A forum for reverse engineering, OS internals and malware analysis 

Search found 16 matches

 Go to advanced search

ATM malware

 by Bogdan-Mihai ¦  Tue Feb 21, 2017 10:12 am ¦  Forum: General Discussion ¦  Topic: ATM malware ¦  Replies: 0 ¦  Views: 5882

So ... I am running some tests with malware on test ATMs. I know some time ago there was a flaw in security solutions like SolidCore from McAfee (is like the old DeepFreeze for internet cafe's PCs) that helped some ATM malware bypass it. Are you aware of any new attacks of this kind or any malware s...

Re: Malware collection

 by Bogdan-Mihai ¦  Wed Feb 08, 2017 11:45 am ¦  Forum: Malware ¦  Topic: Keybase keylogger ¦  Replies: 2 ¦  Views: 317

Antelox wrote:
Bogdan-Mihai wrote:A recent keylogger from a malspam. Doc with macro + payload.
Keybase keylogger

Post to:
185.145.128.177/components/chibu/post.php
BR,

Antelox
Yup. I should have said that.

Keybase keylogger

 by Bogdan-Mihai ¦  Wed Feb 08, 2017 10:54 am ¦  Forum: Malware ¦  Topic: Keybase keylogger ¦  Replies: 2 ¦  Views: 317

A recent keylogger from a malspam. Doc with macro + payload.

This guys are funny

 by Bogdan-Mihai ¦  Thu Jan 05, 2017 10:06 am ¦  Forum: General Discussion ¦  Topic: This guys are funny ¦  Replies: 1 ¦  Views: 5338

Re: Locky ransomware

 by Bogdan-Mihai ¦  Tue Dec 06, 2016 10:40 am ¦  Forum: Malware ¦  Topic: Locky ransomware ¦  Replies: 142 ¦  Views: 203269

New version with .osiris extension.

https://www.bleepingcomputer.com/news/s ... extension/

If I catch one, I`ll post it here asap.

Re: Locky ransomware

 by Bogdan-Mihai ¦  Tue Nov 29, 2016 10:46 am ¦  Forum: Malware ¦  Topic: Locky ransomware ¦  Replies: 142 ¦  Views: 203269

Same as above ".zzzz" extension, but an Locky excel macro sample from today malspam.
VT: https://www.virustotal.com/en/file/af59 ... /analysis/

C&C still up at the time of this post.

Re: Locky ransomware

 by Bogdan-Mihai ¦  Fri Nov 25, 2016 10:21 am ¦  Forum: Malware ¦  Topic: Locky ransomware ¦  Replies: 142 ¦  Views: 203269

There's a new one in the wild.
I think this is it: https://www.virustotal.com/en/file/4b9a ... 479986832/
Some send it as .hta file, in facebook messenger looks like a picture. People think is an image so they double click it.

Re: HIDEDRV sample

 by Bogdan-Mihai ¦  Wed Nov 09, 2016 9:29 am ¦  Forum: Malware ¦  Topic: HIDEDRV sample ¦  Replies: 7 ¦  Views: 13704

MindfreaK wrote:Interesting paper. Does somebody know when the binary was found ?
Or can somebody provide vt link?
Does somebody know where the name Sednit comes from ?
https://virustotal.com/en/file/4bfe2216 ... /analysis/

Re: Hello!

 by Bogdan-Mihai ¦  Fri Nov 04, 2016 8:00 am ¦  Forum: General Discussion ¦  Topic: Hello! ¦  Replies: 3 ¦  Views: 28182

Welcome! :)

Re: Point-of-Sale malwares / RAM scrapers

 by Bogdan-Mihai ¦  Mon Oct 24, 2016 8:25 am ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 864400

ProjectHook RAM scraper seems to be alive (thx to xylitol) I cannot found any malware sample but attached the source code of the new panel http://i.imgur.com/aeWmlAc.png new gate rxcx.php: <?php //$email = "XXXX@XXXX.XXX"; $email = "XXXX@XXXX.XX"; $headers  = "MIME-Version: 1.0\r\n"; $headers .= "C...