A forum for reverse engineering, OS internals and malware analysis 

Search found 86 matches

 Go to advanced search

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Thu Nov 10, 2016 11:15 am ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 864111

No PDO in XXI century? :)

Re: Android Malware(All Android malware goes here)

 by bsteo ¦  Thu Nov 10, 2016 11:09 am ¦  Forum: Malware ¦  Topic: Android Malware(All Android malware goes here) ¦  Replies: 105 ¦  Views: 191958

@Antelox, thanks mate :)
Was SHA256, my bad...

Re: Android Malware(All Android malware goes here)

 by bsteo ¦  Thu Nov 10, 2016 9:25 am ¦  Forum: Malware ¦  Topic: Android Malware(All Android malware goes here) ¦  Replies: 105 ¦  Views: 191958

Anybody can get this sample?
SHA1 = e5df30b41b0c50594c2b77c1d5d6916a9ce925f792c563f692426c2d50aa2524
Source https://blog.fortinet.com/2016/11/01/an ... media-apps

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Wed Mar 12, 2014 8:59 pm ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 864111

I think that's the style of the panel author not Dexter's author.

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Sat Feb 01, 2014 5:57 pm ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 864111

Did a little quick work on Chewbacca. Very simple malware, tor proxy and a basic memory parser and keylogger. Gets public IP accessing http://ekiga.net/ip/ (service disabled now), scans memory then sends plain-text base64-encoded data to a PHP panel under a TOR .onion domain to two scripts: 1. sendl...

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Sat Feb 01, 2014 11:59 am ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 864111

Any good info/sample on new 'ChewBacca'? MD5: 21f8b9d9a6fa3a0cd3a3f0644636bf09 https://blogs.rsa.com/rsa-uncovers-new-pos-malware-operation-stealing-payment-card-personal-information/ https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware http://threatpost.com/chew...

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Sat Jan 25, 2014 4:47 pm ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 864111

Xylitol wrote:Decebal coder is retarded.
4744870016311111 is invalid luhn and the procedure behind check if the number is luhn valid so he don't even need to put this one on the 'blacklist' in theory.
Agree, he doesn't even have a real LUHN procedure to check, only the name.

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Fri Jan 24, 2014 1:10 pm ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 864111

Look mom, I'm famous, lol :)

Code: Select all
sListaNeagra(26) = "4744870016311111" 'exitthematrix pos trigger
Inside Decebal src posted above.

Re: Trojan.Skimer.18 - Trojan.Skimer.17

 by bsteo ¦  Thu Jan 02, 2014 11:49 am ¦  Forum: Malware ¦  Topic: Trojan.Skimer.18 - Trojan.Skimer.17 ¦  Replies: 2 ¦  Views: 4453

Is this malware targeting specific ATM software?

Re: Malicious firefox extension performing SQL attacks

 by bsteo ¦  Wed Dec 18, 2013 9:13 pm ¦  Forum: Malware ¦  Topic: Malicious firefox extension performing SQL attacks ¦  Replies: 10 ¦  Views: 6909

grum is a known malware seller and a ripper also (see TF and other forums)

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9