Trojan.Spambot.Tedroo (grum)

Forum for analysis and discussion about malware.

Trojan.Spambot.Tedroo (grum)

Postby Xylitol » Wed Jun 01, 2011 2:26 pm

Trojan.Spambot: Tedroo

infos:
https://www.mysonicwall.com/sonicalert/ ... cle&id=317
http://www.bitdefender.com/VIRUS-100036 ... edroo.html

20/42 >> 47.6%
http://www.virustotal.com/file-scan/rep ... 1306935223

Code: Select all
220 mx.google.com ESMTP e25si2595928anp.203
HELO mx1.jbsl.com
250 mx.google.com at your service
MAIL FROM:<kdkddfbf@uaag.com>
250 2.1.0 OK e25si2595928anp.203
RCPT TO:<japanisalie@gmail.com>
250 2.1.5 OK e25si2595928anp.203
DATA
354  Go ahead e25si2595928anp.203
Received: from [197.148.108.118] ([193.165.191.159] helo=localhost.localdomain)
.by smtpn.cmffex.com (envelope-from <kdkddfbf@uaag.com>)
.(ecelerity 3.0.22.990062 r(61761)) with ESMTP
.id 39eE-476-4052e629Y6; Wed, 1 Jun 2011 04:04:30 +0100
To: japanisalie@gmail.com
Message-Id: <201106011408.YZNRH659@qhug1.com>
Date: Wed, 1 Jun 2011 04:01:04 +0100
Sender: kdkddfbf@uaag.com
From: "Gucci Louis.Vuitton" <kdkddfbf@uaag.com>
Mime-Version: 1.0
Subject: Replica-SHOP : Luxury Watches, Bags, Shoes vzi
Content-Type: text/plain;
.charset="us-ascii"
Content-Transfer-Encoding: 8bit

Super Replicas - Luxury Watches, Bags, Jewelry, Phones, Shoes - Unbelievable Pricing!
Watch shows your status! Girls love cool watch! ctl

http://iisnv.traincold.ru

.
550-5.7.1 [82.238.120.144       7] Our system has detected that this message is
550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,
550-5.7.1 this message has been blocked. Please visit                         
550-5.7.1 http://mail.google.com/support/bin/answer.py?hl=en&answer=188131 for
550 5.7.1 more information. e25si2595928anp.203


Image

Image
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1634
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 491

Grum Botnet

Postby C4$h » Thu Dec 12, 2013 8:59 pm

Hello, knows anyone here new information regarding the Grum bots?
http://krebsonsecurity.com/2012/08/insi ... um-botnet/
I will always whisper the source would be found in the network analysis.
Furthermore, I, the panel of Grum bots sent.
Does a more info or has binary files, source of the bots?

Thank you

best regards
C4$h
 
Posts: 2
Joined: Mon Jul 09, 2012 9:13 am
Reputation point: 0

Re: Trojan.Spambot.Tedroo

Postby Xylitol » Thu Dec 12, 2013 9:19 pm

From what's i've saw the 'leaked' package is absolutely broken.
I've released a small fix for the panel anyway (i was curious to see the interface) of course my fix can't be used for 'real case' there is too much work to do and the php code is really ugly, i don't know who coded the web app but... :?
Image Image Image
As see here some actions was took: viewtopic.php?f=16&t=1770&p=14752
But Tedroo guys still continue to use it, current version of grum is 722 and the leaked source is version 447.
There is also some people who like to show-off that they have 'latest' grum, have a look on the html file in attachement and on Spammer.Win32.Tedroo.gen!B.zip for a bin of the latest version.
https://www.virustotal.com/en/file/e497 ... 386885152/
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1634
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 491

Re: Trojan.Spambot.Tedroo (grum)

Postby C4$h » Tue Dec 17, 2013 1:56 pm

Can you tell me where I can find the leaked source version?

Thank you

yours sincerely,
C4$h
 
Posts: 2
Joined: Mon Jul 09, 2012 9:13 am
Reputation point: 0

Re: Trojan.Spambot.Tedroo (grum)

Postby Xylitol » Tue Dec 17, 2013 2:12 pm

Search on internet, i won't share it here.
User avatar
Xylitol
Global Moderator
 
Posts: 1634
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 491

Re: Trojan.Spambot.Tedroo (grum)

Postby grum » Tue Dec 17, 2013 4:11 pm

:lol: http://cybercrime-tracker.net/vx/GRUM.zip lame pack for all ( not full )

it's real big projects ~ 5 year by ukraina coder in Odes, Ukraine
grum
 
Posts: 38
Joined: Tue Nov 06, 2012 12:16 pm
Reputation point: -9


Return to Malware

Who is online

Users browsing this forum: No registered users and 7 guests