About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Monday, June 25, 2012

023 Crime OSX DNS Changer / OSX.RSPlug.A - web -2007


SHA256: 2bdcdab0a5d41f4b6aa48e2ab55177552c8419c3f8ce140c4850a0616d7a2f3e
SHA1: f620af9a43d6e46e6b028dc8b109ff5d4cced911
MD5: 5291beb71cba2c5779119bff7a10abdb
File size: 16.6 KB ( 17034 bytes )
File name: ultracodec1237.dmg



 Download (pass infected)


 
Read more »

Thursday, June 7, 2012

023 Crime Downloader Trojan (name?) - web - June 7, 2012

Audio_Recording_MP3
MD5: FDC170166CB958E138E7D401F3C6F896
SHA256: A3253B1732A50146038A68B3B46260F80BEC6C1C

 Download (pass infected)

pcap file




Read more »

022 Crime Win32/Bakcorox.A - proxy bot - web - June 7, 2012

 Download (pass infected)


pcap file



DNS query:  day7read.info
DNS response:  day7read.info ⇒ 74.207.249.7
Connects to:  day7read.info:443 (74.207.249.7)
Sends data to:  8.8.8.8:53
Sends data to:  day7read.info:443 (74.207.249.7)
Receives data from :  8.8.8.8:53
Receives data from:  day7read.info:443 (74.207.249.7)
 
Read more »

Monday, June 4, 2012

021 Crime TDL - web - June 4, 2012

malicious domain
newgenerationp.com/d/u


 
Download (pass infected)

xor key 85 
MD5  A16977E9CCBF86168CE20DFC33E0A93C
SHA-256 05344813787920a04b207416ea05516b21958b3f6c8ad9fb8f0ce507c41efd01


https://www.virustotal.com/file/05344813787920a04b207416ea05516b21958b3f6c8ad9fb8f0ce507c41efd01/analysis
Subscribe to: Posts (Atom)