A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #18522  by Xylitol
 Thu Mar 14, 2013 8:56 am
Win32/Spy.POSCardStealer.K (vSkimmer)
https://www.virustotal.com/fr/file/e3f4 ... 363248755/
https://www.virustotal.com/fr/file/5560 ... 363251105/
Code: Select all
hxxp://gmxdotkomlive.ru/api/_admin/index.php?u=admin
203.142.16.41
locs:
Code: Select all
http://ajutorpc.ro/Order.zip
http://photoscrapz.com/Order.zip
http://www.carduelis.gr/Order.zip
http://hipospadias.ro/Order.zip
http://uretroplastii.ro/Order.zip
http://www.designtg.web4hosting.pl/Order.zip
You do not have the required permissions to view the files attached to this post.
 #18679  by Xylitol
 Sun Mar 24, 2013 10:20 am
Win32/Spy.POSCardStealer.L
Come from:
Code: Select all
royjamesinsurance.com/images/cisco1.exe
royjamesinsurance.com/images/cisco0.exe

9f456687aad8d329e347fb00fe01e6b4 - VT: 2/46
a3224de91bab9d0c22498853de86808d - VT: 2/46
You do not have the required permissions to view the files attached to this post.
 #18728  by p4r4n0id
 Wed Mar 27, 2013 9:39 pm
exitthematrix wrote:
p4r4n0id wrote:Dump Memory Grabber - http://www.securityweek.com/exclusive-n ... r-us-banks

http://darkmoney.cc/kuplya-prodazha-36/ ... ojan-5117/

sample anyone?
Not much info. Found any MD5 hash of some binary?
No, still looking for....
 #18827  by Xylitol
 Wed Apr 03, 2013 3:07 pm
Win32/Spy.POSCardStealer.N (Ree4 Dump Memory Grabber)
https://www.virustotal.com/fr/file/7453 ... 365001507/
https://www.virustotal.com/en/file/8ca0 ... 365001512/
panel at ree4.7ci.ru/dus.php
very weak at all.
You do not have the required permissions to view the files attached to this post.
  • 1
  • 8
  • 9
  • 10
  • 11
  • 12
  • 25