API tools faq
paste
Advertisement
openblacklist

OpenBlackList

openblacklist
Oct 3rd, 2015
176
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.08 KB | None | 0 0
raw download clone embed print report
  1. OpenBlackList (twitter: @OpenBlackList) . A project by ElCatapan (twitter: @ElCatapan).
  2.  
  3. This paste contain information about attacks collected from my honeypot systems.
  4.  
  5.  
  6.  
  7. Date: 2015-10-03
  8.  
  9. Source of the attack: 186.74.238.212 (AS11556-Cable & Wireless Panama),located in Panama
  10.  
  11. Service attacked: SMB
  12.  
  13. Action: Malware propagation
  14.  
  15. MD5 sample: 4d4c2729b8aa56e70eaf9ef84e9d5d3d
  16.  
  17. Downloads number: 1
  18.  
  19. Download URL:
  20. smb://::ffff:186.74.238.212
  21.  
  22. Offer URL:
  23. smb://::ffff:186.74.238.212/csrss.exe
  24.  
  25.  
  26.  
  27. VirusTotal Analisys:
  28.  
  29. Antivirus total: 56
  30. Antivirus positives: 52
  31.  
  32.  
  33. Antivirus: Bkav
  34. Antivirus version: 1.3.0.7237
  35. Antivirus update: 20150928
  36. Malware: W32.TBrambulA.Trojan
  37.  
  38. Antivirus: MicroWorld-eScan
  39. Antivirus version: 12.0.250.0
  40. Antivirus update: 20150929
  41. Malware: Worm.Generic.230976
  42.  
  43. Antivirus: nProtect
  44. Antivirus version: 2015-09-25.01
  45. Antivirus update: 20150925
  46. Malware: Trojan-Spy/W32.Agent.57344.KT
  47.  
  48. Antivirus: CMC
  49. Antivirus version: 1.1.0.977
  50. Antivirus update: 20150928
  51. Malware: Trojan-Spy.Win32.Agent!O
  52.  
  53. Antivirus: CAT-QuickHeal
  54. Antivirus version: 14.00
  55. Antivirus update: 20150928
  56. Malware: TrojanSpy.Agent.bbel.n4
  57.  
  58. Antivirus: ALYac
  59. Antivirus version: 1.0.1.4
  60. Antivirus update: 20150929
  61. Malware: Trojan.Spammer.57344
  62.  
  63. Antivirus: Malwarebytes
  64. Antivirus version: 2.1.1.1115
  65. Antivirus update: 20150929
  66. Malware: Trojan.Agent
  67.  
  68. Antivirus: VIPRE
  69. Antivirus version: 44142
  70. Antivirus update: 20150929
  71. Malware: Trojan.Win32.Generic!BT
  72.  
  73. Antivirus: TheHacker
  74. Antivirus version: 6.8.0.5.681
  75. Antivirus update: 20150929
  76. Malware: Trojan/Spy.Agent.bmxb
  77.  
  78. Antivirus: BitDefender
  79. Antivirus version: 7.2
  80. Antivirus update: 20150929
  81. Malware: Worm.Generic.230976
  82.  
  83. Antivirus: K7GW
  84. Antivirus version: 9.210.17358
  85. Antivirus update: 20150928
  86. Malware: Backdoor ( 04c4f2671 )
  87.  
  88. Antivirus: K7AntiVirus
  89. Antivirus version: 9.210.17358
  90. Antivirus update: 20150928
  91. Malware: Backdoor ( 04c4f2671 )
  92.  
  93. Antivirus: NANO-Antivirus
  94. Antivirus version: 0.30.26.3725
  95. Antivirus update: 20150929
  96. Malware: Trojan.Win32.Agent.bmgds
  97.  
  98. Antivirus: Cyren
  99. Antivirus version: 5.4.16.7
  100. Antivirus update: 20150929
  101. Malware: W32/Agent.IX.gen!Eldorado
  102.  
  103. Antivirus: Symantec
  104. Antivirus version: 20141.2.0.56
  105. Antivirus update: 20150928
  106. Malware: Trojan Horse
  107.  
  108. Antivirus: ESET-NOD32
  109. Antivirus version: 12325
  110. Antivirus update: 20150929
  111. Malware: Win32/Pepex.F
  112.  
  113. Antivirus: TrendMicro-HouseCall
  114. Antivirus version: 9.800.0.1009
  115. Antivirus update: 20150929
  116. Malware: WORM_MYDOOM.WA
  117.  
  118. Antivirus: Avast
  119. Antivirus version: 8.0.1489.320
  120. Antivirus update: 20150929
  121. Malware: Win32:Agent-AOKX [Trj]
  122.  
  123. Antivirus: ClamAV
  124. Antivirus version: 0.98.5.0
  125. Antivirus update: 20150929
  126. Malware: Trojan.Spy-78857
  127.  
  128. Antivirus: Kaspersky
  129. Antivirus version: 15.0.1.10
  130. Antivirus update: 20150929
  131. Malware: Email-Worm.Win32.Pepex.o
  132.  
  133. Antivirus: Agnitum
  134. Antivirus version: 5.5.1.3
  135. Antivirus update: 20150928
  136. Malware: Trojan.Brambul!EaXSuFVXfdU
  137.  
  138. Antivirus: ViRobot
  139. Antivirus version: 2014.3.20.0
  140. Antivirus update: 20150929
  141. Malware: Trojan.Win32.Agent.57344.TI[h]
  142.  
  143. Antivirus: SUPERAntiSpyware
  144. Antivirus version: 5.6.0.1032
  145. Antivirus update: 20150929
  146. Malware: Trojan.Agent/Gen-Brambul
  147.  
  148. Antivirus: Rising
  149. Antivirus version: 25.0.0.17
  150. Antivirus update: 20150928
  151. Malware: PE:Backdoor.Win32.Mnless.diy!1541335[F1]
  152.  
  153. Antivirus: Ad-Aware
  154. Antivirus version: 12.0.163.0
  155. Antivirus update: 20150929
  156. Malware: Worm.Generic.230976
  157.  
  158. Antivirus: Sophos
  159. Antivirus version: 4.98.0
  160. Antivirus update: 20150928
  161. Malware: Mal/Spy-Y
  162.  
  163. Antivirus: Comodo
  164. Antivirus version: 23321
  165. Antivirus update: 20150929
  166. Malware: TrojWare.Win32.Agent.mtv0
  167.  
  168. Antivirus: F-Secure
  169. Antivirus version: 11.0.19100.45
  170. Antivirus update: 20150929
  171. Malware: Worm.Generic.230976
  172.  
  173. Antivirus: DrWeb
  174. Antivirus version: 7.0.15.8310
  175. Antivirus update: 20150929
  176. Malware: Win32.HLLW.Bumble
  177.  
  178. Antivirus: Zillya
  179. Antivirus version: 2.0.0.2419
  180. Antivirus update: 20150928
  181. Malware: Trojan.Agent.Win32.100751
  182.  
  183. Antivirus: TrendMicro
  184. Antivirus version: 9.740.0.1012
  185. Antivirus update: 20150929
  186. Malware: WORM_MYDOOM.WA
  187.  
  188. Antivirus: McAfee-GW-Edition
  189. Antivirus version: v2015
  190. Antivirus update: 20150929
  191. Malware: Downloader-CUZ
  192.  
  193. Antivirus: Emsisoft
  194. Antivirus version: 3.5.0.642
  195. Antivirus update: 20150929
  196. Malware: Worm.Generic.230976 (B)
  197.  
  198. Antivirus: F-Prot
  199. Antivirus version: 4.7.1.166
  200. Antivirus update: 20150929
  201. Malware: W32/Agent.IX.gen!Eldorado
  202.  
  203. Antivirus: Jiangmin
  204. Antivirus version: 16.0.100
  205. Antivirus update: 20150927
  206. Malware: TrojanSpy.Agent.mza
  207.  
  208. Antivirus: Avira
  209. Antivirus version: 8.3.2.2
  210. Antivirus update: 20150929
  211. Malware: TR/Agent.mtv
  212.  
  213. Antivirus: Antiy-AVL
  214. Antivirus version: 1.0.0.1
  215. Antivirus update: 20150929
  216. Malware: Trojan[Spy]/Win32.Agent
  217.  
  218. Antivirus: Kingsoft
  219. Antivirus version: 2013.4.9.267
  220. Antivirus update: 20150929
  221. Malware: Win32.Troj.Agent.(kcloud)
  222.  
  223. Antivirus: Arcabit
  224. Antivirus version: 1.0.0.567
  225. Antivirus update: 20150929
  226. Malware: Worm.Generic.D38640
  227.  
  228. Antivirus: AhnLab-V3
  229. Antivirus version: 2015.09.29.00
  230. Antivirus update: 20150928
  231. Malware: Trojan/Win32.Npkon
  232.  
  233. Antivirus: Microsoft
  234. Antivirus version: 1.1.12101.0
  235. Antivirus update: 20150929
  236. Malware: Trojan:Win32/Brambul.A!dha
  237.  
  238. Antivirus: TotalDefense
  239. Antivirus version: 37.1.62.1
  240. Antivirus update: 20150929
  241. Malware: Win32/Tnega.WW
  242.  
  243. Antivirus: McAfee
  244. Antivirus version: 6.0.6.653
  245. Antivirus update: 20150929
  246. Malware: Downloader-CUZ
  247.  
  248. Antivirus: AVware
  249. Antivirus version: 1.5.0.21
  250. Antivirus update: 20150929
  251. Malware: Trojan.Win32.Generic!BT
  252.  
  253. Antivirus: VBA32
  254. Antivirus version: 3.12.26.4
  255. Antivirus update: 20150928
  256. Malware: TrojanSpy.Agent
  257.  
  258. Antivirus: Panda
  259. Antivirus version: 4.6.4.2
  260. Antivirus update: 20150928
  261. Malware: Generic Malware
  262.  
  263. Antivirus: Tencent
  264. Antivirus version: 1.0.0.1
  265. Antivirus update: 20150929
  266. Malware: Win32.Worm-email.Pepex.Pegi
  267.  
  268. Antivirus: Ikarus
  269. Antivirus version: T3.1.9.5.0
  270. Antivirus update: 20150929
  271. Malware: Trojan-Spy.Win32.Agent
  272.  
  273. Antivirus: GData
  274. Antivirus version: 25
  275. Antivirus update: 20150929
  276. Malware: Worm.Generic.230976
  277.  
  278. Antivirus: AVG
  279. Antivirus version: 16.0.0.4419
  280. Antivirus update: 20150929
  281. Malware: PSW.Agent.AHCN
  282.  
  283. Antivirus: Baidu-International
  284. Antivirus version: 3.5.1.41473
  285. Antivirus update: 20150928
  286. Malware: Worm.Win32.Pepex.F
  287.  
  288. Antivirus: Qihoo-360
  289. Antivirus version: 1.0.0.1015
  290. Antivirus update: 20150929
  291. Malware: Win32/RootKit.Rootkit.7e5
  292.  
  293.  
  294.  
  295.  
  296. Static analysis with PEframe:
  297.  
  298. Short information
  299. ------------------------------------------------------------
  300. File Name 4d4c2729b8aa56e70eaf9ef84e9d5d3d
  301. File Size 57344 byte
  302. Compile Time 2009-10-14 14:45:54
  303. DLL False
  304. Sections 4
  305. Hash MD5 4d4c2729b8aa56e70eaf9ef84e9d5d3d
  306. Hash SHA-1 e10c84a65e928dbc03e5a84ee4dc5a96304d2707
  307. Imphash 2b018f96d7cda0b915d2c1dcb16595c4
  308. Detected Packer, Anti Debug
  309. Directory Import, Resource
  310.  
  311. Packer matched [4]
  312. ------------------------------------------------------------
  313. Packer Microsoft Visual C++ v6.0
  314. Packer Microsoft Visual C++ 5.0
  315. Packer Microsoft Visual C++
  316. Packer Installer VISE Custom
  317.  
  318. Anti Debug discovered [3]
  319. ------------------------------------------------------------
  320. Function GetLastError
  321. Function TerminateProcess
  322. Function UnhandledExceptionFilter
  323.  
  324. Suspicious API discovered [34]
  325. ------------------------------------------------------------
  326. Function CloseHandle
  327. Function CopyFileA
  328. Function CreateFileA
  329. Function CreateProcessA
  330. Function CreateServiceA
  331. Function ExitProcess
  332. Function FindResourceA
  333. Function GetCommandLineA
  334. Function GetCurrentProcess
  335. Function GetModuleFileNameA
  336. Function GetModuleHandleA
  337. Function GetProcAddress
  338. Function GetStartupInfoA
  339. Function GetSystemDirectoryA
  340. Function GetTickCount
  341. Function GetUserNameA
  342. Function LoadLibraryA
  343. Function LockResource
  344. Function RegCloseKey
  345. Function RegOpenKeyExA
  346. Function Sleep
  347. Function StartServiceA
  348. Function TerminateProcess
  349. Function UnhandledExceptionFilter
  350. Function VirtualAlloc
  351. Function VirtualFree
  352. Function WSAStartup
  353. Function WriteFile
  354. Function closesocket
  355. Function connect
  356. Function recv
  357. Function send
  358. Function sendto
  359. Function socket
  360.  
  361. Suspicious Sections discovered [1]
  362. ------------------------------------------------------------
  363. Section .rsrc
  364. Hash MD5 885b726aee5a5c6372c32a6860008a17
  365. Hash SHA-1 f754c4e383c9c220da418922c75a8e4ddf95a80a
  366.  
  367. File name discovered [12]
  368. ------------------------------------------------------------
  369. Executable %SystemRoot%\csrss.exe
  370. Executable %s\admin$\csrss.exe
  371. Executable \lsasvc.exe
  372. Library 32.dll
  373. Library ADVAPI32.dll
  374. Library KERNEL32.dll
  375. Library MSVCRT.dll
  376. Library USER32.dll
  377. Library WS2_32.dll
  378. Library dnsapi.dll
  379. Library iphlpapi.dll
  380. Library user32.dll
  381.  
  382. Url discovered [5]
  383. ------------------------------------------------------------
  384. Url gmail-smtp-in.l.google.com
  385. Url gmail.com
  386. Url google.com
  387. Url johnS203@yahoo.com
  388. Url whiat1001@gmail.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!