A forum for reverse engineering, OS internals and malware analysis 

Search found 4 matches

 Go to advanced search

Re: Win32/Steamguard

 by korn36 ¦  Thu Aug 14, 2014 9:41 am ¦  Forum: Malware ¦  Topic: Win32/Steamguard ¦  Replies: 13 ¦  Views: 12712

Another sample of the .NET variant (xQuadStealer)
7FDCFDAB72C64DCDC45D7EC6BDD2ABFC

Re: Win32/Steamguard

 by korn36 ¦  Mon Aug 11, 2014 8:31 pm ¦  Forum: Malware ¦  Topic: Win32/Steamguard ¦  Replies: 13 ¦  Views: 12712

Some .NET variant of this… Seems to be called "xQuadStealer".

Re: Win32/Bladabindi (NJ RAT)

 by korn36 ¦  Wed Feb 12, 2014 6:01 pm ¦  Forum: Malware ¦  Topic: Win32/Bladabindi (NJ RAT) ¦  Replies: 17 ¦  Views: 24415

njRat client, used for controlling the infected machines: https://hostr.co/m8v3A4GzWerB

Re: Trojan:HTML/Browlock.A

 by korn36 ¦  Sat Dec 28, 2013 7:54 am ¦  Forum: Malware ¦  Topic: Trojan:HTML/Browlock.A ¦  Replies: 10 ¦  Views: 16382

hxxp://police-guardian.net/ Multilanguage. I ran a script which loops over a list of ISO-3116-1 Alpha-2 country codes and checks if the header.jpg file for each country exists on the site. Results: AU, AT, BE, BO, CA, CY, CZ, EC, FI, FR, DE, GR, HU, IE, IT, LV, MX, NL, NZ, NO, PL, PT, RO, SK, SI, E...