Fresh today compiled #razr #Ransomware
-
Fresh today compiled #razr #Ransomware
Analysis goy.exe (MD5: 3600FE2EE95082BA6746B7D9EF2403B4) Malicious activity - Interactive analysis ANY.RUN
Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
(app.any.run)
-
R relay@relay.infosec.exchange shared this topic
-
Fresh today compiled #razr #Ransomware
Analysis goy.exe (MD5: 3600FE2EE95082BA6746B7D9EF2403B4) Malicious activity - Interactive analysis ANY.RUN
Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
(app.any.run)
@james_inthe_box Seems like they just get a new subdomain on pythonanywhere[.]com for each new campaign. Might be a good idea to put pythonanywhere on a blocklist.
-
@james_inthe_box Seems like they just get a new subdomain on pythonanywhere[.]com for each new campaign. Might be a good idea to put pythonanywhere on a blocklist.
@james_inthe_box
xmb.pythonanywhere[.]com (2024-08-18 -- 2025-09-17) tdroot.pythonanywhere[.]com (2026-02-10)
https://www.joesandbox.com/analysis/1494487/1/html
-
Fresh today compiled #razr #Ransomware
Analysis goy.exe (MD5: 3600FE2EE95082BA6746B7D9EF2403B4) Malicious activity - Interactive analysis ANY.RUN
Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
(app.any.run)
@james_inthe_box thanks for sharing, James!
