API tools faq
paste
Advertisement
Neonprimetime

#adwind #evasive observations 12-08-2017 to 12-12-2017

Neonprimetime
Dec 12th, 2017
220
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.98 KB | None | 0 0
raw download clone embed print report
  1. #adwind #evasive observations of samples on Hybrid Analysis
  2.  
  3. 12/12/2017
  4. PAYMENT SLIP.jar
  5. sha256 c6380012717fa4bb419318dc328daa2a4fe7f39352bd1372f69e2ec19a918e56
  6. https://www.reverse.it/sample/c6380012717fa4bb419318dc328daa2a4fe7f39352bd1372f69e2ec19a918e56?
  7. environmentId=100
  8.  
  9. process hierarchy
  10. [ javaw.exe -> java.exe -> cmd.exe -> cscript.exe Retrivexxxx.vbs , xcopy.exe , reg.exe, attrib.exe, wmic.exe]
  11. no taskkills
  12. wmi queries for AV and firewalls
  13. no tor connection
  14.  
  15. 12/11/2017
  16. payment_advice_12102017.jar
  17. sha256 5291b0b074f3e63acccbb7f000f79c26e6152d9a899e87dd569a5360d6d267c9
  18. https://www.reverse.it/sample/5291b0b074f3e63acccbb7f000f79c26e6152d9a899e87dd569a5360d6d267c9?environmentId=100
  19.  
  20. process hierarchy
  21. [ javaw.exe -> java.exe -> cmd.exe -> cscript.exe Retrivexxxx.vbs , xcopy.exe , reg.exe, attrib.exe, wmic.exe]
  22. taskkills many security researcher and av tools
  23. wmi queries for AV and firewalls
  24. connects to tor url
  25.  
  26. 12/10/2017
  27. 03d63521464152536815f4780ce466ea1b556423d24a8b8d646fa49a60eb3d15.jar
  28. sha256 03d63521464152536815f4780ce466ea1b556423d24a8b8d646fa49a60eb3d15
  29. https://www.reverse.it/sample/03d63521464152536815f4780ce466ea1b556423d24a8b8d646fa49a60eb3d15?environmentId=100
  30.  
  31. process hierarchy
  32. [ javaw.exe -> java.exe -> cmd.exe -> cscript.exe Retrivexxxx.vbs , xcopy.exe , reg.exe, attrib.exe, wmic.exe]
  33. taskkills many security researcher and av tools
  34. wmi queries for AV and firewalls
  35. connects to tor url
  36.  
  37. 12/8/2017
  38. HaeXSungXOrderXSheetX-XCopy.jar
  39. sha256 90452b0c02b2a8a5bd7d311188fab7eb83a94987e8ea5a49efddc740348f6bbe
  40. https://www.reverse.it/sample/90452b0c02b2a8a5bd7d311188fab7eb83a94987e8ea5a49efddc740348f6bbe?environmentId=100
  41.  
  42. process hierarchy
  43. [ javaw.exe -> java.exe -> cmd.exe -> cscript.exe Retrivexxxx.vbs , xcopy.exe , reg.exe, attrib.exe, wmic.exe]
  44. taskkills many security researcher and av tools
  45. wmi queries for AV and firewalls
  46. connects to tor url
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!