Open Nwinternights opened 7 years ago
that is ursnif, works just fine here :P
i think it detects your vm thats all
@doomedraven oky tks as always.
you are welcome, do tests with this tools
i don't know which machinary do you use, but i suggest get a look on this
http://www.doomedraven.com/#modifying-kvm-qemu-kvm-settings-for-malware-analysis
that will patch everything in host so no vm inside patching required
I've virtualbox. I was looking at this https://github.com/nsmfoo/antivmdetection
that one is also nice resource :) but vbox is still vbox
oh yeah that one is nice :) i have it saved as treasure if one day i will need to use vbox
Hi All, I came across to this sample (14bc5de70b5d9f207d86f5be42ef6a14 ) https://www.reverse.it/sample/c6092be5a6ca62d43e71707ec576e7debd863beeba76beb9d72d528bb5dc0693?environmentId=100 According to my cuckoo it matches just couple of sigs but looking at at static analyis and Reverse output i discovered that it interacts with kernel and has some Antidb tricks (like sending SetUnhandledExceptionFilter). Anybody has the same results? Im afraid that that cuckoomon is starting to be obsolete but I really dunno how to work with C. (Update) sometimes the delay process or kill process fails and cuckoo is able to analyze correctly the sample (1 every 5 times)