A forum for reverse engineering, OS internals and malware analysis 

Search found 8 matches

 Go to advanced search

SteamStealer malware.

 by kd77 ¦  Fri Feb 16, 2018 11:46 am ¦  Forum: Malware ¦  Topic: SteamStealer malware. ¦  Replies: 1 ¦  Views: 3334

Distributed via Steam chat, hxxp://screenjpeg.tech/pictures291.jpg. Looks like the malware swaps steam trade links to the crooks account to steal steam items, the original file name was "pictures291.scr". Interesting strings. 0x380ea95 (118): D:\asd\php\steam_complex\New_steal\new_steal_no_proxy\14v...

Re: .INK Powershell Downloader

 by kd77 ¦  Wed Jul 12, 2017 12:30 pm ¦  Forum: Malware ¦  Topic: .INK Powershell Downloader ¦  Replies: 5 ¦  Views: 9220

I've done more analysis, it looks like a banking trojan designed for barclays bank and calls back to multiple domains via HTTP. Strings: 0x2c05c78 (905): .Views.TakeOver.MakeAPaymentUK.js GP data_before if(this.isNumeric(a.val())){ data_end data_inject if (a.attr('id')=="paymentAmount" && iBarclays....

Re: .INK Powershell Downloader

 by kd77 ¦  Wed Jul 12, 2017 10:21 am ¦  Forum: Malware ¦  Topic: .INK Powershell Downloader ¦  Replies: 5 ¦  Views: 9220

Sure, it just downloads 2 files, and sends http requests to an array of domain names. The process is injected into rundll32, or drops a dll and runs I'm not that sure.

I will post the contents of the email when I can. :o

.INK Powershell Downloader

 by kd77 ¦  Tue Jul 11, 2017 9:50 pm ¦  Forum: Malware ¦  Topic: .INK Powershell Downloader ¦  Replies: 5 ¦  Views: 9220

I'm quite new to this but I think I've found a powershell downloader in the wild which is FUD currently. :oops:

I obtained this malware via my Email inbox from a hack server.


How I FUDed a meterpreter payload!!

 by kd77 ¦  Sun Feb 26, 2017 2:23 pm ¦  Forum: User-Mode Development ¦  Topic: How I FUDed a meterpreter payload!! ¦  Replies: 1 ¦  Views: 9086

Hi, I thought I should start contributing to this forum because its a sound forum! :lol: :lol: :lol: I was doing some pentesting in my hacking lab and I came across a problem when using Meterpreter. Automation and persistence, yes I know there are already premade modules for this but they're not ver...

Looking for Zyklon H.T.T.P malware sample?

 by kd77 ¦  Wed Dec 21, 2016 5:43 pm ¦  Forum: Completed Malware Requests ¦  Topic: Looking for Zyklon H.T.T.P malware sample? ¦  Replies: 1 ¦  Views: 4467

Pretty much the subject, thread about the malware here. https://hackforums.net/showthread.php?tid=5495620 Client Features Tor Support (You can now host it as a hidden service! Nothing is downloaded and tor is injected into already running process.) Botkiller Keylogger Anti Bot-Kill Process persisten...

Re: How did you get into malware analysis?

 by kd77 ¦  Thu Oct 06, 2016 3:03 pm ¦  Forum: Newbie Questions ¦  Topic: How did you get into malware analysis? ¦  Replies: 2 ¦  Views: 15585

I did development work and then got a job doing incident response and transitioned from that to doing malware research. There are numerous resources and links on this forum leading to book recommendations and tutorials that would help you get into looking at malware. Crackmes are a common recommend...

How did you get into malware analysis?

 by kd77 ¦  Thu Sep 29, 2016 9:34 am ¦  Forum: Newbie Questions ¦  Topic: How did you get into malware analysis? ¦  Replies: 2 ¦  Views: 15585

I'm finding malware analysis very intresting at the moment but I feel like I'm missing a very big bit of information about the subject. Would just jumping straight into analysis be the best way to learn or infact creating your own malware to know key fundementals on how they work? Thanks for any fee...