Reports

ENCRYPTED.ps1

A fully fledged modular infostealer targeting browser, Discord and Mail clients.

WannaCry - invoice_greenanimals.pdf.exe

The WannaCry-family executable checks a hardcoded kill-switch domain and, if unresolved, encrypts user files, deletes backups, and propagates laterally via SMB while establishing persistence through Windows services and registry modifications. It disables recovery options, uses anti-debugging and service-disguise techniques for stealth, and aggressively scans the internal network to maximize disruption and data loss.

C++ Ransomware Ransomworm Worm Command and Control C2 Communication Command Execution via Powershell Cmd Bash File Encryption Persistence Mechanisms WannaCryptor

VenomRAT - ClientAny.exe

A 32-bit C# VenomRAT-style Trojan persists in AppData and decrypts an AES-256 config (RSA-signed) before connecting to a certificate-pinned C2 over TLS. It logs keystrokes, enumerates system info, downloads plugins, and continuously runs anti-analysis checks plus a process-killer to evade inspection.

C# Remote Access Trojan Persistence Mechanisms Command Execution via Powershell Cmd Bash Data-Exfiltration VenomRAT

Claim_732989680_03292021.xlsm

Excel workbook with hidden sheets that download and execute three DLLs from three different IP addresses.

vbscript xml Malicious Macros in Office Documents Dropping Secondary Payloads