In my malware analysis blog posts and videos, I always try to include the hash or VirusTotal link of the sample(s) I analyze. If I don’t, it means I’m not at liberty to share the hash.
For every video that I post on YouTube, I create a corresponding video blog post (https://videos.DidierStevens.com) with more info like the sample’s hash and a link to VirusTotal.
In the description of the YouTube video, you will find a link to the video blog post.
Example:
I will often use the MD5 hash, but since I include a link to VirusTotal, you can consult the report and find other hashes like sha256 in that report.
Regarding MD5: I don’t worry about hash collisions for malware samples. Actually, if there is an MD5 hash collision, VirusTotal will inform me, and that would make my day 🙂 .
Don’t ask me for the malware samples I analyze, I don’t host or send these malware samples. If you or your organization have a VirusTotal Intelligence subscription, you can download the sample from VirusTotal.
If you don’t, there are several free repositories online (sometimes they require free registration). Lenny Zeltser has a list of repositories.
Didier Stevens 
Virusbay is awesome for malware samples. 🙂
Comment by Porg — Thursday 23 August 2018 @ 3:14
[…] Didier Stevens explains how to obtain the malware samples that he has analysed. Obtaining Malware Samples for Analysis […]
Pingback by Week 34 – 2018 – This Week In 4n6 — Sunday 26 August 2018 @ 10:30
[…] Obtaining Malware Samples for Analysis […]
Pingback by Overview of Content Published in August | Didier Stevens — Wednesday 5 September 2018 @ 0:00