How do I get the malicious family by hash values?
by bushuo - May 14, 2021 at 06:20 AM
#1
I have a batch of malware sample hash values,  but I need to mark their families. How can I get the malicious family through these hash values? Thanks for answering!
Reply
#2
Interesting question..if someone can respond, that, would be very nice!
Reply
#3
Can that be done at all ?
On what base would it be done
Reply
#4
you can use yara rules, and define the hash
Reply
#5
(May 14, 2021 at 10:28 AM)PraznoGlav Wrote: Can that be done at all ?
On what base would it be done
The VT 's  Premium API user can access the "malware_config" field that contains "family". But I am not Premium user. 
It describe that “malware_config contains extracted malware configuration files for certain malware families that are identified via Yara rules.”
Reply
#6
Read the Yara rule, guess its based on structure, if you can share it
Reply
#7
(May 14, 2021 at 11:07 AM)nero007 Wrote: you can use yara rules, and define the hash
Thank you for your reply! The VT 's API contains "malware_config" field and it describe that certain malware families that are identified via Yara rules. So I decided to figure out how to do that.
Reply
#8
I have no clue how VT does shit but I think it's this: https://ssdeep-project.github.io/ssdeep/index.html

Basically hashes a bunch of parts and compares them to other software ssdeep values. Regular hash values can't show you what other families there are.
Reply
#9
(May 14, 2021 at 04:25 PM)verking Wrote: I have no clue how VT does shit but I think it's this: https://ssdeep-project.github.io/ssdeep/index.html

Basically hashes a bunch of parts and compares them to other software ssdeep values. Regular hash values can't show you what other families there are.
I think so and that requires samples. Thank for your reply!
Reply
#10
(May 14, 2021 at 06:20 AM)bushuo Wrote: I have a batch of malware sample hash values,  but I need to mark their families. How can I get the malicious family through these hash values? Thanks for answering!

check them on VT, use the free API to automate the batch
https://github.com/DidierStevens/DidierStevensSuite/blob/master/virustotal-search.py
from the responses you will see the family
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Analyzing malicious Android applications Bonduralts 5 676 September 14, 2020 at 02:51 PM
Last Post: Bonduralts
[Request] Malicious File Hunter someonenoone 3 704 March 18, 2020 at 02:06 AM
Last Post: Smith2019
LATEST SPOTIFY CHECKER 2019 ~ SPOTIFY PREMIUM FAMILY, PREMIUM CAPTURES Nesmo 4 1,293 November 24, 2019 at 07:55 AM
Last Post: rollor

 Users browsing this thread: 1 Guest(s)