Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #adwind #evasive observations of samples on Hybrid Analysis
- 12/12/2017
- PAYMENT SLIP.jar
- sha256 c6380012717fa4bb419318dc328daa2a4fe7f39352bd1372f69e2ec19a918e56
- https://www.reverse.it/sample/c6380012717fa4bb419318dc328daa2a4fe7f39352bd1372f69e2ec19a918e56?
- environmentId=100
- process hierarchy
- [ javaw.exe -> java.exe -> cmd.exe -> cscript.exe Retrivexxxx.vbs , xcopy.exe , reg.exe, attrib.exe, wmic.exe]
- no taskkills
- wmi queries for AV and firewalls
- no tor connection
- 12/11/2017
- payment_advice_12102017.jar
- sha256 5291b0b074f3e63acccbb7f000f79c26e6152d9a899e87dd569a5360d6d267c9
- https://www.reverse.it/sample/5291b0b074f3e63acccbb7f000f79c26e6152d9a899e87dd569a5360d6d267c9?environmentId=100
- process hierarchy
- [ javaw.exe -> java.exe -> cmd.exe -> cscript.exe Retrivexxxx.vbs , xcopy.exe , reg.exe, attrib.exe, wmic.exe]
- taskkills many security researcher and av tools
- wmi queries for AV and firewalls
- connects to tor url
- 12/10/2017
- 03d63521464152536815f4780ce466ea1b556423d24a8b8d646fa49a60eb3d15.jar
- sha256 03d63521464152536815f4780ce466ea1b556423d24a8b8d646fa49a60eb3d15
- https://www.reverse.it/sample/03d63521464152536815f4780ce466ea1b556423d24a8b8d646fa49a60eb3d15?environmentId=100
- process hierarchy
- [ javaw.exe -> java.exe -> cmd.exe -> cscript.exe Retrivexxxx.vbs , xcopy.exe , reg.exe, attrib.exe, wmic.exe]
- taskkills many security researcher and av tools
- wmi queries for AV and firewalls
- connects to tor url
- 12/8/2017
- HaeXSungXOrderXSheetX-XCopy.jar
- sha256 90452b0c02b2a8a5bd7d311188fab7eb83a94987e8ea5a49efddc740348f6bbe
- https://www.reverse.it/sample/90452b0c02b2a8a5bd7d311188fab7eb83a94987e8ea5a49efddc740348f6bbe?environmentId=100
- process hierarchy
- [ javaw.exe -> java.exe -> cmd.exe -> cscript.exe Retrivexxxx.vbs , xcopy.exe , reg.exe, attrib.exe, wmic.exe]
- taskkills many security researcher and av tools
- wmi queries for AV and firewalls
- connects to tor url
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement