Analysis Reports of Evasive Malware
Latest Analysis Reports of Evasive Malware generated by Joe Sandbox
Cloud 34.0.0
09/05/2022
Analysis Report
Bumblebee Loader with extensive Anti-VM and Anti-Sandbox techniques
SHA256: c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
Cloud 28.0.0
24/01/2022
Analysis Report
Date-aware (<20.1.2020) Cassandra Crypter dropping AgentTesla
MD5: a24c195da4f8a5dee365875b3e3a38a1
Cloud 28.0.0
22/01/2022
Analysis Report
TrickBot Downloader counting total number of processes
MD5: 3e8c58262860fcbce68af93f4a022232
Cloud 33.0.0
14/10/2021
Analysis Report
Evasive GuLoader dropping Formbook, bare metal analysis
ab5135e71815ad27daf57be78754c85d
Cloud 32.0.0
06/04/2021
Analysis Report
Evasive JS dropper checking the video card RAM size via WMI Win32_VideoController.adapterRAM and many additional WMI checks
6cdad3b5ac021d3dbf0fb6159831cdce
Cloud 30.0.0
17/09/2020
Analysis Report
Unknown loader using Instruction Hammering, dropping DarkComet
DDD60E9AE362DEF377AA70D414ED374D
Cloud 30.0.0
17/09/2020
Analysis Report
GuLoader with many evasion, including Instruction Hammering
01a54f73856cfb74a3bbba47bcec227b
Cloud 30.0.0
17/09/2020
Analysis Report
AgentTesla, tries to steal Putty/WinSCP info
MD5: 2689e0bd727c85849f786822b360cd28
Cloud 29.0.0
14/09/2020
Analysis Report
SmoleLoader using various VM detections, CodeIntegrity checks, etc
18b04e2fd804d553d9a35e088193dea7
Cloud 28.0.0
22/04/2020
Analysis Report
AgentTesla loader using RDTSC, CPUID and Win32_BaseBoard VM detection
MD5: 87e74af7016e8a9b9304dc537fa093da
Cloud 28.0.0
24/02/2020
Analysis Report
Azorult, using several tricks to detect sandboxes (desktop resolution, tick count, processes etc)
MD5: ff17014cbb249e173309a9e1251e4574
Cloud 28.0.0
10/12/2019
Analysis Report
Country (Application.LanguageSettings. LanguageID) and filename (ActiveWorkbook.Name) aware VBA dropping Ursnif
MD5: c5e1106f9654a23320132cbc61b3f29d
Cloud 26.0.0
12/08/2019
Analysis Report
FrenchyShellcode Packer with open window check, dropping NJRAT
MD5: 879d9a2c75ee83443a0a913f5dc71b5c
Cloud 26.0.0
12/06/2019
Analysis Report
GetKeyboardLayout - check English / Russian - if yes crash
MD5: 2d1ca86789091f84f0d4f6af9fd5d51d
Cloud 26.0.0
09/05/2019
Analysis Report
Delays execution by executing massive amount of instructions / loops for more than 3 minutes
27cf7e2be6e049b2793ad9f38218eb01
Cloud 25.0.0
21/03/2019
Analysis Report
Malicious document dropping Gozi, NUMBER_OF_PROCESSORS VBA check
MD5: 6f772eb660bc05fc26df86c98ca49abc
Cloud 26.0.0
01/03/2019
Analysis Report
Country aware VBA Macro using GetLocaleInfo
MD5: 6a9eda3eb0bfc222ab46725829faaec7
Cloud 26.0.0
26/02/2019
Analysis Report
Country aware VBA Macro
MD5: aacb83294ca96f6713da83363ffd9804
Cloud 25.0.0
18/01/2019
Analysis Report
Imminent RAT using several anti-debugging and anti-VM evasions
MD5: d6c644512c430cd64965c2259150f371
Cloud 24.0.0
13/12/2018
Analysis Report
Country aware VBA Office Macro
7ffdde19a2ce936c1e1ed92aeb25eb78
Cloud 24.0.0
18/11/2018
Analysis Report
Word Document VBA process name and count check
MD5: cd15a7c3cb1725dc9d21160c26ab9c2e
Cloud 24.0.0
10/10/2018
Analysis Report
Gootkit e-Banking trojan using a whole bunch of anti-analysis and anti-vm techniques
MD5: 0ee40dfb96795b73c6bc1eef31e59356
Cloud 24.0.0
03/10/2018
Analysis Report
Gozi 2.17 using GetLocaleInfo and GetCursorPos evasions
MD5: 7e17f0f35d50f49407841372f24fbd38
Cloud 23.0.0
14/09/2018
Analysis Report
BONDUPDATER using various WMI querys to check for physical hardware (fan, thermal sensors etc)
MD5: ea6321f55ea83e6f2887a2360f8e55b0
Cloud 23.0.0
04/07/2018
Analysis Report
Evasive Backdoor, Time Evasions, Debugger Detection, VM Detection
MD5: 9e3ea995e40b62adae78e93e6b30780c
Cloud 22.0.0
08/05/2018
Analysis Report
Evasive sample using GetKeyboardLayout to target French computers
MD5: fe1214a06ffc40b1ebb524f185894487
Cloud 21.0.0
20/02/2018
Analysis Report
Olympic Destroyer, Wiper malware targeting Olympic Games 2018 in PyeongChang
MD5: f12fc711529b48bcef52c5ca0a52335a
Cloud 21.0.0
08/02/2018
Analysis Report
Elise malware loaded with Sandbox evasion using CVE-2018-0802 for persistence
MD5: f12fc711529b48bcef52c5ca0a52335a
Cloud 21.0.0
27/11/2017
Analysis Report
Retefe using MUILanguages Sandbox evasion trick
MD5: 85fc638bd373af9a95c715bc4f8b97fc
Cloud 20.0.0
09/10/2017
Analysis Report
Sandbox Process DOS / overloading
MD5: 1de07d0af66cfa7b504c2f563d45437b
Cloud 20.0.0
18/09/2017
Analysis Report
CCleaner (signed) infected by unknown malware, IcmpSendEcho evasion
MD5: ef694b89ad7addb9a16bb6f26f1efaf7
Cloud 31.0.0
15/01/2021
Analysis Report
OSAMiner
SHA256: df550039acad9e637c7c3ec2a629abf8b3f35faca18e58d447f490cf23f114e8
Cloud 31.0.0
02/12/2020
Analysis Report
OSX OceanLotus.F
SHA256: cfa3d506361920f9e1db9d8324dfbb3a9c79723e702d70c3dc8f51825c171420
Cloud 30.0.0
28/09/2020
Analysis Report
FinSpy (FinFisher) commercial trojan
SHA256: 4f3003dd2ed8dcb68133f95c14e28b168bd0f52e5ae9842f528d3f7866495cea
Cloud 29.0.0
01/07/2020
Analysis Report
EvilQuest (ThiefQuest) Ransomware, contains functions related to anti-analysis
SHA256: b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
Cloud 26.0.0
16/09/2019
Analysis Report
Nicro Android Trojan using several evasion techniques
MD5: 7b7064d3876fc3cb1b3593e3c173a1a2
Cloud 26.0.0
14/08/2019
Analysis Report
Cerberus using motion events (accelerator) to trigger payload
MD5: a342b423e0ca57eba3a40311096a4f50
Cloud 26.0.0
21/02/2019
Analysis Report
Evasive Android dropper using native libraries to detect VMs and rooted devices
MD5: f412517d1e386cbd567fbba81d1842fe
Cloud 25.0.0
20/01/2019
Analysis Report
Anubis Loader using motion events (accelerator) to trigger the installation
MD5: d97a63536a7225bb1e788e7c244373dc
Cloud 24.0.0
07/11/2018
Analysis Report
BianLia Trojan / Banker using date evasion and packing
MD5: 0c52aa43d1244c604b5f073f344677d8