A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #25380  by Xylitol
 Tue Mar 03, 2015 1:12 pm
https://www.virustotal.com/en/file/686d ... /analysis/

Image
var_dump() on the gate ?
[syntax="sql"]INSERT INTO `track_storage` (cc, t1, encoding, process, ip, date) VALUES (XYL2K!, 'XYL2K!', 0, 'XYL2K!', '142.4.213.25', null) ON DUPLICATE KEY UPDATE date=now(), encoding=0, t1='XYL2K!', process='XYL2K!', ip = '142.4.213.25' [/syntax]
You do not have the required permissions to view the files attached to this post.
 #25497  by dhuss
 Mon Mar 23, 2015 1:01 pm
PoSeidon same as FindPOS covered by Palo Alto: http://researchcenter.paloaltonetworks. ... iscovered/

Some samples attached:
https://www.virustotal.com/en/file/28ca ... /analysis/ - PoSeidon/FindPOS
https://www.virustotal.com/en/file/7b78 ... /analysis/ - Keylogging/LogMeIn Recon as described by Palo Alto
You do not have the required permissions to view the files attached to this post.
 #25660  by grum
 Thu Apr 16, 2015 5:37 pm
FighterPOS :?

http://housecall.trendmicro.com/media/w ... per-en.pdf

http://blog.trendmicro.com.br/fighterpo ... S_xNvCZFdg


https://malwr.com/analysis/MzA2MTdjODVh ... dkMWRmMmY/
Code: Select all
D*\AC:\Users\avanni\Dropbox\BrFighter Bot\Project1.vbp
Microsoft Base Cryptographic Provider v1.0
16006833
69.195.77.74
/BrFighter/
AlE29132913
ArV2m2cGLrjF0s4s
Windows Update
systemroot
\Windows Update
appdata
\InternetExplorer.exe
vbCrLf
bot/command.php?id=
 #25922  by Xylitol
 Sun May 24, 2015 12:06 pm
You do not have the required permissions to view the files attached to this post.
  • 1
  • 19
  • 20
  • 21
  • 22
  • 23
  • 25