doomedraven
commented
7 years ago that is ursnif, works just fine here :P
i think it detects your vm thats all
Open Nwinternights opened 7 years ago
doomedraven
commented
7 years ago that is ursnif, works just fine here :P
i think it detects your vm thats all
Nwinternights
commented
7 years ago @doomedraven oky tks as always.
doomedraven
commented
7 years ago you are welcome, do tests with this tools
i don't know which machinary do you use, but i suggest get a look on this
http://www.doomedraven.com/#modifying-kvm-qemu-kvm-settings-for-malware-analysis
that will patch everything in host so no vm inside patching required
Nwinternights
commented
7 years ago I've virtualbox. I was looking at this https://github.com/nsmfoo/antivmdetection
doomedraven
commented
7 years ago that one is also nice resource :) but vbox is still vbox
Nwinternights
commented
7 years ago doomedraven
commented
7 years ago oh yeah that one is nice :) i have it saved as treasure if one day i will need to use vbox
Hi All, I came across to this sample (14bc5de70b5d9f207d86f5be42ef6a14 ) https://www.reverse.it/sample/c6092be5a6ca62d43e71707ec576e7debd863beeba76beb9d72d528bb5dc0693?environmentId=100 According to my cuckoo it matches just couple of sigs but looking at at static analyis and Reverse output i discovered that it interacts with kernel and has some Antidb tricks (like sending SetUnhandledExceptionFilter). Anybody has the same results? Im afraid that that cuckoomon is starting to be obsolete but I really dunno how to work with C. (Update) sometimes the delay process or kill process fails and cuckoo is able to analyze correctly the sample (1 every 5 times)