Malware Analysis Reports

Analysis Report
Shlayer with CVE-2021-30657 exploit for bypassing Gatekeeper, File Quarantine and Application Notarization

SHA256: 70c6f9da05046525605e2066185929c2659e27a3851dc43d8aa69e2692e6154f

Analysis Report
Adware Bundlore

SHA256: 02835cb8f68488d57e55430bf6032bee84460ed9eb8f649a5e9e1838c3a0df4f

Analysis Report
OSX Dacls backdoor/RAT (Lazarus APT)

SHA256: 899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53

Analysis Report
OSX GMERA.1 Trojan and Stealer

SHA256: 18e1db7c37a63d987a5448b4dd25103c8053799b0deea5f45f00ca094afe2fe7

Analysis Report
OSX GMERA.2 Trojan and Stealer

SHA256: faa2799751582b8829c61cbfe2cbaf3e792960835884b61046778d17937520f4

Analysis Report
OSX NetWire

SHA256: 07a4e04ee8b4c8dc0f7507f56dc24db00537d4637afee43dbb9357d4d54f6ff4

Analysis Report
OSX OceanLotus

SHA256: e94781e3da02c7f1426fd23cbd0a375cceac8766fe79c8bc4d4458d6fe64697c

Analysis Report
OSX WinPlyer Trojan + MacSearch Adware

SHA256: c87d858c476f8fa9ac5b5f68c48dff8efe3cee4d24ab11aebeec7066b55cbc53

Analysis Report
OSX WindTail

SHA256: ad282e5ba2bc06a128eb20da753350278a2e47ab545fdab808e94a2ff7b4061e

Analysis Report
OSX LamePyre

SHA256: a899a7d33d9ba80b6f9500585fa108178753894dfd249c2ba64c9d6a601c516b

Analysis Report
OSX DarthMiner (EmPyre + XMRig)

SHA256: ebecdeac53069c9db1207b2e0d1110a73bc289e31b0d3261d903163ca4b1e31e

Analysis Report
OSX AwesomeSearch Adware Spyware

MD5: a6338a0054fe0e05574787a7a96e7b88

Analysis Report
OSX CoinTicker Trojan

MD5: 6e90da7669304722c9a06db0e32554ef

Analysis Report
OSX FairyTale Adware

MD5: 784a95029a730ccbbf1efac72d7264d6

Analysis Report
OSX Calisto

MD5: d7ac1b8113c94567be4a26d214964119

Analysis Report
OSX Dummy

MD5: 7130faced98c800e6d8b1c42eca7d3dc

Analysis Report
New Crossrider variant

MD5: 653be35703942572c502e75710c56f56

Analysis Report
DNS Hijacker, MaMi

MD5: 6e6034c13cb949156888513211b1f1ef

Analysis Report
OSX Proton F

MD5: 6af212f189c28a3111b2dfa63f02ab4f

Analysis Report
OSX Proton in Supply Chain Attack (Elmedia Player)

MD5: 29fb77664fc4f13ea5f65cfe01b292af

Analysis Report
MacOS MacRansom

MD5: 8fe94843a3e655209c57af587849ac3a

Analysis Report
Trojan OSX Proton B

MD5: 577cd71ea0456348914312df22e12a5a

Analysis Report
Trojan OSX Snake aka Turla

MD5: 000e4225f382f9eee675dcaf3cbf9c7e

Analysis Report
Spyware OSX/Dok B

MD5: 0e48346ebd57b1b6dbaa0bbad4d579dc

Analysis Report
Spyware OSX/Dok A

MD5: e8bdde90574d5bf285d9abb0c8a113a8

Analysis Report
Mac Adware Downloader

MD5: 9e4fd1941aed7df97132d833972a65ef

Analysis Report
Ransomware FileCoder

MD5: 1b8be665af7729618d70bad773aac423

Analysis Report
iKitten / Macdownloader, Spyware

MD5: 787d664e842961f2a335139407f91a70

Analysis Report
Malicious Office document creating a Reverse Shell via VBA Macro

MD5: 952a36f4231c8628acea028b4145daec

Analysis Report
Apple Mail DOS via Safari, Support Scam

Analysis Report
Trojan Komplex

MD5: 81749e780d27ddd15973d19de77c9007

Analysis Report
Trojan Wirelurker

MD5: dca13b4ff64bcd6876c13bbb4a22f450

Analysis Report
Ransomware Mabouia PoC

MD5: 41b631c9a1a09d95620f204f3e723b0f

Analysis Report
Trojan Flashplayer

MD5: 22e368f505c952d76529005dc99794f7

Analysis Report
Adware Bundlore

MD5: d030ec7964a5863a7b78adeb3a6cc153

Analysis Report
Trojan Adwind Java

MD5: e8388a2b7d8559c6f0f27ca91d004c7c

Analysis Report
EliteKeyLogger

MD5: 582b23ca6de5c022f7d4409fda26d2e7

Analysis Report
Trojan Janicab

MD5: 74bbce425ea052bfb79cc66c2ffd0719

Analysis Report
Trojan Ventir

MD5: 9283c61f8cce4258c8111aaf098d21ee

Analysis Report
Trojan xslcmd (with keylogger detection)

MD5: 60242ad3e1b6c4d417d4dfeb8fb464a1

Analysis Report
Trojan xslcmd

MD5: 60242ad3e1b6c4d417d4dfeb8fb464a1

Analysis Report
Demo App for Joe Sandbox I on iOS 13

SHA256: ceeafc96b3bbd7a20749919a86b407863f9fedc83aaafa16e8d2b16c274dea8f

Analysis Report
YiSpecter (NoIcon)

MD5: fbf92317ca8a7d5c243ab62624701050

Analysis Report
YiSpecter (AdPage)

MD5: 62c6f0e3615b0771c0d189d3a7c50477

Analysis Report
Tsunami botnet malware

SHA256: 864d438887ea34ffd06b03695267e93b48e73ec0f39d047968a1cce44448c581

Analysis Report
FinSpy (FinFisher) commercial trojan

SHA256: 1e9162cd0941557304a6a097dfaadf59f90bc8bbaa9879afe67b5ce0d1514be8

Analysis Report
IoT Bot with DDoS Capabilities

SHA256: 105a07a0dd8b9a0c2dcde26db29a14e033f98ee28d20f7e7115d7ccd919d60de

Analysis Report
WatchBog CoinMiner

SHA256: 26ebeac4492616baf977903bb8deb7803bd5a22d8a005f02398c188b0375dfa4

Analysis Report
CoinMiner with Brootkit user-mode rootkit

SHA256: c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa

Analysis Report
CoinMiner

MD5: eec085bae7c4dfcdcb353b095b8375fa

Analysis Report
BitCoinMiner

MD5: 94bfedc1dd3a8e3760fca3229a573464

Analysis Report
ReddisWannaMine

MD5: d02477f0c908e721701f9644afe8fe5c

Analysis Report
VPNFilter Bot APT, Stage 1

MD5: 5f358afee76f2a74b1a3443c6012b27b

Analysis Report
VPNFilter Bot APT, Stage 2

MD5: 87049e223dd922dc1d8180c83e2fde77

Analysis Report
VPNFilter Bot APT, Stage 2 (debug version)

MD5: 87049e223dd922dc1d8180c83e2fde77

Analysis Report
VPNFilter Bot APT, Stage 3 (tor plugin)

MD5: b5dc976043db9b42c9f6fa889205c68a

Analysis Report
Coin mining malware

MD5: 9a0629bbb97ef2c2fd8369778aa9a0d3

Analysis Report
Anbuis e-Banking Trojan using COVID19 theme

MD5: 3bb8fe04c67d6b35a92968bedffb7449

Analysis Report
Cerberus e-Banking Trojan using COVID19 theme

MD5: 89dc684c914932f0bb05222d98ccae17

Analysis Report
EventBot e-Banking Trojan (dev version)

MD5: f73f66b15791a42dac86d0ced46d660f

Analysis Report
Ginp e-Banking Trojan

MD5: 0a8d5a301d1ea44d5721045eea07fdcd

Analysis Report
CamScanner Necro.n

MD5: 7b7064d3876fc3cb1b3593e3c173a1a2

Analysis Report
Monokle RAT

MD5: a342b423e0ca57eba3a40311096a4f50

Analysis Report
Infector Agent Smith

MD5: 2f07c9b2a67104f8bc08d831c8922b6a

Analysis Report
Riltok e-Banking Malware

MD5: 2f07c9b2a67104f8bc08d831c8922b6a

Analysis Report
Android Malware which is able to send Whatsapp messages

MD5: 8df5b22cabc10423533884da7648e982

Analysis Report
Spyware XLoader related to Roaming Mantis

MD5: 651b6888b3f419fc1aac535921535324

Analysis Report
Adware Reptilicus

MD5: 9be7585e88c3697d1689fdd1456c2a52

Analysis Report
Anubis e-Banking Malware

MD5: b195bb8399be64002fbca421f14b2ac1

Analysis Report
Android Clipper, stealing crypto currency via clipboard hook

MD5: 24d7783aaf34884677a601d487473f88

Analysis Report
Android Spyware / Trojan MobSTSPY on Android 8.1 Oreo

MD5: 6af7af5cf626424751990f99731170e0

Analysis Report
Android Click Fraud Trojan

MD5: 03d66dd7ec05c8aa113854d6ad502ebb

Analysis Report
BianLia Trojan / Banker using date evasion and packing

MD5: 0c52aa43d1244c604b5f073f344677d8

Analysis Report
BankBot aka Anubis 2.0

MD5: 8ad6ee283c1b5b5a855bb3857ce7f275

Analysis Report
Monero Miner

MD5: fffb8d51838af6bb742e84b8b16239bb

Analysis Report
BankBot Anubis, e-Banking Trojan, Ransomware

MD5: 7e6a3e943673f731130fc5b4aeecde1b

Analysis Report
Roaming Mantis Android banking Trojan

MD5: 03108e7f426416b0eaca9132f082d568

Analysis Report
Skygofree, Trojan / Spyware

MD5: 39fca709b416d8da592de3a3f714dce8

Analysis Report
Coin Miner via CoinHive Javascript

MD5: fc1e08187de3f4b7cb52bd09ea3c2594

Analysis Report
DoubleLocker Android Ransomware

MD5: 85cfbd81ff6729927c968fbbb2d1d84d

Analysis Report
WireX DDOS Bot

MD5: c3f25252f8bc3361e426564ac2715109

Analysis Report
SonicSpy Android Trojan / Bot

MD5: 544bc1c6ecd95d89d96b5e75c3121fea

Analysis Report
Judy, click fraudster

MD5: 3d3eac7909186c86ae7f07c42fd61b1e

Analysis Report
Banking Trojan Marcher

MD5: c824dd7a921f5bd2b63bcbf92bdbd7d8

Analysis Report
Ransomware Charger

MD5: 2b83bd1d97eb911e9d53765edb5ea79e

Analysis Report
Trojan BankBot, stealing credit card and login data

MD5: beee6b598d006a6f6fc93f6b8764715f

Analysis Report
Trojan GT!tr.spy, stealing credit card and login data

MD5: d9192d7713df3029b9ba393683cb90a7

Analysis Report
Overlay e-Banking Malware

MD5: bee3746684b072867a5b202bfc5527dd

Analysis Report
Angry birds SMS trojan

MD5: e8d28adbf37246558d922dc89f2b0c1c

Analysis Report
SMS Bot

ded8e08c83cdbb7c2ba1152b35879b4

Analysis Report
SMS Bot

MD5: d58848f716635fc2df1d9de5c25c56d1

Analysis Report
Android Spy Trojan

MD5: 14d9f1a92dd984d6040cc41ed06e273e

Analysis Report
APT28/Grizzlybear Lojack Double Agent

MD5: 595aff5212df3534fb8af6a587c6038e

Analysis Report
APT28/Grizzlybear related sample

MD5: f0309aa0519ee70c29bbb471352781e7

Analysis Report
Malicious RTF using CVE-2018-0802

MD5: 15a43d4c8ae9592ee06a410c58311e35

Analysis Report
Gozi ISFB Banking Malware

MD5: e2476ed98a57bbb14f45fd1e04d4c43c

Analysis Report
DarkComet RAT

MD5: cd1974c09f7171e19634de0e00d7efb7

Analysis Report
Tsunami botnet malware

SHA256: 864d438887ea34ffd06b03695267e93b48e73ec0f39d047968a1cce44448c581

Analysis Report
FinSpy (FinFisher) commercial trojan

SHA256: 1e9162cd0941557304a6a097dfaadf59f90bc8bbaa9879afe67b5ce0d1514be8

Analysis Report
IoT Bot with DDoS Capabilities

SHA256: 105a07a0dd8b9a0c2dcde26db29a14e033f98ee28d20f7e7115d7ccd919d60de

Analysis Report
WatchBog CoinMiner

SHA256: 26ebeac4492616baf977903bb8deb7803bd5a22d8a005f02398c188b0375dfa4

Analysis Report
CoinMiner with Brootkit user-mode rootkit

SHA256: c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa

Analysis Report
CoinMiner

MD5: eec085bae7c4dfcdcb353b095b8375fa

Analysis Report
BitCoinMiner

MD5: 94bfedc1dd3a8e3760fca3229a573464

Analysis Report
ReddisWannaMine

MD5: d02477f0c908e721701f9644afe8fe5c

Analysis Report
VPNFilter Bot APT, Stage 1

MD5: 5f358afee76f2a74b1a3443c6012b27b

Analysis Report
VPNFilter Bot APT, Stage 2

MD5: 87049e223dd922dc1d8180c83e2fde77

Analysis Report
VPNFilter Bot APT, Stage 2 (debug version)

MD5: 87049e223dd922dc1d8180c83e2fde77

Analysis Report
VPNFilter Bot APT, Stage 3 (tor plugin)

MD5: b5dc976043db9b42c9f6fa889205c68a

Analysis Report
Coin mining malware

MD5: 9a0629bbb97ef2c2fd8369778aa9a0d3

Analysis Report
Evasive JS dropper checking the video card RAM size via WMI Win32_VideoController.adapterRAM and many additional WMI checks

6cdad3b5ac021d3dbf0fb6159831cdce

Analysis Report
Unknown loader using Instruction Hammering, dropping DarkComet

DDD60E9AE362DEF377AA70D414ED374D

Analysis Report
AgentTesla, tries to steal Putty/WinSCP info

MD5: 2689e0bd727c85849f786822b360cd28

Analysis Report
GuLoader with many evasion, including Instruction Hammering

01a54f73856cfb74a3bbba47bcec227b

Analysis Report
SmoleLoader using various VM detections, CodeIntegrity checks, etc

18b04e2fd804d553d9a35e088193dea7

Analysis Report
AgentTesla loader using RDTSC, CPUID and Win32_BaseBoard VM detection

MD5: 87e74af7016e8a9b9304dc537fa093da

Analysis Report
Azorult, using several tricks to detect sandboxes (desktop resolution, tick count, processes etc)

MD5: ff17014cbb249e173309a9e1251e4574

Analysis Report
Date-aware (<20.1.2020) Cassandra Crypter dropping AgentTesla

MD5: a24c195da4f8a5dee365875b3e3a38a1

Analysis Report
TrickBot Downloader counting total number of processes

MD5: 3e8c58262860fcbce68af93f4a022232

Analysis Report
Country (Application.LanguageSettings. LanguageID) and filename (ActiveWorkbook.Name) aware VBA dropping Ursnif

MD5: c5e1106f9654a23320132cbc61b3f29d

Analysis Report
FrenchyShellcode Packer with open window check, dropping NJRAT

MD5: 879d9a2c75ee83443a0a913f5dc71b5c

Analysis Report
GetKeyboardLayout - check English / Russian - if yes crash

MD5: 2d1ca86789091f84f0d4f6af9fd5d51d

Analysis Report
Delays execution by executing massive amount of instructions / loops for more than 3 minutes

27cf7e2be6e049b2793ad9f38218eb01

Analysis Report
Malicious document dropping Gozi, NUMBER_OF_PROCESSORS VBA check

MD5: 6f772eb660bc05fc26df86c98ca49abc

Analysis Report
Country aware VBA Macro using GetLocaleInfo

MD5: 6a9eda3eb0bfc222ab46725829faaec7

Analysis Report
Country aware VBA Macro

MD5: aacb83294ca96f6713da83363ffd9804

Analysis Report
Imminent RAT using several anti-debugging and anti-VM evasions

MD5: d6c644512c430cd64965c2259150f371

Analysis Report
Country aware VBA Office Macro

7ffdde19a2ce936c1e1ed92aeb25eb78

Analysis Report
Word Document VBA process name and count check

MD5: cd15a7c3cb1725dc9d21160c26ab9c2e

Analysis Report
Gootkit e-Banking trojan using a whole bunch of anti-analysis and anti-vm techniques

MD5: 0ee40dfb96795b73c6bc1eef31e59356

Analysis Report
Gozi 2.17 using GetLocaleInfo and GetCursorPos evasions

MD5: 7e17f0f35d50f49407841372f24fbd38

Analysis Report
BONDUPDATER using various WMI querys to check for physical hardware (fan, thermal sensors etc)

MD5: ea6321f55ea83e6f2887a2360f8e55b0

Analysis Report
Evasive Backdoor, Time Evasions, Debugger Detection, VM Detection

MD5: 9e3ea995e40b62adae78e93e6b30780c

Analysis Report
Evasive sample using GetKeyboardLayout to target French computers

MD5: fe1214a06ffc40b1ebb524f185894487

Analysis Report
Olympic Destroyer, Wiper malware targeting Olympic Games 2018 in PyeongChang

MD5: f12fc711529b48bcef52c5ca0a52335a

Analysis Report
Elise malware loaded with Sandbox evasion using CVE-2018-0802 for persistence

MD5: f12fc711529b48bcef52c5ca0a52335a

Analysis Report
Retefe using MUILanguages Sandbox evasion trick

MD5: 85fc638bd373af9a95c715bc4f8b97fc

Analysis Report
Sandbox Process DOS / overloading

MD5: 1de07d0af66cfa7b504c2f563d45437b

Analysis Report
CCleaner (signed) infected by unknown malware, IcmpSendEcho evasion

MD5: ef694b89ad7addb9a16bb6f26f1efaf7

Analysis Report
Debugger and sandbox detection (file, registry and mutex based)

MD5: 24a3d1d2f36824dfa190d8f93da26432

Analysis Report
Ransomware SyncCrypt using scheduled tasks to evade analysis

MD5: d10c1bd17c1b84a22db0d77515b7c32e

Analysis Report
Loop based & ping sleep based evasions

MD5: 4c3f80e146987a5fcd97b807071e2dd6

Analysis Report
Macro Evasions: Tasks, File Name, GeoIP check

MD5: 09f16077acf6c05e5c293835b3a75a20

Analysis Report
PartOfDomain evasion

MD5: af0e156bd39be48edd884578616ab153

Analysis Report
Zone.Identifier based evasion

MD5: 43b8cc7dc3ff1987354e974d77216b1b

Analysis Report
Time and command line based dropper evasions

c5d5058c8af64b79c9973e492aeb39d8d0e46931

Analysis Report
Extensive use of finger printing (disk, network card, files, directories etc)

MD5: 564ac87ca4114edd6a84a005092f1285

Analysis Report
Malicious Document dropping Cerber Ransom, using timer based Sleep evasion in VBS

MD5: 58258b89e076c4d378436f3b03682402

Analysis Report
TeslaCrypt, Speaker check via COM

MD5: 61f847bcb69d0fe86ad7a4ba3f057be5

Analysis Report
Nymaim, GetSystemTime, API hammering

MD5: f1a12884b999b9e572f91a94043d6e01

Analysis Report
Upatre, NtQuerySystemInformation IdleTime Evasion

MD5: 06a4059da943b09f13ab2909824968de

Analysis Report
Dyre, containing GetTickCount evasion technique

MD5: ad0d7d0903cb059b87892a099fe21d7e

Analysis Report
Multiple known evasion, including foreground window change detection, SCSI descriptor, SystemBiosVersion, VMware and VirtualBox driver file check and PhysicalDrive0 device IO 0x2D1400 trick

MD5: 40D19FBA73C6B011814E2C6920E8792F

Analysis Report
Bot / dropper using SystemBiosVersion, VideoBiosVersion, Disk Identifier and PCI devices for VM detection.

MD5: 9437eabf2fe5d32101e3fbf9f6027880

Analysis Report
Simple evasion based on CPU core check. Check is done via PEB-> NumberOfProcessors. Terminates if core count is smaller than 2.

MD5: cbdda646a20d95f078393506ecdc0796

Execution Graph
Very sophisticated evasions based on sandbox overloading (instructions and APIs), hook detection, sample file name check and memory hashing. If an analysis system / sandbox has been detected it encrypts personal files and kills the MBR.

MD5: f504ef6e9a269e354de802872dc5e209

Analysis Report
Sophisticated evasion based on user behavior detection. Watches for mouse pointer moves and window changes. Checks the size of the disk via IOCTL_DISK_GET_DRIVE_GEOMETRY_EX / DeviceIoControl. Terminates if the disk has less than 5000 cylinders.

MD5: 3616a11fa463644fa20d2317c5971378

Analysis Report
Simple evasion based on date check: only executes its payload at a particular year and month. Terminates if the year or month does not match.

MD5: 0AF4EF5069F47A371A0CAF22AE2006A6

Analysis Report
Evasion based on VM detection via Disk/Enum check. Additional evasion based on direct detection of Joe Sandbox with fingerprinting specific software installed on the analysis system. Installed software is enumerated via registry Windows\CurrentVersion\Uninstall key.

MD5: D80E956259C858EACCB53C1AFFAF8141

Analysis Report
Evasion based on VM detection via SetupDiGetClassDevs, SetupDiEnumDeviceInfo and SetupDiGetDeviceRegistryProperty.

MD5: 9fac72a50a7f756d0d3319c686850516

Analysis Report
OSAMiner

SHA256: df550039acad9e637c7c3ec2a629abf8b3f35faca18e58d447f490cf23f114e8

Analysis Report
OSX OceanLotus.F

SHA256: cfa3d506361920f9e1db9d8324dfbb3a9c79723e702d70c3dc8f51825c171420

Analysis Report
FinSpy (FinFisher) commercial trojan

SHA256: 4f3003dd2ed8dcb68133f95c14e28b168bd0f52e5ae9842f528d3f7866495cea

Analysis Report
EvilQuest (ThiefQuest) Ransomware, contains functions related to anti-analysis

SHA256: b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a

Analysis Report
OSX CrescentCore, VM-aware rogue software installer

SHA256: 45eab9f25158b677877a447b052f024c44c80744bcfae59deb660c47a9cbf1ac

Analysis Report
MacOS MacRansom, queries model and CPU count information

MD5: 8fe94843a3e655209c57af587849ac3a

Analysis Report
Black-T TeamTNT using Ezuri Loader

SHA256: 0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df

Analysis Report
Nicro Android Trojan using several evasion techniques

MD5: 7b7064d3876fc3cb1b3593e3c173a1a2

Analysis Report
Cerberus using motion events (accelerator) to trigger payload

MD5: a342b423e0ca57eba3a40311096a4f50

Analysis Report
Evasive Android dropper using native libraries to detect VMs and rooted devices

MD5: f412517d1e386cbd567fbba81d1842fe

Analysis Report
Anubis Loader using motion events (accelerator) to trigger the installation

MD5: d97a63536a7225bb1e788e7c244373dc

Analysis Report
BianLia Trojan / Banker using date evasion and packing

MD5: 0c52aa43d1244c604b5f073f344677d8

Analysis Report
Banking Trojan Dropper with Anti-Emulator and Anti-Sandbox Stub

MD5: cfa7fdb907e9165a9299fb164dda3b90

Analysis Report
Loapi multi Layer unpacking trojan with Mining capabilities

MD5: 3b574b67bf5a80c43e6430d69b72e6ec

Analysis Report
Black-T TeamTNT using Ezuri Loader

SHA256: 0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df

Analysis Report
Metasploit

SHA256: 7793c2fd34248236e83206fdd01b547436e966bcb6cae21adcbf61550b62daea

Analysis Report
Redline

SHA256: a0faa82eeb65dec2d55e0041f18eb27652dafd93dc25e105927303e277cd8df6

Analysis Report
Lokibot

SHA256: 25b6f68e2bf505cfde67c533f5d12e869b30efe831fa82fd91c2c29f59fc77ac

Analysis Report
Dridex

SHA256: 53dfeaa26585a77816d74ce38b16c4b1d3db0cf346d968253eae4797db1ade10

Analysis Report
Hancitor

SHA256: 632752c9d2297bd6b6467bd7b93f10c99716456f31e4bf314794f2ab6aeed0a8

Analysis Report
Formbook

SHA256: bc4765682b3b1250e178d1154cfd56fbe1fb4ac0c8e8346d9e6f3ed6c661907d

Analysis Report
Remcos

SHA256: eb9e13fd092522e4dde08e96961117f9926e3ef70ca3b225f8c388e476541a21

Analysis Report
QBot

SHA256: fff572167e03d2446c8abd0b5ddfe8657692ff07967bdd380881469df7df1484

Analysis Report
NanoCore

SHA256: c4bb3e5a6f33dca9143ede298d37b20c1dd8ab6be22f2544987f53d468e0e815

Analysis Report
Ursnif

SHA256: fd35940bf6701f7d98b39196b19273c86c74757ca2c226cff607fa23df183e03

Analysis Report
AsyncRat

SHA256: 09df870092fdf14100cf041139efcf165933d0d50c6ac8bf06fdf3116f63cfa2

Analysis Report
Amadey

SHA256: b5a399c0ea40983abc68b828ccb14efde2db90c047bbfba9ae418317ce7f036d

Analysis Report
AgentTesla

SHA256: 0b10841226c0d6fb59f308c09309e79d214ca6799ac162c1addd5455d7ef3fd7

Analysis Report
CryLock

SHA256: 6bc21092f49a473b0fd4d1e1a77ce5d7e97e961334764b606b7014710fb75466

Analysis Report
Snake Keylogger

SHA256: b20b1c9c785100e0e18623c7f34843a82e066f0f91af93410654733c9e7e4513

Analysis Report
StrRat

SHA256: b63a342fa88add92fbe34e707de613c1494f08debb6ab0e4dad851b4039dc6e4

Analysis Report
Azorult

SHA256: ba5786cfe255f158264fabd0b0cbf90b6f96ddd230a5fe82ca0c551d420f95be

Analysis Report
CyberGate

SHA256: 61c2d5a213f1b68ef98f2800f02697650ccf28eb38ec07635f0bffcdf18a803a

Analysis Report
DarkComet

SHA256: e3532fb1c9e0c23e6e0b556425bceb08953c97883aacfb347789a3d8dd80099d

Analysis Report
DCRat

SHA256: bf6e3cf654738116a14be298176fc12524154ee51f9a2424fa117ee5b47be53a

Analysis Report
Diamondfox

SHA256: 95b5d0e36464afc8391a9d056926e5859506ead18937669554bde42f7a6d135b

Analysis Report
Emotet

SHA256: 7236c54fca0b5d561a4194766f1b47882c7c44670b2a3952e1474cd4b9025214

Analysis Report
FickerStealer

SHA256: f009a71cf1050cc8c50a9b1accf3e28f174e75eda5f5ebb4764d90baa443aa9c

Analysis Report
GuLoader

SHA256: ec455e6dcab1f953bd685bc9674dbe7e2fbf7afcbef4d731edd9a818048f2227

Analysis Report
Hades Ransomware

SHA256: ea310cc4fd4e8669e014ff417286da5edf2d3bef20abfb0a4f4951afe260d33d

Analysis Report
IcedID

SHA256: 15b65ccfeced9c5ae3359db9d3a0e68ad0201912b65a0578d5dd7a0f7f7b387d

Analysis Report
MassLogger Rat

SHA256: 42b24542fa7aa0e423fe98ae7f4676c3b490d30ef2cbaa68a8ce41ddbe9e4534

Analysis Report
MedusaLocker

SHA256: 4ae110bb89ddcc45bb2c4e980794195ee5eb85b5261799caedef7334f0f57cc4

Analysis Report
NetWire

SHA256: 1dcddce0408092a22c015e183e463020a7231e1f5ca47e71acad4ddcfb0f2385

Analysis Report
njRat

SHA256: bfd5d84c4fed8f9d23f94fe32bb7ee415dbe632c2ebaac642dbfdb73f89d0833

Analysis Report
Quasar Rat

SHA256: 1b12a22d5d562b59030df4697c4157a23766d0b34f9bd17a0ca7374e5a53e28c

Analysis Report
Raccoon Stealer

SHA256: a21b6b2e6336efdfe470806c0d615ede9acacd44ab317ce7e4c59cfb8de1619f

Analysis Report
SmokeLoader

SHA256: d73e37b3ed710e4128e3c76e2f0fd61dbb2fdcddfd8cfa51ffe244fa19433bb2

Analysis Report
Sodinokibi

SHA256: 08c2d24cb9c632f9aa84254bb673c9df04d4ac23ee07e840794e9438b06e9bd2

Analysis Report
TrickBot

SHA256: 7d35c3abef65ed1d81d2f70944db31ba2a8cc703f1ccf8b82ca7b3929b8233e1

Analysis Report
LimeRat

SHA256: a81addf8ad395ae36a617da9fb138337c17941475c1e3f3003d2571c8cb3b84e

Analysis Report
Vidar

SHA256: 84343112791c187d10af9cea8fac68cf4fc03d72352f1fe2def0bf72f9a9afc7

Analysis Report
XpertRat

SHA256: f8e52fa75724eb08c0ec68db6799740ad36c7178b8f0dd7c8b0ee755ff60c653

Analysis Report
Zloader

SHA256: 938f890613dc8526bb828c3de5d5c612b7c13515062fb6ca15f8abc1424f2835