Help identify malware

Forum for analysis and discussion about malware.

Help identify malware

Postby puzzlex » Fri Aug 25, 2017 1:33 pm

Anyone recognizes?
You do not have the required permissions to view the files attached to this post.
puzzlex
 
Posts: 20
Joined: Tue Oct 20, 2015 12:22 pm
Reputation point: 2

Re: Help identify malware

Postby puzzlex » Fri Aug 25, 2017 2:40 pm

C&C 1 (not sure if there were more):

http://www.bella-bg.com/private/

Looks a nifty malware, shame they do not use SSL at this level.
puzzlex
 
Posts: 20
Joined: Tue Oct 20, 2015 12:22 pm
Reputation point: 2

Re: Help identify malware

Postby Antelox » Sun Aug 27, 2017 8:21 am

This is FormBook form grabber.

C&C:
Code: Select all
hxxp://www.bella-bg.com/private


BR,

Antelox
Antelox
 
Posts: 130
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 106

Re: Help identify malware

Postby puzzlex » Sun Aug 27, 2017 10:12 pm

You rock! BIG THANK
puzzlex
 
Posts: 20
Joined: Tue Oct 20, 2015 12:22 pm
Reputation point: 2

Re: Help identify malware

Postby puzzlex » Tue Sep 12, 2017 9:53 am

Control Panel:
script.zip

It is not the full panel unfortunately, config.php missing :(
Got it from: http://www.olalimpopo.com/j0g2z5t/
You do not have the required permissions to view the files attached to this post.
puzzlex
 
Posts: 20
Joined: Tue Oct 20, 2015 12:22 pm
Reputation point: 2

Re: Help identify malware

Postby tildedennis » Sun Oct 22, 2017 10:23 pm

@moderators maybe we can rename this thread to "Formbook Form Grabber"

Couple of posts:

[*] https://www.arbornetworks.com/blog/aser ... m-grabber/
[*] https://www.fireeye.com/blog/threat-res ... aigns.html

I'm starting to see newer versions (3.2, 3.3, and 3.4) since the posts
You do not have the required permissions to view the files attached to this post.
tildedennis
 
Posts: 32
Joined: Mon Jun 17, 2013 7:57 pm
Reputation point: 17


Return to Malware

Who is online

Users browsing this forum: No registered users and 13 guests