A forum for reverse engineering, OS internals and malware analysis 

Search found 13 matches

 Go to advanced search

Badrabbit

 by Ludvig ¦  Tue Oct 24, 2017 2:46 pm ¦  Forum: Malware ¦  Topic: Badrabbit ¦  Replies: 6 ¦  Views: 10028

Re: Client Maxmius Banking Trojan targeting Brazilian Users

 by Ludvig ¦  Mon Oct 23, 2017 3:02 pm ¦  Forum: Malware ¦  Topic: Client Maxmius Banking Trojan targeting Brazilian Users ¦  Replies: 2 ¦  Views: 4635

can you share anothe files which malware was downloading

Code: Select all
/?fn
/?exe
/?cfg
/?bin
/?dll32
/?dll64
/?t
/?dllb
/?dllf

Zberp sample

 by Ludvig ¦  Tue Oct 17, 2017 8:04 am ¦  Forum: Completed Malware Requests ¦  Topic: Zberp sample ¦  Replies: 1 ¦  Views: 4268

i'm looking for sample Zberp

6D2E29A65A72EF099DB12B722D15FC43

http://www.serverinstall.net/blog/2017/ ... procedure/

Necurs from article CiscoTalos

 by Ludvig ¦  Wed Mar 22, 2017 6:56 am ¦  Forum: Completed Malware Requests ¦  Topic: Necurs from article CiscoTalos ¦  Replies: 0 ¦  Views: 6913

http://blog.talosintelligence.com/2017/ ... ifies.html
Somebody are sharing SHA sample with alive C&C from article

Re: Odinaff

 by Ludvig ¦  Thu Oct 13, 2016 9:38 am ¦  Forum: Malware ¦  Topic: Odinaff ¦  Replies: 3 ¦  Views: 15491

Re: Linux/LuaBot

 by Ludvig ¦  Fri Sep 16, 2016 3:12 pm ¦  Forum: Malware ¦  Topic: Linux/LuaBot ¦  Replies: 7 ¦  Views: 12836

i unpacked lua script.

sign gzip )

Code: Select all
.00102018:  1F 8B 08 00-4E BD AC 57-00 03 AC 3C-6B 73 E3 46

goznym

 by Ludvig ¦  Thu Aug 25, 2016 11:22 am ¦  Forum: Completed Malware Requests ¦  Topic: goznym ¦  Replies: 1 ¦  Views: 3282

I'm looking for goznym sample from the article
https://securityintelligence.com/goznym ... n-germany/

Re: PbBot bootkit (alias Plite, GBPBoot)

 by Ludvig ¦  Tue Jul 05, 2016 1:05 pm ¦  Forum: Malware ¦  Topic: PbBot bootkit (alias Plite, GBPBoot) ¦  Replies: 22 ¦  Views: 28001

nobody say about payload, only installer, dropper, mbr and etc boring things, what is payload this malware? is it only downloader?

MEDJACK.2 (Conficker)

 by Ludvig ¦  Fri Jul 01, 2016 12:55 pm ¦  Forum: Completed Malware Requests ¦  Topic: MEDJACK.2 (Conficker) ¦  Replies: 1 ¦  Views: 3092

i'm looking for actual sample conficker from this article
http://deceive.trapx.com/rs/929-JEW-675 ... JACK.2.pdf

Re: Win32/Xswkit (alias Gootkit)

 by Ludvig ¦  Fri Jun 17, 2016 9:02 am ¦  Forum: Malware ¦  Topic: Win32/Xswkit (alias Gootkit) ¦  Replies: 61 ¦  Views: 123538

gootkit scripts unpacked