Attachments
(172.17 KiB) Downloaded 15 times
A forum for reverse engineering, OS internals and malware analysis
ikolor wrote: ↑Mon Feb 18, 2019 5:33 pm thanksGeodo/Emotet doc downloader
https://www.virustotal.com/en/file/c87e ... 550511084/
ikolor wrote: ↑Wed Feb 20, 2019 1:46 pm Thanks you buddyShade/Troldesh ransomware js downloader:
https://www.virustotal.com/en/file/130b ... 550670320/
ikolor wrote: ↑Mon Feb 25, 2019 8:58 pm next ..The JS drops a zip (MD5: f309252a5f81c59e6ff2fd91f6c541dd) which contains a scr file (MD5: 26e3954ea1e29b171f592bcf81e6dd60) which belongs to the DarkComet RAT.
https://www.virustotal.com/en/file/e756 ... 551128265/
winningstar.ddns.net:5592
ikolor wrote: ↑Fri Mar 01, 2019 5:27 pm next ..It's CVE-2017-11882 exploit, downloads exe from this page:
https://www.virustotal.com/en/file/9ec0 ... 551461174/
hxxp://chukwu.gq/bin/winlogon.exe
hxxp://bitechsolutions.org/bin/PO2241.doc