Search found 86 matches

by bsteo
Thu Nov 10, 2016 11:15 am
Forum: Malware
Topic: Point-of-Sale malwares / RAM scrapers
Replies: 244
Views: 810105

Re: Point-of-Sale malwares / RAM scrapers

No PDO in XXI century? :)
by bsteo
Thu Nov 10, 2016 11:09 am
Forum: Malware
Topic: Android Malware(All Android malware goes here)
Replies: 101
Views: 159092

Re: Android Malware(All Android malware goes here)

@Antelox, thanks mate :)
Was SHA256, my bad...
by bsteo
Thu Nov 10, 2016 9:25 am
Forum: Malware
Topic: Android Malware(All Android malware goes here)
Replies: 101
Views: 159092

Re: Android Malware(All Android malware goes here)

Anybody can get this sample?
SHA1 = e5df30b41b0c50594c2b77c1d5d6916a9ce925f792c563f692426c2d50aa2524
Source https://blog.fortinet.com/2016/11/01/an ... media-apps
by bsteo
Wed Mar 12, 2014 8:59 pm
Forum: Malware
Topic: Point-of-Sale malwares / RAM scrapers
Replies: 244
Views: 810105

Re: Point-of-Sale malwares / RAM scrapers

I think that's the style of the panel author not Dexter's author.
by bsteo
Sat Feb 01, 2014 5:57 pm
Forum: Malware
Topic: Point-of-Sale malwares / RAM scrapers
Replies: 244
Views: 810105

Re: Point-of-Sale malwares / RAM scrapers

Did a little quick work on Chewbacca. Very simple malware, tor proxy and a basic memory parser and keylogger. Gets public IP accessing http://ekiga.net/ip/ (service disabled now), scans memory then sends plain-text base64-encoded data to a PHP panel under a TOR .onion domain to two scripts: 1. sendl...
by bsteo
Sat Feb 01, 2014 11:59 am
Forum: Malware
Topic: Point-of-Sale malwares / RAM scrapers
Replies: 244
Views: 810105

Re: Point-of-Sale malwares / RAM scrapers

Any good info/sample on new 'ChewBacca'? MD5: 21f8b9d9a6fa3a0cd3a3f0644636bf09 https://blogs.rsa.com/rsa-uncovers-new-pos-malware-operation-stealing-payment-card-personal-information/ https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware http://threatpost.com/chew...
by bsteo
Sat Jan 25, 2014 4:47 pm
Forum: Malware
Topic: Point-of-Sale malwares / RAM scrapers
Replies: 244
Views: 810105

Re: Point-of-Sale malwares / RAM scrapers

Xylitol wrote:Decebal coder is retarded.
4744870016311111 is invalid luhn and the procedure behind check if the number is luhn valid so he don't even need to put this one on the 'blacklist' in theory.
Agree, he doesn't even have a real LUHN procedure to check, only the name.
by bsteo
Fri Jan 24, 2014 1:10 pm
Forum: Malware
Topic: Point-of-Sale malwares / RAM scrapers
Replies: 244
Views: 810105

Re: Point-of-Sale malwares / RAM scrapers

Look mom, I'm famous, lol :)

Code: Select all

sListaNeagra(26) = "4744870016311111" 'exitthematrix pos trigger
Inside Decebal src posted above.
by bsteo
Thu Jan 02, 2014 11:49 am
Forum: Malware
Topic: Trojan.Skimer.18 - Trojan.Skimer.17
Replies: 2
Views: 3447

Re: Trojan.Skimer.18 - Trojan.Skimer.17

Is this malware targeting specific ATM software?
by bsteo
Wed Dec 18, 2013 9:13 pm
Forum: Malware
Topic: Malicious firefox extension performing SQL attacks
Replies: 10
Views: 5706

Re: Malicious firefox extension performing SQL attacks

grum is a known malware seller and a ripper also (see TF and other forums)