KernelMode.info

No PDO in XXI century?

@Antelox, thanks mate
Was SHA256, my bad...

Anybody can get this sample?
SHA1 = e5df30b41b0c50594c2b77c1d5d6916a9ce925f792c563f692426c2d50aa2524
Source https://blog.fortinet.com/2016/11/01/an ... media-apps

I think that's the style of the panel author not Dexter's author.

Did a little quick work on Chewbacca. Very simple malware, tor proxy and a basic memory parser and keylogger. Gets public IP accessing http://ekiga.net/ip/ (service disabled now), scans memory then sends plain-text base64-encoded data to a PHP panel under a TOR .onion domain to two scripts: 1. sendl...

Any good info/sample on new 'ChewBacca'? MD5: 21f8b9d9a6fa3a0cd3a3f0644636bf09 https://blogs.rsa.com/rsa-uncovers-new-pos-malware-operation-stealing-payment-card-personal-information/ https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware http://threatpost.com/chew...

Xylitol wrote:Decebal coder is retarded.
4744870016311111 is invalid luhn and the procedure behind check if the number is luhn valid so he don't even need to put this one on the 'blacklist' in theory.

Agree, he doesn't even have a real LUHN procedure to check, only the name.

Look mom, I'm famous, lol
Inside Decebal src posted above.

Is this malware targeting specific ATM software?

grum is a known malware seller and a ripper also (see TF and other forums)