Point-of-Sale malwares / RAM scrapers

Forum for analysis and discussion about malware.
User avatar
Xylitol
Global Moderator
Posts: 1680
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by Xylitol » Tue Mar 03, 2015 1:12 pm

https://www.virustotal.com/en/file/686d ... /analysis/

Image
var_dump() on the gate ?
[syntax="sql"]INSERT INTO `track_storage` (cc, t1, encoding, process, ip, date) VALUES (XYL2K!, 'XYL2K!', 0, 'XYL2K!', '142.4.213.25', null) ON DUPLICATE KEY UPDATE date=now(), encoding=0, t1='XYL2K!', process='XYL2K!', ip = '142.4.213.25' [/syntax]
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1156
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by rkhunter » Sat Mar 21, 2015 5:17 pm

PoSeidon, A Deep Dive Into Point of Sale Malware

http://blogs.cisco.com/security/talos/poseidon

dhuss
Posts: 7
Joined: Mon Apr 14, 2014 4:17 pm

Re: Point-of-Sale malwares / RAM scrapers

Post by dhuss » Mon Mar 23, 2015 1:01 pm

PoSeidon same as FindPOS covered by Palo Alto: http://researchcenter.paloaltonetworks. ... iscovered/

Some samples attached:
https://www.virustotal.com/en/file/28ca ... /analysis/ - PoSeidon/FindPOS
https://www.virustotal.com/en/file/7b78 ... /analysis/ - Keylogging/LogMeIn Recon as described by Palo Alto
You do not have the required permissions to view the files attached to this post.

malwarelabs
Posts: 44
Joined: Tue Dec 10, 2013 9:07 am

Re: Point-of-Sale malwares / RAM scrapers

Post by malwarelabs » Tue Mar 31, 2015 12:03 pm

You do not have the required permissions to view the files attached to this post.

malwarelabs
Posts: 44
Joined: Tue Dec 10, 2013 9:07 am

Re: Point-of-Sale malwares / RAM scrapers

Post by malwarelabs » Fri Apr 03, 2015 9:34 am

JackPOS again.
Same team, other c&c.
C&C http://masco.com.sa/jackposprivate12/ad ... login=true
You do not have the required permissions to view the files attached to this post.

robemtnez
Posts: 15
Joined: Tue Feb 03, 2015 4:11 pm

Re: Point-of-Sale malwares / RAM scrapers

Post by robemtnez » Wed Apr 15, 2015 7:08 pm


User avatar
Blaze
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by Blaze » Thu Apr 16, 2015 7:22 am

robemtnez wrote:New POS Malware Emerges - Punkey
https://www.trustwave.com/Resources/Spi ... ---Punkey/
Attached:
0a33332d200e52875c00ea98417b71621b77a9dc291e6a3bdbd69569aac670cf
e0c4696093c71a8bbcd2aef357afca6c7b7fbfe787406f6797636a67ae9b975d
You do not have the required permissions to view the files attached to this post.

grum
Posts: 38
Joined: Tue Nov 06, 2012 12:16 pm

Re: Point-of-Sale malwares / RAM scrapers

Post by grum » Thu Apr 16, 2015 5:37 pm

FighterPOS :?

http://housecall.trendmicro.com/media/w ... per-en.pdf

http://blog.trendmicro.com.br/fighterpo ... S_xNvCZFdg


https://malwr.com/analysis/MzA2MTdjODVh ... dkMWRmMmY/

Code: Select all

D*\AC:\Users\avanni\Dropbox\BrFighter Bot\Project1.vbp
Microsoft Base Cryptographic Provider v1.0
16006833
69.195.77.74
/BrFighter/
AlE29132913
ArV2m2cGLrjF0s4s
Windows Update
systemroot
\Windows Update
appdata
\InternetExplorer.exe
vbCrLf
bot/command.php?id=

byte
Posts: 1
Joined: Sun Mar 15, 2015 5:29 am

Re: Point-of-Sale malwares / RAM scrapers

Post by byte » Fri Apr 17, 2015 10:55 am

Any information to Powerfail - Mic3K V1.10.10 ?
Found it on a WinXP Pos System. I have no sample yet. Maybe later.

User avatar
Xylitol
Global Moderator
Posts: 1680
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by Xylitol » Sun May 24, 2015 12:06 pm

You do not have the required permissions to view the files attached to this post.

Post Reply