2017年5月17日水曜日

Malware dropped by RIG(2017 Feb-Apr)

These are malware that I drop on RIG which I observed between February and April.
I do not know how trustworthy it is, but some malware is compiled just before tampering.
Some families have older compile times.

EITest

familyfound_time(JST)compile timetweetVirus TotalHybrid Analysisreference
Dreambot2017/02/23 8:112017:02:23 01:44:03+01:00https://twitter.com/nao_sec/status/834574645848272897https://www.virustotal.com/en-gb/file/a51f24f534c3db9851fc3bea661c8b1aead926eba918c722d58a31693defb13a/analysis/https://www.hybrid-analysis.com/sample/a51f24f534c3db9851fc3bea661c8b1aead926eba918c722d58a31693defb13ahttp://www.malware-traffic-analysis.net/2017/02/23/index.html
Ursnif2017/02/27 (2017/02/25 5:26)2017:02:26 06:20:43+01:00https://twitter.com/nao_sec/status/835681676185382912https://www.virustotal.com/en-gb/file/cec0a5b62eab199796b0b1f2732f40d70c7a7ad47a1bbe508e69a33528f7d4e5/analysis/https://www.hybrid-analysis.com/sample/cec0a5b62eab199796b0b1f2732f40d70c7a7ad47a1bbe508e69a33528f7d4e5http://www.malware-traffic-analysis.net/2017/02/27/index.html
CryptoShield2017/02/27 1:222017:02:28 11:32:32+01:00https://twitter.com/nao_sec/status/835889445735817217https://www.virustotal.com/en-gb/file/177782be48ed39b66a70c51f592f0b3ac31a8aefe5f809eb45ee9d8bb18c2946/analysis/https://www.hybrid-analysis.com/sample/177782be48ed39b66a70c51f592f0b3ac31a8aefe5f809eb45ee9d8bb18c2946http://www.malware-traffic-analysis.net/2017/02/28/index.html
Cerber2017/03/18 3:072014:09:11 08:28:00+01:00https://www.virustotal.com/en-gb/file/409a71c97dee87fbafa63e8d9025f63e7eb21dce3239b4952296db217a744264/analysis/https://www.hybrid-analysis.com/sample/409a71c97dee87fbafa63e8d9025f63e7eb21dce3239b4952296db217a744264http://www.malware-traffic-analysis.net/2017/03/20/index.html
Spora matrix2017/04/06 11:112012:07:26 15:06:56+01:00 2014:09:11 08:28:00+01:00https://www.virustotal.com/en-gb/file/1809aa1e4d1ed14722417ee284cea229fac1c09b8c14434f7e1b2ea8547c5aeb/analysis/https://www.hybrid-analysis.com/sample/1809aa1e4d1ed14722417ee284cea229fac1c09b8c14434f7e1b2ea8547c5aebhttp://www.malware-traffic-analysis.net/2017/04/07/index.html
matrix2017/04/082017:04:08 04:32:16+01:00https://www.virustotal.com/en-gb/file/efa729e2537a939a2c5e0acc81a99419d7477b6ab5fd4089bd85fd85087c9bcc/analysis/https://www.hybrid-analysis.com/sample/efa729e2537a939a2c5e0acc81a99419d7477b6ab5fd4089bd85fd85087c9bcchttp://www.malware-traffic-analysis.net/2017/04/07/index.html
matrix2017/04/082017:04:08 04:32:16+01:00https://www.virustotal.com/en-gb/file/1ec63d6d3d85b014e743d291c79d5d350e13167a0343873e8303098e74c72557/analysis/https://www.hybrid-analysis.com/sample/1ec63d6d3d85b014e743d291c79d5d350e13167a0343873e8303098e74c72557
matrix2017/04/082017:04:08 04:19:19+01:00https://www.virustotal.com/en-gb/file/7aeaec6fa2ac8a5d4b9f0de78c39ba978b9b3f39ad422b12d567ed730a54be47/analysis/https://www.hybrid-analysis.com/sample/7aeaec6fa2ac8a5d4b9f0de78c39ba978b9b3f39ad422b12d567ed730a54be47
QuantLoader Spora2017/04/15 0:582016:03:09 11:15:32+01:00  2015:10:19 04:22:40+01:00https://www.virustotal.com/en-gb/file/f63e5ca44a32340c975bf5613b1cfd2202762e4a42f1f21deb71de18894b9304/analysis/
https://www.virustotal.com/en-gb/file/2181633d9bdb10fd4420a6aef5d5fa9e9a69ab7de4e99063ae44716188e394e1/analysis/
https://www.hybrid-analysis.com/sample/f63e5ca44a32340c975bf5613b1cfd2202762e4a42f1f21deb71de18894b9304https://www.hybrid-analysis.com/sample/2181633d9bdb10fd4420a6aef5d5fa9e9a69ab7de4e99063ae44716188e394e1http://www.malware-traffic-analysis.net/2017/04/15/index.html
QuantLoader Spora2017/04/16(2017/04/05 7:56)2017:02:26 02:21:55+01:00 2021:01:27 12:31:12+01:00https://www.virustotal.com/en-gb/file/26134f16143eb1d5fc2a13f51929166db18a9e04ea381a9bd23cabea24508879/analysis/
 https://www.virustotal.com/en-gb/file/8a2eafed0b59841f76b0c23bddeb9e3cadfebba4c04a7d24694273642ffec109/analysis/
https://www.hybrid-analysis.com/sample/26134f16143eb1d5fc2a13f51929166db18a9e04ea381a9bd23cabea24508879https://www.hybrid-analysis.com/sample/8a2eafed0b59841f76b0c23bddeb9e3cadfebba4c04a7d24694273642ffec109http://www.malware-traffic-analysis.net/2017/04/16/index.html
Spora2017/4/18(2017/04/07 22:51:00)2015:10:19 04:22:40+01:00https://twitter.com/nao_sec/status/837500077107113984https://www.virustotal.com/en-gb/file/bab239409230dac6733cd1492b154dbdd83e2dffc38e4d95bafdec98554c11ab/analysis/https://www.hybrid-analysis.com/sample/bab239409230dac6733cd1492b154dbdd83e2dffc38e4d95bafdec98554c11abhttp://malware-traffic-analysis.net/2017/04/18/index.html
mole2017/04/26 10:212017:04:25 20:59:52+01:00https://twitter.com/nao_sec/status/857042029141819393https://www.virustotal.com/en-gb/file/ca6624ec06c043bf9624260a7b6f437cf7c29d5909306ebd7972f113e4834ec3/analysis/https://www.hybrid-analysis.com/sample/ca6624ec06c043bf9624260a7b6f437cf7c29d5909306ebd7972f113e4834ec3
QuantLoader2017/04/26 13:282017:04:23 15:26:57+01:00https://twitter.com/nao_sec/status/857088936786747392https://www.virustotal.com/en-gb/file/7546df1244096b3c70f7f5da33d367ce43bf4bfd397568a4adf51a23fa3cd0af/analysis/https://www.hybrid-analysis.com/sample/7546df1244096b3c70f7f5da33d367ce43bf4bfd397568a4adf51a23fa3cd0af
mole2017/04/27 14:282017:04:26 21:08:06+01:00https://twitter.com/nao_sec/status/857466502840057856https://www.virustotal.com/en-gb/file/57d65f730b3a1d67679ea722cdb562a9e161b11cdf993ef773271589895a3572/analysis/https://www.hybrid-analysis.com/sample/57d65f730b3a1d67679ea722cdb562a9e161b11cdf993ef773271589895a3572
mole2017/04/28 14:402017:04:27 20:36:35+01:00https://twitter.com/nao_sec/status/857831871077470208https://www.virustotal.com/en-gb/file/2cb9d2943e81b990ec737eced2e49ec556cec22c21ecc7027347485b32e63d36/analysis/https://www.hybrid-analysis.com/sample/2cb9d2943e81b990ec737eced2e49ec556cec22c21ecc7027347485b32e63d36
mole2017/04/28 22:562017:04:28 11:54:17+01:00https://twitter.com/nao_sec/status/857956617706274816https://www.virustotal.com/en-gb/file/4ee80172598ec7826ad82d4a94c2816b079f9d0557b12d2702eed1365306ebec/analysis/https://www.hybrid-analysis.com/sample/4ee80172598ec7826ad82d4a94c2816b079f9d0557b12d2702eed1365306ebec

pseudoDarkleech

familyfound_time(JST)compile timetweetVirus TotalHybrid Analysisreference
Cerber2017/02/22 14:392016:04:03 21:18:59+01:00https://twitter.com/nao_sec/status/834277482446532608https://www.virustotal.com/en-gb/file/009cba636ff7b220efb4d24783e77af2471052ffd17fd3d721d84b82ba348af3/analysis/https://www.hybrid-analysis.com/sample/009cba636ff7b220efb4d24783e77af2471052ffd17fd3d721d84b82ba348af3http://www.malware-traffic-analysis.net/2017/02/22/index.html
Cerber2017/02/27 0:312016:04:03 21:18:53+01:00https://twitter.com/nao_sec/status/838535748538097665https://www.virustotal.com/en-gb/file/f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46ef/analysis/https://www.hybrid-analysis.com/sample/f7124736a95c472f4c98835786daccdbe751bbd0da4cb500fa0b35d7700d46efhttp://www.malware-traffic-analysis.net/2017/02/27/index.html
Cerber2017/03/20 1:082014:10:07 05:40:10+01:00https://twitter.com/nao_sec/status/834574488230506496https://www.virustotal.com/en-gb/file/1c693f3448d0bd9f300f9f8d752f50db352aea7a8c1961f369291d8e6010fd0d/analysis/https://www.hybrid-analysis.com/sample/1c693f3448d0bd9f300f9f8d752f50db352aea7a8c1961f369291d8e6010fd0dhttp://www.malware-traffic-analysis.net/2017/03/20/index2.html

GoodMan

0 件のコメント:

コメントを投稿