Resubmissions

22-10-2024 02:07

241022-cka1nssfkj 10

General

  • Target

    The-MALWARE-Repo-master.zip

  • Size

    198.8MB

  • MD5

    af60ad5b6cafd14d7ebce530813e68a0

  • SHA1

    ad81b87e7e9bbc21eb93aca7638d827498e78076

  • SHA256

    b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1

  • SHA512

    81314363d5d461264ed5fdf8a7976f97bceb5081c374b4ee6bbea5d8ce3386822d089d031234ddd67c5077a1cc1ed3f6b16139253fbb1b3d34d3985f9b97aba3

  • SSDEEP

    6291456:wNl3aFW2h9/fiTwCzCLS6iilVkLZgAEtknRzq:wDaFd//Orcpi4VkL6AfRG

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Geforce

C2

startitit2-23969.portmap.host:1604

Mutex

b9584a316aeb9ca9b31edd4db18381f5

Attributes
  • reg_key

    b9584a316aeb9ca9b31edd4db18381f5

  • splitter

    Y262SUCZ4UJJ

Extracted

Family

remcos

Version

1.7 Pro

Botnet

Host

C2

nickman12-46565.portmap.io:46565

nickman12-46565.portmap.io:1735

Attributes
  • audio_folder

    audio

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    5

  • copy_file

    Userdata.exe

  • copy_folder

    Userdata

  • delete_file

    true

  • hide_file

    true

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %WinDir%\System32

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %WinDir%\System32

  • mouse_option

    false

  • mutex

    remcos_vcexssuhap

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screens

  • screenshot_path

    %AppData%

  • screenshot_time

    1

  • startup_value

    remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Extracted

Family

revengerat

Botnet

Guest

C2

0.tcp.ngrok.io:19521

Mutex

RV_MUTEX

Signatures

  • Darkcomet family
  • Detects MyDoom family 1 IoCs
  • ModiLoader First Stage 1 IoCs
  • Modiloader family
  • Mydoom family
  • Njrat family
  • Remcos family
  • RevengeRat Executable 1 IoCs
  • Revengerat family
  • Wipelock Android payload 2 IoCs
  • Wipelock family
  • Office macro that triggers on suspicious action 3 IoCs

    Office document macro which triggers in special circumstances - often malicious.

  • Suspicious Office macro 2 IoCs

    Office document equipped with macros.

  • ASPack v2.12-2.42 5 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 1 IoCs
  • Requests dangerous framework permissions 2 IoCs
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 171 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • The-MALWARE-Repo-master.zip
    .zip
  • The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
    .exe windows:5 windows x86 arch:x86

    55b878ec00e988ff206a170cf34b525e


    Headers

    Imports

    Exports

    Sections

  • The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.9d75ff0e9447ceb89c90cca24a1dbec1
    .exe windows:5 windows x86 arch:x86

    8a6c92048eaa4c1652aa6f5807c98199


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.925da3a10f7dde802c8d87047b14fda6
    .exe windows:5 windows x86 arch:x86

    b10a33e794d5d2de180070d9dcc93422


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe.c26203af4b3e9c81a9e634178b603601
    .exe windows:5 windows x86 arch:x86

    5ffc0457395f73c8894dad0221957a8e


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da
    .exe windows:4 windows x86 arch:x86

    33259202a22c25d002be697749eb957e


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.6164228ed2cc0eceba9ce1828d87d827
    .exe windows:5 windows x86 arch:x86

    33c644f9a2df0250eacdf63aa0ff8cca


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.97a26d9e3598fea2e1715c6c77b645c2
    .dll windows:5 windows x64 arch:x64

    817b343ed7ed0348e413bb1c3610278d


    Headers

    Imports

    Exports

    Sections

  • The-MALWARE-Repo-master/Banking-Malware/Emotet.zip
    .zip
  • [email protected]
    .docm .doc office2007

    ThisDocument

    S9zlQCC

    EELFLr

    TrS1jk

    BdOW1qt

    Uq3XXQaF

    EIBYN39s

    V9sPZLU

    pGv5GKCO

    zacGkX9

  • The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
    .xlsm office2007
  • The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
    .elf linux x64
  • The-MALWARE-Repo-master/Botnets/FritzFrog/d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485
    .elf linux x64
  • The-MALWARE-Repo-master/Browser Hijackers/BabylonToolbar.txt
  • The-MALWARE-Repo-master/Email-Worm/Amus.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Anap.a.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Axam.a.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Brontok.exe
    .exe windows:4 windows x86 arch:x86

    87bed5a7cba00c7e1f4015f1bdae2183


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/BubbleBoy.html
    .html .vbs polyglot
  • The-MALWARE-Repo-master/Email-Worm/Bugsoft.exe
    .exe windows:4 windows x86 arch:x86

    c1d24f2dee28c26ad20efbfa66d0d726


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Duksten.exe
    .exe windows:4 windows x86 arch:x86

    b82faf9237e7230cc2fbb2f1421d49bf


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Emin.js
    .js
  • The-MALWARE-Repo-master/Email-Worm/Funsoul.exe
    .exe windows:4 windows x86 arch:x86

    7e088f48d6fe44919b9fd479c903f565


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Gruel.a.exe
    .exe windows:4 windows x86 arch:x86

    5c7433b2a8bfdbd866a519f5ce78aa7b


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Happy99.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/ILOVEYOU.vbs
    .vbs
  • The-MALWARE-Repo-master/Email-Worm/Jer.html
    .vbs
  • The-MALWARE-Repo-master/Email-Worm/Kiray.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Klez.e.exe
    .exe windows:4 windows x86 arch:x86

    bb8a672644c54cc80e980f3e174cf92c


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Lacon.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.c.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.d.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Magistr.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Maldal.a.exe
    .exe windows:4 windows x86 arch:x86

    894499b0c1732ab37b759498faae29f0


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Mari.exe
    .exe windows:4 windows x86 arch:x86

    a8e4f0d33f3923214d437634054c49d4


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/MeltingScreen.exe
    .exe windows:4 windows x86 arch:x86

    f90f100c81647f834881cf7cd9e90bd4


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Merkur.exe
    .exe windows:4 windows x86 arch:x86

    4bd626f0fb8783b032a014d7ac172308


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/MsWorld.exe
    .exe windows:4 windows x86 arch:x86

    ce3cbbc1ba1365b2d3ecb9bef12f75b8


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/MyDoom.A.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/MyPics.a.exe
    .exe windows:4 windows x86 arch:x86

    a629f7d0ee066a263e62530ec4b91a16


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/NakedWife.exe
    .exe windows:4 windows x86 arch:x86

    ef6ce2f3d3b25e70f65cfafcb2c7b01e


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/NewLove.vbs
    .vbs
  • The-MALWARE-Repo-master/Email-Worm/Nyxem.E.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Pikachu.exe
    .exe windows:4 windows x86 arch:x86

    cf991f1d207b1a6b956f57f38b2aaa2f


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Pleh.vbs
    .vbs
  • The-MALWARE-Repo-master/Email-Worm/Prolin.exe
    .exe windows:4 windows x86 arch:x86

    b08f58ddcb14d10ef626790a3370327a


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Quamo.exe
    .exe windows:4 windows x86 arch:x86

    c3520ffe4db9de8477f08791726150fa


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/San.html
  • The-MALWARE-Repo-master/Email-Worm/Scare.hta
    .html .vbs polyglot
  • The-MALWARE-Repo-master/Email-Worm/Silver/Silver.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Trood.a.exe
    .exe windows:1 windows x86 arch:x86

    ad3ae4b62b30da87ef6c4e1607fc331b


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/White.a.exe
    .exe windows:4 windows x86 arch:x86

    ff441998bbcbf92dd625ab527152cc7a


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Winevar.exe
    .exe windows:4 windows x86 arch:x86

    82e832e5393272a459a250927a9159b2


    Code Sign

    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Xanax.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/Yarner.a.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Email-Worm/ZippedFiles.a.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Joke/Avoid.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Joke/ChilledWindows.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Joke/CookieClickerHack.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Joke/CrazyNCS.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Joke/Curfun.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Joke/DesktopBoom.exe
    .exe windows:5 windows x64 arch:x64

    fa0fefa75ede330fe4795beb6fd19632


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Joke/Flasher.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Joke/Hydra.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Joke/Launcher.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Joke/Melting.exe
    .exe windows:6 windows x64 arch:x64

    5960e4006cf3e48c7ac35cbf00addbb1


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Joke/Popup.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Joke/ScreenScrew.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Joke/Time.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Joke/Trololo.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Joke/Vista.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Joke/Windows-KB2670838.msu.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Joke/WindowsUpdate.exe
    .exe windows:5 windows x86 arch:x86

    0dc8590769efaccd25273172540c1f5c


    Headers

    Imports

    Exports

    Sections

  • The-MALWARE-Repo-master/Joke/YouAreAnIdiot/EXEVersion/AxInterop.ShockwaveFlashObjects.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Joke/YouAreAnIdiot/EXEVersion/Interop.ShockwaveFlashObjects.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Joke/YouAreAnIdiot/EXEVersion/README.md
  • The-MALWARE-Repo-master/Joke/YouAreAnIdiot/EXEVersion/YouAreAnIdiot.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Joke/YouAreAnIdiot/WebsiteSourceCode/README.md
  • The-MALWARE-Repo-master/Joke/YouAreAnIdiot/WebsiteSourceCode/images/idiot.png
    .png
  • The-MALWARE-Repo-master/Joke/YouAreAnIdiot/WebsiteSourceCode/index.html
    .html
  • The-MALWARE-Repo-master/Joke/YouAreAnIdiot/WebsiteSourceCode/lol.html
    .html
  • The-MALWARE-Repo-master/Joke/YouAreAnIdiot/WebsiteSourceCode/scripts/you.js
    .js
  • The-MALWARE-Repo-master/Joke/rickroll.exe
    .exe windows:4 windows x64 arch:x64

    bbc688f6bd59bb892f8a70a2538f3765


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Net-Worm/Blaster/Blaser.C.sourcecode.txt
  • The-MALWARE-Repo-master/Net-Worm/Blaster/Blaster.A.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Net-Worm/Blaster/Blaster.E.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Net-Worm/CodeRed.a.exe
  • The-MALWARE-Repo-master/Net-Worm/EternalRocks.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Net-Worm/Kolabc/Kobalc.exe
    .exe windows:4 windows x86 arch:x86

    9c90719a27a63779cb01064a4dc4ad66


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Net-Worm/Loveware.txt
  • The-MALWARE-Repo-master/Net-Worm/Opaserv.l.exe
    .exe windows:1 windows x86 arch:x86

    598a9f449f493abc9b35793763fb5cb5


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Net-Worm/Rahack/Rahack.exe
    .exe windows:4 windows x86 arch:x86

    4ead0f2d0ef5507d449023bba7c950f0


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Net-Worm/Sasser/Sasser.A.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Net-Worm/Sasser/Sasser.B.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Net-Worm/Sasser/Sasser.c.sourcecode.txt
  • The-MALWARE-Repo-master/Pony/metrofax.doc
    .doc windows office2003

    ThisDocument

    Module1

  • The-MALWARE-Repo-master/RAT/Adwind.exe
    .jar
  • The-MALWARE-Repo-master/RAT/Blackkomet.exe
    .exe windows:4 windows x86 arch:x86

    3b163548c984476f39d30c2f21df2b6c


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/RAT/CobaltStrike.doc
    .docm .doc office2007
  • The-MALWARE-Repo-master/RAT/CrimsonRAT.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/RAT/NJRat.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/RAT/NetWire.doc
    .doc windows office2003

    ThisDocument

    HauteGaronne

  • The-MALWARE-Repo-master/RAT/NetWire.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/RAT/Remcos.exe
    .exe windows:4 windows x86 arch:x86

    d3a62971944197f0701c7049a9c739d1


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/RAT/RevengeRAT.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/RAT/VanToM-Rat.bat
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/RAT/WarzoneRAT.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/README.md
  • The-MALWARE-Repo-master/Ransomware/$uckyLocker.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/7ev3n.exe
    .exe windows:6 windows x86 arch:x86

    008aca28b7c001acc5e0ab32fabaad84


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Annabelle.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • The-MALWARE-Repo-master/Ransomware/BadRabbit.exe
    .exe windows:5 windows x86 arch:x86

    e3bda9df66f1f9b2b9b7b068518f2af1


    Code Sign

    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Birele.exe
    .exe windows:10 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:10 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Ransomware/Cerber5.exe
    .exe windows:5 windows x86 arch:x86

    604de9c4534997ea4f32f86753fab871


    Code Sign

    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/CoronaVirus.exe
    .exe windows:5 windows x86 arch:x86

    d761cb0531b62176dc524988b5963190


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/CryptoLocker.exe
    .exe windows:5 windows x86 arch:x86

    7e8ad4139efc6cbcf31df3bc4b291dd8


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/CryptoWall.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Ransomware/DeriaLock.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Dharma.exe
    .exe windows:5 windows x86 arch:x86

    ae9f6a32bb8b03dce37903edbc855ba1


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Fantom.exe
    .exe windows:5 windows x86 arch:x86

    bf5a4aa99e5b160f8521cadd6bfe73b8


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/GandCrab.exe
    .exe windows:5 windows x86 arch:x86

    c2cfbc92b2194678c2499ed455f524c4


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/GoldenEye/GoldenEye.exe
    .exe windows:5 windows x86 arch:x86

    eadbe699c9f56194b9bbdf2dd7631233


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/GoldenEye/GoldenEye.js
    .js
  • The-MALWARE-Repo-master/Ransomware/InfinityCrypt.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Krotten.exe
    .exe windows:4 windows x86 arch:x86

    79fd079e9d3e0619831be2cf92afa94a


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Locky.AZ.exe
    .dll windows:5 windows x86 arch:x86

    69161fad7896fa3f6cbd1db55bbf9f44


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/NoMoreRansom.exe
    .exe windows:5 windows x86 arch:x86

    f4aae2cc8a2971ab9714645e85b7edb6


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/NotPetya.exe
    .exe windows:5 windows x86 arch:x86

    ab8fd60b3da01515e6706e8d122c633f


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/PetrWrap
    .exe windows:5 windows x86 arch:x86

    90cfb770dd8b0646a46fc541c93185a2


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Petya.A.exe
    .exe windows:5 windows x86 arch:x86

    1a63922d5931d1bb8ca5188313f78eaa


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/PolyRansom.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Ransomware/PowerPoint.exe
    .exe windows:4 windows x86 arch:x86

    91b2790c505bbe69e215e722d884b1b4


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/RedBoot.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Ransomware/RedEye.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Rensenware.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Rokku.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Ransomware/Satana.exe
    .exe windows:5 windows x86 arch:x86

    a3bc0305643e7601d6deca72652f4ab5


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Seftad.exe
    .exe windows:5 windows x86 arch:x86

    45f43067991f331f7e6d9d92f382f3ef


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/SporaRansomware.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Ransomware/UIWIX.exe
    .dll windows:5 windows x86 arch:x86

    1743a5b9816a58c2129527a62802cc12


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/ViraLock.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Ransomware/WannaCry.exe
    .exe windows:4 windows x86 arch:x86

    e858a14f217810d78466806d95d7fceb


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/WannaCrypt0r.exe
    .exe windows:4 windows x86 arch:x86

    68f013d7437aa653a8a98a05807afeb1


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/WinlockerVB6Blacksod.exe
    .exe windows:5 windows x86 arch:x86

    fdc840a7a99c43c34a60188ec8cc1596


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Ransomware/Xyeta.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Ransomware/satan.exe
    .exe windows:5 windows x86 arch:x86

    65e9607e6f28a7852bb41a6e2e439a92


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Spyware/AgentTesla.exe
    .exe windows:4 windows x86 arch:x86

    7eae418c7423834ffc3d79b4300bd6fb


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Spyware/HawkEye.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Spyware/Kakwa.doc
    .doc windows office2003

    ThisDocument

    qpnyeziw

  • The-MALWARE-Repo-master/Spyware/The Worst Of All!!!!!!/BonziBUDDY!!!!!!.txt
  • The-MALWARE-Repo-master/Spyware/butterflyondesktop.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Stealer/Azorult.exe
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Stealer/Lokibot.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/000.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/Alerta.exe
    .exe windows:4 windows x86 arch:x86

    c39355e1601f83c72a018b3ad2696dd1


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/Ana.exe
    .exe windows:5 windows x86 arch:x86

    9222d372923baed7aa9dfa28449a94ea


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/ArcticBomb.exe
    .exe .ps1 windows:1 windows x86 arch:x86 polyglot


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/BlueScreen.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/Bolbi.vbs
    .vbs
  • The-MALWARE-Repo-master/Trojan/BonziKill.txt
  • The-MALWARE-Repo-master/Trojan/Carewmr.vbs
    .vbs
  • The-MALWARE-Repo-master/Trojan/ClassicShell.exe
    .exe windows:4 windows x86 arch:x86

    b32daf0bb9b8128e4ceae88e93d599b4


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/ColorBug.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/DesktopPuzzle.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/DudleyTrojan.bat
  • The-MALWARE-Repo-master/Trojan/FlashKiller.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/Frankenstein.doc
    .docx .doc office2007
  • The-MALWARE-Repo-master/Trojan/FreeYoutubeDownloader.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/Gas.exe
    .exe windows:4 windows x86 arch:x86

    a4612e61d5811cd19794dfc9a128cf40


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/Grave.apk
    .apk android

    sec.blackhole.grave

    Basic


  • The-MALWARE-Repo-master/Trojan/HMBlocker.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/IconDance.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/Illerka.C.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/L0Lz.bat
    .bat .vbs
  • The-MALWARE-Repo-master/Trojan/LoveYou.exe
    .exe windows:4 windows x86 arch:x86

    56274713084726aa842dbd98398ad8e9


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/MEMZ.exe
    .exe windows:5 windows x86 arch:x86

    52753d226ff5a8a88caf9829928cd5d1


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/Malum.apk
    .apk android arch:arm

    sec.blackhole.malum

    com.smartphoneremote.androidscriptfree.AndroidScriptFree


  • The-MALWARE-Repo-master/Trojan/Mist/MistInfected_newest.exe
    .exe windows:5 windows x86 arch:x86

    f16f2f4b135561f684f02752de19ea33


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/Mist/MistInstaller.exe
    .exe windows:5 windows x86 arch:x86

    2e66f0419297ddafdf3c94b316590cf3


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/Mist/MistInstallerRC.exe
    .exe windows:5 windows x86 arch:x86

    2e66f0419297ddafdf3c94b316590cf3


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/Mobile_Legends_Adventure.apk
    .apk android arch:arm

    com.moonton.mobilehero

    com.smartphoneremote.androidscriptfree.AndroidScriptFree


  • The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe
    .exe windows:4 windows x86 arch:x86

    d7ee0bec939bda9b20c9cb9dcb985e30


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/MrsMajors/MrsMajor2.0.7z
    .7z
  • The-MALWARE-Repo-master/Trojan/MrsMajors/MrsMajor3.0.exe
    .exe windows:4 windows x64 arch:x64

    167fe7dad034e11847397d501baf6f5e


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/Nostart.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/Offiz.js
    .html .js polyglot
  • The-MALWARE-Repo-master/Trojan/PCToaster.exe
    .exe windows:4 windows x86 arch:x86

    6011984d7c1f1b97a34d7517a498bff8


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/Sevgi.a.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/Spark/NETFramework.exe
    .exe windows:5 windows x86 arch:x86

    9b2f6a441f9ff8df98ae6e9e6b5d4271


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • The-MALWARE-Repo-master/Trojan/Spark/Spark.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/TaskILL.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/VeryFun.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Trojan/Whiter.a.exe
    .exe windows:4 windows x86 arch:x86

    be34509930ba722487a8c6d61a92740b


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/WindowsXPHorrorEdition.txt
  • The-MALWARE-Repo-master/Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.6614978ab256f922d7b6dbd7cc15c6136819f4bcfb5a0fead480561f0df54ca6
    .macho macos arch:x64
  • The-MALWARE-Repo-master/Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.6fa938770e83ef2e177e8adf4a2ea3d2d5b26107c30f9d85c3d1a557db2aed41
    .scpt macos
  • The-MALWARE-Repo-master/Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.ac3467a04eeb552d92651af1187bdc795100ea77a7a1ac755b4681c654b54692
    .macho macos arch:x64
  • The-MALWARE-Repo-master/Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.d11a549e6bc913c78673f4e142e577f372311404766be8a3153792de9f00f6c1
    .macho macos arch:x64
  • The-MALWARE-Repo-master/Trojan/Zika.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Trojan/elite.apk
    .apk android

    com.elite

    com.elite.MainActivity


  • The-MALWARE-Repo-master/Trojan/mobelejen.apk
    .apk android

    com.elite

    com.elite.MainActivity


  • The-MALWARE-Repo-master/Trojan/vi4a.apk
    .apk android

    com.google.android.virus

    VirusActivity


  • The-MALWARE-Repo-master/Virus/Floxif/Floxif.exe
    .exe windows:5 windows x86 arch:x86

    1e8d1e12f2998c7db1084028a8a4301b


    Code Sign

    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Virus/Gnil/Gnil.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe
    .exe windows:5 windows x86 arch:x86

    e1d4718531a779a8d41d1fd888af078f


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Virus/MadMan.exe
  • The-MALWARE-Repo-master/Virus/Melissa.doc
    .doc windows office2003

    Melissa

  • The-MALWARE-Repo-master/Virus/Walker.com
  • The-MALWARE-Repo-master/Virus/WinNuke.98.exe
    .exe windows:4 windows x86 arch:x86

    e85cb1c4db79eee3be998741daba934f


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
    .exe windows:5 windows x86 arch:x86

    09d0478591d4f788cb3e5ea416c25237


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Virus/Xpaj/xpajB.exe
    .exe windows:5 windows x86 arch:x86

    1dca2dbd3757a754f369f518971d3efd


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Worm/Bezilom.exe
    .exe windows:4 windows x86 arch:x86

    b7c9dd8c9515b52e829c06d7bd1a8abd


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Worm/Blaster/607B60AD512C50B7D71DCCC057E85F1C
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Worm/Blaster/8676210e6246948201aa014db471de90
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Worm/Blaster/8a17f336f86e81f04d8e66fa23f9b36a
    .exe windows:4 windows x86 arch:x86

    55f775002d37cd090cacd2bebf5b38b3


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Worm/Blaster/DComExploit.exe.vir
    .exe windows:4 windows x86 arch:x86

    98bcb584699a3ea299d702533683480b


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Worm/Blaster/SANS_ Malware FAQ_ What is W32_Blaster worm_.mht
    .eml
  • The-MALWARE-Repo-master/Worm/Blaster/dcom.c
  • The-MALWARE-Repo-master/Worm/Bumerang.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Worm/Fagot.a.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Worm/HeadTail.vbs
    .vbs
  • The-MALWARE-Repo-master/Worm/Heap41A.exe
    .exe windows:4 windows x86 arch:x86

    87b324a67e18fb2e1d12308b06fa8d4f


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Worm/Mantas.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Worm/NadIote/Nadlote.exe
    .exe windows:4 windows x86 arch:x86

    8341ec2aab5b3fa99f8ce8cc79f28046


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Worm/Netres.a.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • The-MALWARE-Repo-master/Worm/Nople.exe
    .exe windows:4 windows x86 arch:x86

    b04e357a82199319e8bee33e2692d728


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/Worm/Vobfus/Vobus.exe
    .exe windows:4 windows x86 arch:x86

    b535cff87ac36db4c7b869641d38ecd0


    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/rogues/AdwereCleaner.exe
    .exe windows:4 windows x86 arch:x86

    e160ef8e55bb9d162da4e266afd9eef3


    Code Sign

    Headers

    Imports

    Sections

  • The-MALWARE-Repo-master/rogues/SpySheriff.exe
    .exe windows:4 windows x86 arch:x86

    cec2c227b9e0861ec652edd924199b35


    Headers

    Imports

    Sections