2d1ca86789091f84f0d4f6af9fd5d51d

Cloud 26.0.0
09/05/2019

Analysis Report
Delays execution by executing massive amount of instructions / loops for more than 3 minutes

27cf7e2be6e049b2793ad9f38218eb01

Cloud 25.0.0
21/03/2019

Analysis Report
Malicious document dropping Gozi, NUMBER_OF_PROCESSORS VBA check

MD5: 6f772eb660bc05fc26df86c98ca49abc

Cloud 26.0.0
01/03/2019

Analysis Report
Country aware VBA Macro using GetLocaleInfo

MD5: 6a9eda3eb0bfc222ab46725829faaec7

Cloud 26.0.0
26/02/2019

Analysis Report
Country aware VBA Macro

MD5: aacb83294ca96f6713da83363ffd9804

Cloud 25.0.0
18/01/2019

Analysis Report
Imminent RAT using several anti-debugging and anti-VM evasions

MD5: d6c644512c430cd64965c2259150f371

Cloud 24.0.0
13/12/2018

Analysis Report
Country aware VBA Office Macro

7ffdde19a2ce936c1e1ed92aeb25eb78

Cloud 24.0.0
18/11/2018

Analysis Report
Word Document VBA process name and count check

MD5: cd15a7c3cb1725dc9d21160c26ab9c2e

Cloud 24.0.0
10/10/2018

Analysis Report
Gootkit e-Banking trojan using a whole bunch of anti-analysis and anti-vm techniques

MD5: 0ee40dfb96795b73c6bc1eef31e59356

Cloud 24.0.0
03/10/2018

Analysis Report
Gozi 2.17 using GetLocaleInfo and GetCursorPos evasions

MD5: 7e17f0f35d50f49407841372f24fbd38

Cloud 23.0.0
14/09/2018

Analysis Report
BONDUPDATER using various WMI querys to check for physical hardware (fan, thermal sensors etc)

MD5: ea6321f55ea83e6f2887a2360f8e55b0

Cloud 23.0.0
04/07/2018

Analysis Report
Evasive Backdoor, Time Evasions, Debugger Detection, VM Detection

MD5: 9e3ea995e40b62adae78e93e6b30780c

Cloud 22.0.0
08/05/2018

Analysis Report
Evasive sample using GetKeyboardLayout to target French computers

MD5: fe1214a06ffc40b1ebb524f185894487

Cloud 21.0.0
20/02/2018

Analysis Report
Olympic Destroyer, Wiper malware targeting Olympic Games 2018 in PyeongChang

MD5: f12fc711529b48bcef52c5ca0a52335a

Cloud 21.0.0
08/02/2018

Analysis Report
Elise malware loaded with Sandbox evasion using CVE-2018-0802 for persistence

MD5: f12fc711529b48bcef52c5ca0a52335a

Cloud 21.0.0
27/11/2017

Analysis Report
Retefe using MUILanguages Sandbox evasion trick

MD5: 85fc638bd373af9a95c715bc4f8b97fc

Cloud 20.0.0
09/10/2017

Analysis Report
Sandbox Process DOS / overloading

MD5: 1de07d0af66cfa7b504c2f563d45437b

Cloud 20.0.0
18/09/2017

Analysis Report
CCleaner (signed) infected by unknown malware, IcmpSendEcho evasion

MD5: ef694b89ad7addb9a16bb6f26f1efaf7

Cloud 20.0.0
12/09/2017

Analysis Report
Debugger and sandbox detection (file, registry and mutex based)

MD5: 24a3d1d2f36824dfa190d8f93da26432

Cloud 20.0.0
23/08/2017

Analysis Report
Ransomware SyncCrypt using scheduled tasks to evade analysis

MD5: d10c1bd17c1b84a22db0d77515b7c32e

Cloud 16.0.0
03/10/2016

Analysis Report
Loop based & ping sleep based evasions

MD5: 4c3f80e146987a5fcd97b807071e2dd6

Cloud 16.0.0
22/09/2016

Analysis Report
Macro Evasions: Tasks, File Name, GeoIP check

MD5: 09f16077acf6c05e5c293835b3a75a20

Cloud 16.0.0
07/09/2016

Analysis Report
PartOfDomain evasion

MD5: af0e156bd39be48edd884578616ab153

Cloud 16.0.0
31/08/2016

Analysis Report
Zone.Identifier based evasion

MD5: 43b8cc7dc3ff1987354e974d77216b1b

Cloud 16.0.0
27/07/2016

Analysis Report
Time and command line based dropper evasions

c5d5058c8af64b79c9973e492aeb39d8d0e46931

Cloud 15.0.0
13/07/2016

Analysis Report
Extensive use of finger printing (disk, network card, files, directories etc)

MD5: 564ac87ca4114edd6a84a005092f1285

Cloud 15.0.0
07/07/2016

Analysis Report
Malicious Document dropping Cerber Ransom, using timer based Sleep evasion in VBS

MD5: 58258b89e076c4d378436f3b03682402

Cloud 14.0.0
12/05/2016

Analysis Report
TeslaCrypt, Speaker check via COM

MD5: 61f847bcb69d0fe86ad7a4ba3f057be5

Cloud 14.0.0
29/03/2016

Analysis Report
Nymaim, GetSystemTime, API hammering

MD5: f1a12884b999b9e572f91a94043d6e01

Cloud 13.0.0
24/11/2015

Analysis Report
Upatre, NtQuerySystemInformation IdleTime Evasion

MD5: 06a4059da943b09f13ab2909824968de

Cloud 13.0.0
01/10/2015

Analysis Report
Dyre, containing GetTickCount evasion technique

MD5: ad0d7d0903cb059b87892a099fe21d7e

Cloud 13.0.0
07/09/2015

Analysis Report
Multiple known evasion, including foreground window change detection, SCSI descriptor, SystemBiosVersion, VMware and VirtualBox driver file check and PhysicalDrive0 device IO 0x2D1400 trick

MD5: 40D19FBA73C6B011814E2C6920E8792F

Cloud 12.5.0
24/07/2015

Analysis Report
Bot / dropper using SystemBiosVersion, VideoBiosVersion, Disk Identifier and PCI devices for VM detection.

MD5: 9437eabf2fe5d32101e3fbf9f6027880

Cloud 12.5.0
06/05/2015

Analysis Report
Simple evasion based on CPU core check. Check is done via PEB-> NumberOfProcessors. Terminates if core count is smaller than 2.

MD5: cbdda646a20d95f078393506ecdc0796

Cloud 12.5.0
05/05/2015

Execution Graph
Very sophisticated evasions based on sandbox overloading (instructions and APIs), hook detection, sample file name check and memory hashing. If an analysis system / sandbox has been detected it encrypts personal files and kills the MBR.

MD5: f504ef6e9a269e354de802872dc5e209

Cloud 13.0.0
20/04/2015

Analysis Report
Sophisticated evasion based on user behavior detection. Watches for mouse pointer moves and window changes. Checks the size of the disk via IOCTL_DISK_GET_DRIVE_GEOMETRY_EX / DeviceIoControl. Terminates if the disk has less than 5000 cylinders.

MD5: 3616a11fa463644fa20d2317c5971378

Ultimate 12.0.0
20/04/2015

Analysis Report
Simple evasion based on date check: only executes its payload at a particular year and month. Terminates if the year or month does not match.

MD5: 0AF4EF5069F47A371A0CAF22AE2006A6

Ultimate 12.0.0
20/04/2015

Analysis Report
Evasion based on VM detection via Disk/Enum check. Additional evasion based on direct detection of Joe Sandbox with fingerprinting specific software installed on the analysis system. Installed software is enumerated via registry Windows\CurrentVersion\Uninstall key.

MD5: D80E956259C858EACCB53C1AFFAF8141

Desktop 8.0.0
11/09/2013

Analysis Report
Evasion based on VM detection via SetupDiGetClassDevs, SetupDiEnumDeviceInfo and SetupDiGetDeviceRegistryProperty.

MD5: 9fac72a50a7f756d0d3319c686850516

Cloud 30.0.0
28/09/2020

Analysis Report
FinSpy (FinFisher) commercial trojan

SHA256: 4f3003dd2ed8dcb68133f95c14e28b168bd0f52e5ae9842f528d3f7866495cea

Cloud 29.0.0
01/07/2020

Analysis Report
EvilQuest (ThiefQuest) Ransomware, contains functions related to anti-analysis

SHA256: b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a

Cloud 26.0.0
01/07/2019

Analysis Report
OSX CrescentCore, VM-aware rogue software installer

SHA256: 45eab9f25158b677877a447b052f024c44c80744bcfae59deb660c47a9cbf1ac

Cloud 20.0.0
16/06/2017

Analysis Report
MacOS MacRansom, queries model and CPU count information

MD5: 8fe94843a3e655209c57af587849ac3a

Cloud 26.0.0
16/09/2019

Analysis Report
Nicro Android Trojan using several evasion techniques

MD5: 7b7064d3876fc3cb1b3593e3c173a1a2

Cloud 26.0.0
14/08/2019

Analysis Report
Cerberus using motion events (accelerator) to trigger payload

MD5: a342b423e0ca57eba3a40311096a4f50

Cloud 26.0.0
21/02/2019

Analysis Report
Evasive Android dropper using native libraries to detect VMs and rooted devices

MD5: f412517d1e386cbd567fbba81d1842fe

Cloud 25.0.0
20/01/2019

Analysis Report
Anubis Loader using motion events (accelerator) to trigger the installation

MD5: d97a63536a7225bb1e788e7c244373dc

Cloud 24.0.0
07/11/2018

Analysis Report
BianLia Trojan / Banker using date evasion and packing

MD5: 0c52aa43d1244c604b5f073f344677d8

Cloud 24.0.0
27/10/2018

Analysis Report
Banking Trojan Dropper with Anti-Emulator and Anti-Sandbox Stub

MD5: cfa7fdb907e9165a9299fb164dda3b90

Cloud 21.0.0
22/12/2017

Analysis Report
Loapi multi Layer unpacking trojan with Mining capabilities

MD5: 3b574b67bf5a80c43e6430d69b72e6ec