GreenDispenser

Forum for analysis and discussion about malware.

GreenDispenser

Postby Xylitol » Sat Sep 26, 2015 12:11 am

Meet GreenDispenser: A New Breed of ATM Malware ~ https://www.proofpoint.com/us/threat-in ... nDispenser
c:\src\Misc\sdel\Release\sdelete.pdb SDelete embedded

bff1bf173b934a4255b4eca0fbaa6309
1dbac403209d1f5aac9bdac28d4ea335
c10b0157f6fd6590424a748f3c6c80ee
bcd3cdbded825b96861bfbc7a399b89a
e1f9360f952acf5dabdf2f46458e7842

Image Image Image Image

Dirty modifications to bypass time check + two-factor authentication:
Code: Select all
on 1dbac403209d1f5aac9bdac28d4ea335
0040C495    . /0F85 24010000   JNZ 1dbac403.0040C5BF ; Fill with NOP's
0040C4A1    . /0F83 18010000   JNB 1dbac403.0040C5BF ; Fill with NOP's
00403DA4       E8 070C0000     CALL 1dbac403.004049B0 ; Fill with NOP's
00404641    . /0F85 03020000   JNZ 1dbac403.0040484A ; JMP 0040484A
00403DDF    .^\74 C3           JE SHORT 1dbac403.00403DA4 ; Fill with NOP's

Patched: https://www.virustotal.com/en/file/5a37 ... 445341792/
Debug video ~ https://www.youtube.com/watch?v=n_iBDVnNPI0
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1635
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 494

Return to Malware

Who is online

Users browsing this forum: No registered users and 11 guests