malware-samples

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net or https://twitter.com/inquest. Be sure to also check out the Deep File Inspection (DFI) portion of https://labs.inquest.net for an interactive searchable interface to a large corpus (>500K) of downloadable malware lures.

• CVE-2018-4878-Adobe-Flash-DRM-UAF-0day
  • 14c58e38... Carrier: Microsoft Excel 2007+ XLSX, JSON VT Report
  • 3b1395f6... Carrier: Composite Document File V2 Document DOC, JSON VT Report
  • 88d7aa16... Stage-1: Macromedia Flash data, version 32 SWF, JSON VT Report, Decompiled ActionScript
  • 1a326925... Stage-2: (0day) Macromedia Flash data (compressed), version 32 SWF, JSON VT Report, Decompiled ActionScript
  • e1546323... Payload: (ROKRAT) PE32 executable (GUI) Intel 80386, for MS Windows PE, JSON VT Report
• 2018-04-GandCrab-Swarm
  • Document Carrier: DOC
  • Document Dropper Macro: VBA
  • Additional Extracted Macros: VBAs
  • Obfuscated JavaScript payloads: JS
• 2018-05-Agent-Tesla-Open-Directory
  • Agent Tesla Payload 1: EXE
  • Agent Tesla Payload 2: EXE
  • Agent Tesla Payload 3: EXE
  • Web Panel: ZIP
• 2018-05-22 Interesting Macro Obfuscation
  • 26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.doc
  • 26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.macro
  • 26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.related 769 related hashes
• 2018-08 Hidden Bee Elements
  • 11310b509f8bf86daa5577758e9d1eb5
  • b3eb576e02849218867caefaa0412ccd
• 2019-01 Malicious Excel XLM Macros
  • 98e4695eb06b12221f09956c4ee465ca5b50f20c0a5dc0550cad02d1d7131526.xlm
  • a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a.msi
  • c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4.exe
  • 8a5041d41c552c5df95e4a18de4c343e5ac54845e275262e99a3a6e1a639f5d4.vbs
  • 91237a76e43caa35e3fbd42d47fbaca5d6b5ea7a96c89341196d070b628122ce.bat
  • 79a56ca8a7fdeed1f09466af66c24ddef5ef97ac026297f4ea32db6e01a81190.dll
• 2019-03 Sophisticated PowerShell Script (Dropping URLZone)
  • 945a1276860fc4904ca23ed86b22e1782cd5761bc6c47f1cf331d9ae02cde0db.ps1
  • 6847b98f36e96c3d967524811409e164746bea5ae021d44fbd6c7bfefe072582.dll
  • 6badf0748ca6cbd4a1f1175dbb8a6dbbee1656c7086378418e1397bce025aa60.exe
• 2019-07 Base64 Encoded Powershell Pivots
  • PEM
  • LNK
  • JPG
  • others...
• 2020-05 Zloader 4.0 Macrosheet Evolution
  • Github Hosted Samples and Macrosheet Extractions
  • InQuest Labs Samples by Heuristic Match
• 2020-07 Tale of a Polished Carrier
  • Github Hosted Samples and Embedded File Extractions

Additional Sources

Some additional GitHub repositories to explore for those curious to gather more public domain samples.

• ytisf/theZoo - Live samples with binaries and source code.
• fabrimagic72/malware-samples - Samples collected with honeypots.
• HynekPetrak/javascript-malware-collection - Large collection of malicious JavaScript samples.
• wolfvan/some-samples - Large collection of samples captured with honeypots.
• 0x48piraj/MalWAReX - Remote Access Trojan (RAT) samples.
• drbeni/malquarium - Web based malware repository, samples available at https://malquarium.org/.
• mstfknn/malware-sample-library - Malware samples, derived from https://iec56w4ibovnb4wc.onion.si/.
• RamadhanAmizudin/malware - Malware source and binaries, most from http://www.malwaretech.com/.