Zeus Gameover

Forum for analysis and discussion about malware.
forty-six
Posts: 66
Joined: Tue Sep 03, 2013 3:23 pm

Re: Zeus Gameover

Post by forty-six » Wed Mar 05, 2014 4:35 pm

GMO w/ RK dropped via Angler.

Code: Select all

bcdedit.exe -set TESTSIGNING ON
%s\drivers\%s.sys
runas
ComSpec
\\.\NtSecureSys
SeShutdownPrivilege
kernel32
IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
*EUDC*
ZwQuerySystemInformation
ntdll.dll
svchost.exe
SystemDefaultEUDCFont
EUDC\%d
ObReferenceObjectByHandle
ZwDuplicateToken
ObOpenObjectByPointer
PsReferencePrimaryToken
PsInitialSystemProcess
ObfReferenceObject
IoGetCurrentProcess
KeDelayExecutionThread
WinExec
GetModuleFileNameA
GetTickCount
GetSystemDirectoryA
CloseHandle
GetLastError
GetCurrentProcess
Sleep
GetExitCodeThread
WaitForSingleObject
CreateThread
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1681
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Zeus Gameover

Post by Xylitol » Wed Mar 26, 2014 3:41 pm

You do not have the required permissions to view the files attached to this post.

patriq
Posts: 108
Joined: Fri Jun 28, 2013 8:11 pm
Contact:

Re: Zeus Gameover

Post by patriq » Fri Mar 28, 2014 12:33 pm

You do not have the required permissions to view the files attached to this post.

bao
Posts: 20
Joined: Sat Sep 22, 2012 9:27 pm

Re: Zeus Gameover

Post by bao » Fri Mar 28, 2014 4:53 pm

You do not have the required permissions to view the files attached to this post.

unixfreaxjp
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm

Re: Zeus Gameover

Post by unixfreaxjp » Sat Mar 29, 2014 8:18 am

GMO via this malvertising:
Image
VT: https://www.virustotal.com/en/file/6e3f ... 396076550/
Sample is : (attached)
Image
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1681
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Zeus Gameover

Post by Xylitol » Fri Apr 04, 2014 11:22 am

You do not have the required permissions to view the files attached to this post.

patriq
Posts: 108
Joined: Fri Jun 28, 2013 8:11 pm
Contact:

Re: Zeus Gameover

Post by patriq » Thu Apr 10, 2014 4:30 pm

11d983b19f9b9aeb500a09eeaf7adeb0

https://malwr.com/analysis/NmU1Mzg5Nzhm ... U1OTBiMzE/

Code: Select all

Sample pulled from:

hxxp://esoftmechanics.com/spengler/beatle
hxxp://floormastersandiego.com/impugning/felsitic

*same file, different name. 

User avatar
r3shl4k1sh
Posts: 119
Joined: Tue Feb 05, 2013 10:26 pm
Location: Israel
Contact:

Re: Zeus Gameover

Post by r3shl4k1sh » Thu May 29, 2014 2:16 pm

You do not have the required permissions to view the files attached to this post.

User avatar
EP_X0FF
Global Moderator
Posts: 4882
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Zeus Gameover

Post by EP_X0FF » Mon Jun 02, 2014 3:56 pm

Ring0 - the source of inspiration


Post Reply