Skip to content

Latest commit

 

History

History
124 lines (103 loc) · 5.6 KB

Astrum_drop_2016-12-07.md

File metadata and controls

124 lines (103 loc) · 5.6 KB

###Some Astrum drops###

I have been asked for samples tied to Astrum EK (referered as Stegano EK by Eset in this nice writeup) mentionned in that screenshot of MISP: AdGholas - Campaign - MISP https://twitter.com/kafeine/status/806122813966913536

So I sent them to : VT

I stored the zip here but please prefer VT link if you have access

###zip content###

  • Name: 175760baa2bbca3fbdc4d8f30c993b89_aningik.kaf

  • File Size: 40448 Byte(s) (39.50 KB)

  • Version: 12.0.6606.1000

  • MD5: 175760baa2bbca3fbdc4d8f30c993b89

  • SHA1: ae35c375086970b7a20242eaa377e36f20b2e766

  • SHA256: cb9fbb444a6a0b8fd1984db02f9523f9914df2b0747fecc7a1076beee364eb99

  • Name: 6229795fa30ee413d1aaeb1619a89b8f_dreambot.kaf

  • File Size: 1869312 Byte(s) (1.78 MB)

  • Version: 7.8.0.0

  • MD5: 6229795fa30ee413d1aaeb1619a89b8f

  • SHA1: 2197c2632fb0f59ffffba2f26bcd6f12412793bc

  • SHA256: 70406966f853345efe978ecf6e5f15233aab11296cd71d7adfaee664f33ab6a1

  • Name: 9072591fd08526efe69572294a5a0c63_vawtrak_113.kaf

  • File Size: 134144 Byte(s) (131.00 KB)

  • MD5: 9072591fd08526efe69572294a5a0c63

  • SHA1: bab7a711f30e97caae04add267ddec743eea33cb

  • SHA256: d8c1ea29e6d5bc1ffbd735749237a7e03cd900fb94c94e2f6f18881479b67922

  • Name: a2fc4c3fbd4efd2c24d26b8ede001a10_dreambot.kaf

  • File Size: 491594 Byte(s) (480.07 KB)

  • Version: 2.0.1.0

  • MD5: a2fc4c3fbd4efd2c24d26b8ede001a10

  • SHA1: ea839998a9eb52c7c420bf9ca69c90807784ebfd

  • SHA256: b88cc172abb47f4a62706a474527bc14a768e8f72f63ae5383320e849b4d3e50

  • Name: a0144df5caa43684f733634d7937fe25_gootkit.kaf

  • File Size: 160768 Byte(s) (157.00 KB)

  • MD5: a0144df5caa43684f733634d7937fe25

  • SHA1: 231dc8c84a65804a69be351e52892bb7bf1532d9

  • SHA256: c58c97d8ff93eca30e69335cc7c6428fe00c0876e87cf643d025821d27dbd44f

  • Name: b2eead90d9cc54752b027e9a9f32741c_dreambot.kaf

  • File Size: 166392 Byte(s) (162.49 KB)

  • MD5: b2eead90d9cc54752b027e9a9f32741c

  • SHA1: bf8b2208d242bab61bde878053b2be7a116904eb

  • SHA256: 672f56545491108a5e710b727ee6268d7d9ff83612a573c716b02618e26a370f

  • Name: e96f2bfb9527e08fc5f82500ef96e487_vawtrak_114.kaf

  • File Size: 172032 Byte(s) (168.00 KB)

  • Version: 1.0.2.0

  • MD5: e96f2bfb9527e08fc5f82500ef96e487

  • SHA1: 281373b455c9d400e1e56e25e7dcd7cd174a7d65

  • SHA256: 70a4b312ceec1eb2c259913451c93c138465f3d70c74d0a61eb4c48c5aba0b51

  • Name: ecd1ad7ea3950f29a9afbc000d2b9b1a_dreambot.kaf

  • File Size: 699392 Byte(s) (683.00 KB)

  • Version: 3.1.8606.0

  • MD5: ecd1ad7ea3950f29a9afbc000d2b9b1a

  • SHA1: e9f0c59a2090e681e5d4b5166e6d60f9fb9db772

  • SHA256: 61b8655dfdb553d8fbd5afab7997e247da4b1e9dfc1bbb2474750617bcca5e0f

  • Name: f12cdb36588d661a0cd1c63808df3f20_ramnit.kaf

  • File Size: 275493 Byte(s) (269.04 KB)

  • Version: 14.0.1.2

  • MD5: f12cdb36588d661a0cd1c63808df3f20

  • SHA1: 50dc8a7e5df13f94dadbe48d81d136b82b19b131

  • SHA256: 57adba8dea8bd0eb8dab7a2e77a52823b60b6062df64c77af0f5bfd7eafb542c

  • Name: f9243ae7005815ff3e3fbe43505e22b3_godzilla.kaf

  • File Size: 233472 Byte(s) (228.00 KB)

  • Version: 7.6.0.0

  • MD5: f9243ae7005815ff3e3fbe43505e22b3

  • SHA1: bcfde94dcb4be8be69ca706c703de170956ffe0b

  • SHA256: be1652dbe9bb2fe035e29c8d341f7b54137e47f4d3d5b8a6f70ca7525a27f4c7

  • Name: fa495110b05f2bb572e46214a681e3f3_zloader.kaf

  • File Size: 127488 Byte(s) (124.50 KB)

  • Version: 10.6.6377.5032

  • MD5: fa495110b05f2bb572e46214a681e3f3

  • SHA1: e2da4e94a5ace245c0c0acde2660d342f6c00454

  • SHA256: f5abbc55f71a4df294a9dde70e41617e32a64e4ccf6a0c6baf7f4306ef0070b2

  • Name: 0b9e17cec5939bf3ea26bece55949b44_dreambot.kaf

  • File Size: 422912 Byte(s) (413.00 KB)

  • MD5: 0b9e17cec5939bf3ea26bece55949b44

  • SHA1: e471707419f31a876484df03f2fe84cdac230a8e

  • SHA256: f029a658e6b63e48d791310ffda403f0eb36f8a5108b14a87b85b5be01e18b86

  • Name: 0f048d74e11515a4eeee5a28e5eb93d3_dreambot.kaf

  • File Size: 626688 Byte(s) (612.00 KB)

  • Version: 1.8.0.39801

  • MD5: 0f048d74e11515a4eeee5a28e5eb93d3

  • SHA1: b2e4e5c38be5380558d2ada30c3e30b015cf5b16

  • SHA256: 8d58eb6316855492b689242d852908a9e9005bb950910fa7f3e1be6d8fe70895

  • Name: 1a03106ce5f67f2928d31dfea0f99d63_zloader.kaf

  • File Size: 3747328 Byte(s) (3.57 MB)

  • MD5: 1a03106ce5f67f2928d31dfea0f99d63

  • SHA1: 5eba3d5c01e404c965e4d51e34e7904b3686c488

  • SHA256: da781eb4c3d0bcfa77fa06ec0c0f1d40f1152580744e4d8cdfbf99de82c3f32e

  • Name: 7a85085f54f4e10a10a3270ccce67cc3_dreambot.kaf

  • File Size: 155136 Byte(s) (151.50 KB)

  • MD5: 7a85085f54f4e10a10a3270ccce67cc3

  • SHA1: 6f155e576bbe80703cf48246c2bea1e35e06acf5

  • SHA256: d5a492253d0a336a620b8447780ec8efee720f1b9575fb77d2d29b01fbf18ca9

  • Name: 97b764282ad33dc7fc19f5dbd7a3649a_gootkit.kaf

  • File Size: 335872 Byte(s) (328.00 KB)

  • Version: 15.4.0.0

  • MD5: 97b764282ad33dc7fc19f5dbd7a3649a

  • SHA1: bfbfa097560e84760201c90d8e4da6a7896c0067

  • SHA256: 1d8acc610c84233ecd91a373efa450e0719078c50d17eb927b465d4675d02e7f

  • Name: 3129c8b9ccf91f3349262c12be21d5ed_godzilla.kaf

  • File Size: 45568 Byte(s) (44.50 KB)

  • Version: 8.9.0.0

  • MD5: 3129c8b9ccf91f3349262c12be21d5ed

  • SHA1: d7688d0af073ad89051ca87d8ba31b18ea4f55e9

  • SHA256: 9ae69049018ddb938b454e55ffe75daa2e8a446d226ab3193ea0011870a5e445