Trojan-Spy.Win32.TeleBot.a

Forum for analysis and discussion about malware.
Post Reply
User avatar
Xylitol
Global Moderator
Posts: 1659
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Trojan-Spy.Win32.TeleBot.a

Post by Xylitol » Tue Feb 13, 2018 7:39 pm

Zero-day vulnerability in Telegram ~ https://securelist.com/zero-day-vulnera ... ram/83800/
Telegram 0-Day Used to Spread Monero and Zcash Mining Malware ~ https://www.bleepingcomputer.com/news/s ... g-malware/
Telegram Founder: Crypto Mining Malware Attack Isn't Due to App Flaw ~ https://t.me/durov/71
¯\_(ツ)_/¯ ~ https://twitter.com/codelancer/status/9 ... 1019179008

Downloader: https://www.virustotal.com/en/file/f775 ... 518549189/

Code: Select all

public static string Token = "349810543:AAHThGGPckBg6prpAvENzmecI2DPaj31D5Q";
You do not have the required permissions to view the files attached to this post.

User avatar
p1nk
Posts: 43
Joined: Thu Oct 29, 2015 1:09 am

Re: Trojan-Spy.Win32.TeleBot.a

Post by p1nk » Tue Feb 20, 2018 1:21 am

Damn. The author really wanted to make sure they have coverage for all systems:

Code: Select all

if (platform == PlatformID.Win32NT)
							{
								byte wProductType = oSVERSIONINFOEX.wProductType;
								switch (major)
								{
								case 3:
									text = "Windows NT 3.51";
									break;
								case 4:
								{

Post Reply