A forum for reverse engineering, OS internals and malware analysis 

Forum for completed malware requests.
 #30908  by 1984
 Thu Oct 12, 2017 3:42 pm
Hi,
Anyone have the Dubnium/DarkHotel/Inexsmar stage 2 samples:

Dropper
2d14f5057a251272a7586afafe2e1e761ed8e6c0
3d3b60549191c4205c35d3a9656377b82378a047

kernelol21.exe
6ce89ae2f1272e62868440cde00280f055a3a638

kbkernelolUpd.dll
b8ea4b531e120730c26f4720f12ea7e062781012
0ea2ba966953e94034a9d4609da29fcf11adf2d5
926ca36a62d0b520c54b6c3ea7b97eb1c2d203a9
db56f474673233f9b62bef5dbce1be1c74f78625

Source: https://blogs.technet.microsoft.com/mmp ... -analysis/

Thanks!
 #30914  by 1984
 Sat Oct 14, 2017 11:59 am
Thanks Antelox! Because of your help I think I've managed to find some x64 variants with these hashes:

35bb306e4f8a602d28aa859ef6eeb25d0fb3b4c0
326a4a8da7343a7981c735f9c8006f1091b96195

I found them on malwr.com and should be able to download them but their site is broken :( Anyone have these samples?
 #30915  by Antelox
 Sat Oct 14, 2017 12:11 pm
1984 wrote:Thanks Antelox! Because of your help I think I've managed to find some x64 variants with these hashes:

35bb306e4f8a602d28aa859ef6eeb25d0fb3b4c0
326a4a8da7343a7981c735f9c8006f1091b96195

I found them on malwr.com and should be able to download them but their site is broken :( Anyone have these samples?
Find in attach.

BR,

Antelox
Attachments
(157 KiB) Downloaded 19 times