Trojan.Spambot.Tedroo (grum)

Forum for analysis and discussion about malware.
Post Reply
User avatar
Xylitol
Global Moderator
Posts: 1670
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Trojan.Spambot.Tedroo (grum)

Post by Xylitol » Wed Jun 01, 2011 2:26 pm

Trojan.Spambot: Tedroo

infos:
https://www.mysonicwall.com/sonicalert/ ... cle&id=317
http://www.bitdefender.com/VIRUS-100036 ... edroo.html

20/42 >> 47.6%
http://www.virustotal.com/file-scan/rep ... 1306935223

Code: Select all

220 mx.google.com ESMTP e25si2595928anp.203
HELO mx1.jbsl.com
250 mx.google.com at your service
MAIL FROM:<kdkddfbf@uaag.com>
250 2.1.0 OK e25si2595928anp.203
RCPT TO:<japanisalie@gmail.com>
250 2.1.5 OK e25si2595928anp.203
DATA
354  Go ahead e25si2595928anp.203
Received: from [197.148.108.118] ([193.165.191.159] helo=localhost.localdomain)
.by smtpn.cmffex.com (envelope-from <kdkddfbf@uaag.com>)
.(ecelerity 3.0.22.990062 r(61761)) with ESMTP
.id 39eE-476-4052e629Y6; Wed, 1 Jun 2011 04:04:30 +0100
To: japanisalie@gmail.com
Message-Id: <201106011408.YZNRH659@qhug1.com>
Date: Wed, 1 Jun 2011 04:01:04 +0100
Sender: kdkddfbf@uaag.com
From: "Gucci Louis.Vuitton" <kdkddfbf@uaag.com>
Mime-Version: 1.0
Subject: Replica-SHOP : Luxury Watches, Bags, Shoes vzi
Content-Type: text/plain;
.charset="us-ascii"
Content-Transfer-Encoding: 8bit

Super Replicas - Luxury Watches, Bags, Jewelry, Phones, Shoes - Unbelievable Pricing!
Watch shows your status! Girls love cool watch! ctl

http://iisnv.traincold.ru

.
550-5.7.1 [82.238.120.144       7] Our system has detected that this message is
550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,
550-5.7.1 this message has been blocked. Please visit                          
550-5.7.1 http://mail.google.com/support/bin/answer.py?hl=en&answer=188131 for
550 5.7.1 more information. e25si2595928anp.203
Image

Image
You do not have the required permissions to view the files attached to this post.

C4$h
Posts: 2
Joined: Mon Jul 09, 2012 9:13 am

Grum Botnet

Post by C4$h » Thu Dec 12, 2013 8:59 pm

Hello, knows anyone here new information regarding the Grum bots?
http://krebsonsecurity.com/2012/08/insi ... um-botnet/
I will always whisper the source would be found in the network analysis.
Furthermore, I, the panel of Grum bots sent.
Does a more info or has binary files, source of the bots?

Thank you

best regards

User avatar
Xylitol
Global Moderator
Posts: 1670
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan.Spambot.Tedroo

Post by Xylitol » Thu Dec 12, 2013 9:19 pm

From what's i've saw the 'leaked' package is absolutely broken.
I've released a small fix for the panel anyway (i was curious to see the interface) of course my fix can't be used for 'real case' there is too much work to do and the php code is really ugly, i don't know who coded the web app but... :?
Image Image Image
As see here some actions was took: http://www.kernelmode.info/forum/viewto ... 70&p=14752
But Tedroo guys still continue to use it, current version of grum is 722 and the leaked source is version 447.
There is also some people who like to show-off that they have 'latest' grum, have a look on the html file in attachement and on Spammer.Win32.Tedroo.gen!B.zip for a bin of the latest version.
https://www.virustotal.com/en/file/e497 ... 386885152/
You do not have the required permissions to view the files attached to this post.

C4$h
Posts: 2
Joined: Mon Jul 09, 2012 9:13 am

Re: Trojan.Spambot.Tedroo (grum)

Post by C4$h » Tue Dec 17, 2013 1:56 pm

Can you tell me where I can find the leaked source version?

Thank you

yours sincerely,

User avatar
Xylitol
Global Moderator
Posts: 1670
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan.Spambot.Tedroo (grum)

Post by Xylitol » Tue Dec 17, 2013 2:12 pm

Search on internet, i won't share it here.

grum
Posts: 38
Joined: Tue Nov 06, 2012 12:16 pm

Re: Trojan.Spambot.Tedroo (grum)

Post by grum » Tue Dec 17, 2013 4:11 pm

:lol: http://cybercrime-tracker.net/vx/GRUM.zip lame pack for all ( not full )

it's real big projects ~ 5 year by ukraina coder in Odes, Ukraine

Post Reply