A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #11774  by rkhunter
 Thu Feb 23, 2012 1:02 pm
MD5: c9d860b12fec7540b840d517e2965b4d
2/41
You do not have the required permissions to view the files attached to this post.
 #11798  by rkhunter
 Fri Feb 24, 2012 6:07 pm
Cridex dropper, BH payload.

MD5: 85dc077d5e50b7e133fef85e09dfe2fb
7/41
You do not have the required permissions to view the files attached to this post.
 #11809  by Evilcry
 Sat Feb 25, 2012 6:21 pm
Hi,

The configuration of the above sample (85dc077d5e50b7e133fef85e09dfe2fb) targets several banks
from: USA, UK, France, Australia, United Arab Emirates, Saudi Arabia, Egypt, Netherlands, Germany.

WebInject code and URL Triggers like every Cridex (until this moment) are stored in clear in
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media Center\RANDOM_STRING]

Regards.
 #11938  by rkhunter
 Fri Mar 02, 2012 7:12 pm
One more dropper.

MD5: FE8880B69628AF77A9E40982CB15AEF1
10/43
You do not have the required permissions to view the files attached to this post.
 #11939  by rkhunter
 Fri Mar 02, 2012 7:16 pm
MD5: E6E3F2DD452FAD8D88E8156A4FA7CA2F
4/41
You do not have the required permissions to view the files attached to this post.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 15