Search found 13 matches

by kalptarunet
Wed Sep 05, 2018 4:56 pm
Forum: Completed Malware Requests
Topic: FrameworkPOS and GratefulPOS malware sample request
Replies: 1
Views: 1395

FrameworkPOS and GratefulPOS malware sample request

Anyone got samples for this one?

X-Force IRIS Identifies FIN6 Activity on POS Networks
https://securityintelligence.com/x-forc ... -networks/
by kalptarunet
Mon Aug 27, 2018 5:10 pm
Forum: Completed Malware Requests
Topic: RtPOS - New Point Of Sale Malware Family Uncovered
Replies: 1
Views: 1624

RtPOS - New Point Of Sale Malware Family Uncovered

Anyone got sample or additional info on this one? https://www.boozallen.com/c/insight/blog/new-point-of-sale-malware-family-uncovered.html (fb749c32b58fd1238f21d48ba1deb60e6fb4546f3a74e211f80a3ed005f9e046) https://www.virustotal.com/#/file/fb749c32b58fd1238f21d48ba1deb60e6fb4546f3a74e211f80a3ed005f9...
by kalptarunet
Fri Nov 09, 2012 11:18 pm
Forum: Malware
Topic: Adobe Reader 0-day
Replies: 8
Views: 5530

Re: Adobe Reader 0-day

I got this one today morning from one of my infected host and none of AV able to detect and clean it. https://www.virustotal.com/file/5b22fff48905b8d30aa0d15e398c451876802c6ccbb76df9e3d516f46e07349e/analysis/ SHA256: 5b22fff48905b8d30aa0d15e398c451876802c6ccbb76df9e3d516f46e07349e SHA1: 50df28375125...
by kalptarunet
Fri Nov 09, 2012 10:54 pm
Forum: Malware
Topic: WinNT/Cridex (alias Dridex, Drixed)
Replies: 149
Views: 241289

Re: Worm:Win32/Cridex.B

Looks like its Cridex to me, not able to find any AV able to detect and clean it.SHA256: https://www.virustotal.com/file/a0703de85f59b501935eff571a6c6b6f9e30c03c703a678abe699019e2c1eb2b/analysis/a0703de85f59b501935eff571a6c6b6f9e30c03c703a678abe699019e2c1eb2b SHA1: a135147a0b0ff097d3a11254a2e13be48d...
by kalptarunet
Thu Nov 01, 2012 11:56 pm
Forum: Completed Malware Requests
Topic: Malware Requests, part 2
Replies: 145
Views: 117572

Re: Malware Requests, part 2

xtreme-rat-targets-israeli-government" sample file is corrupt, please test and upload one time please.
by kalptarunet
Mon Oct 29, 2012 10:44 pm
Forum: Completed Malware Requests
Topic: Gozi Prinimalka
Replies: 1
Views: 1908

Gozi Prinimalka

Hi, Looking Trojan.Prinimalka sample for research, please find details below. File MD5: 09F75A3FCAEB2C46DD67B666A109D844 File SHA-1: 82299834EA7D733BBDE268F12E131E1C2E9686E2 Filesize: 157,184 bytes following Mutex object was created: sdfsdfsdfsdfsfsdfsdfsdfsdfsdf following URLs was then requested fr...
by kalptarunet
Thu Oct 18, 2012 12:12 am
Forum: Completed Malware Requests
Topic: Backdoor:Win32/Poison.E
Replies: 1
Views: 2056

Backdoor:Win32/Poison.E

Hi, Looking below sample, appreciate if some one able to help me. MD5: d0d335fbc6d9fdbaf8a0af44ae2944c7 SHA1: 5c8ff79400f965e269c6a213e640e2d15dbebb52 C2 callback: http://antivirus.9899.com.ar/meeting/upgrade.exe /meeting/upgrade.exe Sandbox Analaysis: http://malwr.com/analysis/d0d335fbc6d9fdbaf8a0a...
by kalptarunet
Sat Oct 13, 2012 1:26 pm
Forum: Completed Malware Requests
Topic: Malware Requests, part 2
Replies: 145
Views: 117572

Re: Malware Requests, part 2

Hi, Looking samples for Gozi-Prinimalka, please find few known MD5 listed below. http://blogs.rsa.com/rsafarl/cyber-gang-seeks-botmasters-to-wage-massive-wave-of-trojan-attacks-against-u-s-banks/ Known Gozi Prinimalka MD5 Hashes: MD5: 09f75a3fcaeb2c46dd67b666a109d844 MD5: c89e960e0155bd9c78889b415de...
by kalptarunet
Mon Aug 13, 2012 10:37 pm
Forum: Malware
Topic: Backdoor.Proxybox
Replies: 4
Views: 3506

Backdoor.Proxybox

Hi! Looking Backdoor.Proxybox sample, please find details below. MD5: 86908d0c072ce28a7650b78bab5a06e5 File size: 21.0 KB ( 21504 bytes ) %SystemDrive%\Documents and Settings\All Users\Application Data\Adobe\sp.dll %SystemDrive%\Documents and Settings\All Users\Application Data\Adobe\fs.cfg %SystemD...
by kalptarunet
Thu Jun 14, 2012 11:48 pm
Forum: Completed Malware Requests
Topic: Malware Requests, part 2
Replies: 145
Views: 117572

Malware Requests, part 2

Hi!

Looking for a Zeus sample, and sorry to say not having md5 or any info just having only C2 calling address please find below.

http://quivercove.com/w.php?f=116&e=1 /w.php

Thanks,

KTX