bongtrop/malwaresearch

Find Malware Sample with MD5, SHA1, SHA256 Hash on Internet

malwaresearch

Find Malware Sample with MD5, SHA1, SHA256 Hash on Internet

For now:

• Hybrid-analysis
• Malware-traffic-analysis

Requirements

python2
requests
google
bs4

Setup

With pip

# pip install git+https://github.com/pe3zx/malwaresearch.git

Manual

# pip install -r requirements.txt
# python setup.py install

Usage

$ malwaresearch
Usage: malwaresearch [options] [hashs|files]

Options:
  -h, --help            show this help message and exit
  -f, --file            input file keyword
  -c CONFIG, --config=CONFIG
                        config file path
  -m MODE, --mode=MODE  search mode: [1] Hybrid Analysis, [2] Malware Traffic
                        Analysis, [3] Malwarebreakdown default: 1,2,3 (for all
                        mode)

Example

// For first time
$ malwaresearch ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
Input some config please answer some question
Hybrid Analysis api key: 4pwx5vtzb4sg0c080800w0c88
Hybrid Analysis secret key: ee3d523e9e8fd6832a0034f84b149a039b9785fa3e2139f1
Write config to /home/bongtrop/.malwaresearch.json

$ malwaresearch ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
Search for ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
        With hybrid-analysis.com
                Description: Trojan.Ransom.WannaCryptor
                Link: https://www.hybrid-analysis.com/sample/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
        With malware-traffic-analysis.net
                Not Found
        With malwarebreakdown.com
                Not Found

$ malwaresearch -f input_test.txt
Search for b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
        With hybrid-analysis.com
                Description: Generic.Ransom.HydraCrypt
                Link: https://www.hybrid-analysis.com/sample/b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
        With malware-traffic-analysis.net
                Not Found
        With malwarebreakdown.com
                Not Found

Search for 2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd
        With hybrid-analysis.com
                Description: Gen:Variant.Graftor
                Link: https://www.hybrid-analysis.com/sample/2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd
        With malware-traffic-analysis.net
                Not Found
        With malwarebreakdown.com
                Not Found
...

$ malwaresearch -m 1,3 -f input_test.txt
Search for b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
        With hybrid-analysis.com
                Description: Generic.Ransom.HydraCrypt
                Link: https://www.hybrid-analysis.com/sample/b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
        With malwarebreakdown.com
                Not Found
...

TODO

• Support on more available sources