A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #22499  by unixfreaxjp
 Fri Mar 21, 2014 1:15 am
The post is not meant for you obviously. it is even easier to "just read + commenting" than sharing stuff in here (KM).
You want to share work in here or just to be commentator to "comment" other's post who is just willing to share?
If you "personally" don't like nor agree to my posts, DON'T even read it them!!
 #22500  by EP_X0FF
 Fri Mar 21, 2014 3:36 am
@unixfreaxjp
I do not think Kimberly was trying to offend you or challenge your work.
 #22502  by unixfreaxjp
 Fri Mar 21, 2014 7:31 am
EP_X0FF wrote:@unixfreaxjp
I do not think..
Copy that.
We have tons of these campaign now.
I am picking up significant samples only for KM friends who want to use some pcap, samples or etc.
 #22516  by Kimberly
 Sat Mar 22, 2014 6:03 am
unixfreaxjp wrote:The post is not meant for you obviously. it is even easier to "just read + commenting" than sharing stuff in here (KM).
You want to share work in here or just to be commentator to "comment" other's post who is just willing to share?
If you "personally" don't like nor agree to my posts, DON'T even read it them!!
He obviously has an attitude problem with several security researchers.

I was just point out that there is no need to reinvent the wheel or complicate things when they are easy.
 #22517  by unixfreaxjp
 Sat Mar 22, 2014 12:15 pm
Recent malvertisement of Gameover:
Image

Read the VT comment for the details on infection source & callbacks CNC ip or domains.

Upatre: https://www.virustotal.com/en/file/7427 ... 395485713/
Gameover: https://www.virustotal.com/en/file/abf2 ... 395486009/

Sample:
Code: Select all
974e42b15014a9ff294f539334a4b0ae 013.eml
abe06f8c7eec9339d2185f7a420d81ed 2103USp1.qta
a2f2b24bd6fa13095c319f7f61c21d2f 3ad77ce.sys
2c3f9638d9d21b684d70e3c11e79b603 adslo.exe
68f7bd2e404d904dd65100b091fcf92d boci.exe
76229e27d6dbd8d636ee3863310b90df Case_03212014.exe
ec3bad2b139e9f77bb216edb0b8a522a sawon.exe
You do not have the required permissions to view the files attached to this post.
 #22535  by malwarelabs
 Mon Mar 24, 2014 2:25 pm
It's look like another Zbot sample but peID return C# signature
You do not have the required permissions to view the files attached to this post.
  • 1
  • 23
  • 24
  • 25
  • 26
  • 27
  • 29