Point-of-Sale malwares / RAM scrapers

Forum for analysis and discussion about malware.
User avatar
Xylitol
Global Moderator
Posts: 1681
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by Xylitol » Thu Mar 14, 2013 8:56 am

Win32/Spy.POSCardStealer.K (vSkimmer)
https://www.virustotal.com/fr/file/e3f4 ... 363248755/
https://www.virustotal.com/fr/file/5560 ... 363251105/

Code: Select all

hxxp://gmxdotkomlive.ru/api/_admin/index.php?u=admin
203.142.16.41
locs:

Code: Select all

http://ajutorpc.ro/Order.zip
http://photoscrapz.com/Order.zip
http://www.carduelis.gr/Order.zip
http://hipospadias.ro/Order.zip
http://uretroplastii.ro/Order.zip
http://www.designtg.web4hosting.pl/Order.zip
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1681
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by Xylitol » Sun Mar 24, 2013 10:20 am

Win32/Spy.POSCardStealer.L
Come from:

Code: Select all

royjamesinsurance.com/images/cisco1.exe
royjamesinsurance.com/images/cisco0.exe

9f456687aad8d329e347fb00fe01e6b4 - VT: 2/46
a3224de91bab9d0c22498853de86808d - VT: 2/46
You do not have the required permissions to view the files attached to this post.

p4r4n0id
Posts: 126
Joined: Thu Sep 22, 2011 11:36 am
Location: Israel
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by p4r4n0id » Wed Mar 27, 2013 8:03 pm

Keep Low. Move Fast. Kill First. Die Last. One Shot. One Kill. No Luck. Pure Skill.
http://p4r4n0id.com/

bsteo
Posts: 84
Joined: Fri Nov 16, 2012 5:50 pm

Re: Point-of-Sale malwares / RAM scrapers

Post by bsteo » Wed Mar 27, 2013 9:03 pm

Not much info. Found any MD5 hash of some binary?

grum
Posts: 38
Joined: Tue Nov 06, 2012 12:16 pm

Re: Point-of-Sale malwares / RAM scrapers

Post by grum » Wed Mar 27, 2013 9:39 pm

:D video working
Dump Memory Grabber bot


http://goo.gl/AEZrE
http://goo.gl/NJQau
Last edited by grum on Wed Mar 27, 2013 11:02 pm, edited 1 time in total.

p4r4n0id
Posts: 126
Joined: Thu Sep 22, 2011 11:36 am
Location: Israel
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by p4r4n0id » Wed Mar 27, 2013 9:39 pm

exitthematrix wrote:
Not much info. Found any MD5 hash of some binary?
No, still looking for....
Keep Low. Move Fast. Kill First. Die Last. One Shot. One Kill. No Luck. Pure Skill.
http://p4r4n0id.com/

User avatar
Xylitol
Global Moderator
Posts: 1681
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by Xylitol » Mon Apr 01, 2013 1:26 pm

Win32/Spy.POSCardStealer.M

Code: Select all

loc: hxxp://robertwindpony.com/small.exe
https://www.virustotal.com/fr/file/fd05 ... 364822459/
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1681
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by Xylitol » Wed Apr 03, 2013 3:07 pm

Win32/Spy.POSCardStealer.N (Ree4 Dump Memory Grabber)
https://www.virustotal.com/fr/file/7453 ... 365001507/
https://www.virustotal.com/en/file/8ca0 ... 365001512/
panel at ree4.7ci.ru/dus.php
very weak at all.
You do not have the required permissions to view the files attached to this post.

HackedPOS
Posts: 1
Joined: Thu Apr 18, 2013 6:15 pm

Re: Point-of-Sale malwares / RAM scrapers

Post by HackedPOS » Thu Apr 18, 2013 6:21 pm

VISA Sent out a Data Security Alert regarding memory-parsing POS malware:

http://www.scribd.com/doc/136739426/ALE ... s-04112013

bsteo
Posts: 84
Joined: Fri Nov 16, 2012 5:50 pm

Re: Point-of-Sale malwares / RAM scrapers

Post by bsteo » Fri Apr 19, 2013 9:06 am

HackedPOS wrote:VISA Sent out a Data Security Alert regarding memory-parsing POS malware:

http://www.scribd.com/doc/136739426/ALE ... s-04112013
Any samples from those hashes in the doc?

Post Reply