Analysis Report
INC Ransomware
SHA256: d1e0cac795c8f8ef7080d0c96f0240ea18f15d56ee5a17bb6595af01aa641e11
Analysis Report
Bumblebee Loader with extensive Anti-VM and Anti-Sandbox techniques
SHA256: c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
Analysis Report
Date-aware (<20.1.2020) Cassandra Crypter dropping AgentTesla
MD5: a24c195da4f8a5dee365875b3e3a38a1
Analysis Report
TrickBot Downloader counting total number of processes
MD5: 3e8c58262860fcbce68af93f4a022232
Analysis Report
Evasive GuLoader dropping Formbook, bare metal analysis
ab5135e71815ad27daf57be78754c85d
Analysis Report
Evasive JS dropper checking the video card RAM size via WMI Win32_VideoController.adapterRAM and many additional WMI checks
6cdad3b5ac021d3dbf0fb6159831cdce
Analysis Report
Unknown loader using Instruction Hammering, dropping DarkComet
DDD60E9AE362DEF377AA70D414ED374D
Analysis Report
AgentTesla, tries to steal Putty/WinSCP info
MD5: 2689e0bd727c85849f786822b360cd28
Analysis Report
GuLoader with many evasion, including Instruction Hammering
01a54f73856cfb74a3bbba47bcec227b
Analysis Report
SmoleLoader using various VM detections, CodeIntegrity checks, etc
18b04e2fd804d553d9a35e088193dea7
Analysis Report
AgentTesla loader using RDTSC, CPUID and Win32_BaseBoard VM detection
MD5: 87e74af7016e8a9b9304dc537fa093da
Analysis Report
Azorult, using several tricks to detect sandboxes (desktop resolution, tick count, processes etc)
MD5: ff17014cbb249e173309a9e1251e4574
Analysis Report
Country (Application.LanguageSettings. LanguageID) and filename (ActiveWorkbook.Name) aware VBA dropping Ursnif
MD5: c5e1106f9654a23320132cbc61b3f29d
Analysis Report
FrenchyShellcode Packer with open window check, dropping NJRAT
MD5: 879d9a2c75ee83443a0a913f5dc71b5c
Analysis Report
GetKeyboardLayout - check English / Russian - if yes crash
MD5: 2d1ca86789091f84f0d4f6af9fd5d51d
Analysis Report
Delays execution by executing massive amount of instructions / loops for more than 3 minutes
27cf7e2be6e049b2793ad9f38218eb01
Analysis Report
Malicious document dropping Gozi, NUMBER_OF_PROCESSORS VBA check
MD5: 6f772eb660bc05fc26df86c98ca49abc
Analysis Report
Country aware VBA Macro using GetLocaleInfo
MD5: 6a9eda3eb0bfc222ab46725829faaec7
Analysis Report
Country aware VBA Macro
MD5: aacb83294ca96f6713da83363ffd9804
Analysis Report
Imminent RAT using several anti-debugging and anti-VM evasions
MD5: d6c644512c430cd64965c2259150f371
Analysis Report
Country aware VBA Office Macro
7ffdde19a2ce936c1e1ed92aeb25eb78
Analysis Report
Word Document VBA process name and count check
MD5: cd15a7c3cb1725dc9d21160c26ab9c2e
Analysis Report
Gootkit e-Banking trojan using a whole bunch of anti-analysis and anti-vm techniques
MD5: 0ee40dfb96795b73c6bc1eef31e59356
Analysis Report
Gozi 2.17 using GetLocaleInfo and GetCursorPos evasions
MD5: 7e17f0f35d50f49407841372f24fbd38
Analysis Report
BONDUPDATER using various WMI querys to check for physical hardware (fan, thermal sensors etc)
MD5: ea6321f55ea83e6f2887a2360f8e55b0
Analysis Report
Evasive Backdoor, Time Evasions, Debugger Detection, VM Detection
MD5: 9e3ea995e40b62adae78e93e6b30780c
Analysis Report
Evasive sample using GetKeyboardLayout to target French computers
MD5: fe1214a06ffc40b1ebb524f185894487
Analysis Report
Olympic Destroyer, Wiper malware targeting Olympic Games 2018 in PyeongChang
MD5: f12fc711529b48bcef52c5ca0a52335a
Analysis Report
Elise malware loaded with Sandbox evasion using CVE-2018-0802 for persistence
MD5: f12fc711529b48bcef52c5ca0a52335a
Analysis Report
Retefe using MUILanguages Sandbox evasion trick
MD5: 85fc638bd373af9a95c715bc4f8b97fc
Analysis Report
Sandbox Process DOS / overloading
MD5: 1de07d0af66cfa7b504c2f563d45437b
Analysis Report
CCleaner (signed) infected by unknown malware, IcmpSendEcho evasion
MD5: ef694b89ad7addb9a16bb6f26f1efaf7
Analysis Report
OSAMiner
SHA256: df550039acad9e637c7c3ec2a629abf8b3f35faca18e58d447f490cf23f114e8
Analysis Report
OSX OceanLotus.F
SHA256: cfa3d506361920f9e1db9d8324dfbb3a9c79723e702d70c3dc8f51825c171420
Analysis Report
FinSpy (FinFisher) commercial trojan
SHA256: 4f3003dd2ed8dcb68133f95c14e28b168bd0f52e5ae9842f528d3f7866495cea
Analysis Report
EvilQuest (ThiefQuest) Ransomware, contains functions related to anti-analysis
SHA256: b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
Analysis Report
Nicro Android Trojan using several evasion techniques
MD5: 7b7064d3876fc3cb1b3593e3c173a1a2
Analysis Report
Cerberus using motion events (accelerator) to trigger payload
MD5: a342b423e0ca57eba3a40311096a4f50
Analysis Report
Evasive Android dropper using native libraries to detect VMs and rooted devices
MD5: f412517d1e386cbd567fbba81d1842fe
Analysis Report
Anubis Loader using motion events (accelerator) to trigger the installation
MD5: d97a63536a7225bb1e788e7c244373dc
Analysis Report
BianLia Trojan / Banker using date evasion and packing
MD5: 0c52aa43d1244c604b5f073f344677d8