Win32/Carberp

Forum for analysis and discussion about malware.
User avatar
thisisu
Posts: 362
Joined: Sun Feb 26, 2012 8:57 am
Contact:

Thu Jul 05, 2012 4:16 am

You do not have the required permissions to view the files attached to this post.
User avatar
Aleksandra
Posts: 79
Joined: Sun Jun 05, 2011 9:34 pm

Wed Aug 29, 2012 9:40 pm

http://forum.drweb.com/index.php?showtopic=310765

MD5: c0d53596ead4c7c428472874148db6c7
SHA1: 55dfe0427b169d63ea1fb7c64a1646835acf02d6
https://www.virustotal.com/file/de607a7 ... /analysis/
You do not have the required permissions to view the files attached to this post.
User avatar
spandexednaps
Posts: 2
Joined: Sat May 05, 2012 4:35 am

Fri Mar 22, 2013 2:20 am

Hello,

Im looking for a Win32/TrojanDownloader.Carberp.AM sample. Searched the forums and can not find any recent samples. Virus total link below shows what appears to be a possibly new variant.

SHA1:
89426df295c7d84e1c1f1fc4315ab41665ee53a7

MD5:
c6b9ebb31b18ac9a5cf1d4caf5b15e77

Virustotal link:
https://www.virustotal.com/en/file/77fb ... /analysis/

Many thanks.
User avatar
Xylitol
Global Moderator
Posts: 1683
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Sat Mar 23, 2013 2:27 pm

In attach.
You do not have the required permissions to view the files attached to this post.
User avatar
r3shl4k1sh
Posts: 119
Joined: Tue Feb 05, 2013 10:26 pm
Location: Israel
Contact:

Sun Apr 07, 2013 7:43 pm

Alleged botnet mastermind and his coders busted by Russian, Ukrainian security
Ring responsible for Carberp botnet arrested;
http://arstechnica.com/tech-policy/2013 ... -security/
kodo
Posts: 3
Joined: Sat Apr 03, 2010 7:54 am

Tue Apr 09, 2013 7:25 am

Looking for Carberp plugins samples

http://blog.avast.com/2013/04/08/carberp_epitaph/

sb.plug 3150522d039ea64715951d2461c04b9f Win32:Carberp-AI [Trj]
rdp.plug 5f93b2f8d8c0f6f00f3cc99adbe7efc0 Win32:SpyeyePlugin-E [Trj]
ddos.plug e20146551b34409d71dde02a8e3d5c15 Win32:CarberpPlugin-L [Trj]
vnc.plug 5683fcb77c6f6447aba75b44338cb461 Win32:CarberpPlugin-K [Trj]
ifobs.plug c96ff5f3ec55220e99b9d7c8a3a98e8f Win32:CarberpPlugin-M [Trj]
bot.plug f29e19cbe20dd7e0eba5d1ff09abdbbb Win32:CarberpPlugin-P [Trj]
fake.dll 6b2fcfa7cb57a44d28530eaf28ac253e Win32:CarberpPlugin-N [Trj]
ammy.plug 3b91280aa14a1dc0870f53f76a48c3f8 Win32:AmmyyRAdmin-A [PUP]
iphlpapi.dll 0993ac70dd8ab896ae349f45cc82d63d Win32:CarberpPlugin-Q [Trj]
ActiveX.jar 46f348d9a990004d8e2c5694f5544f56 Java:Carberp-A [Trj]
passw.plug 38956767859e03e126f1d79c0f0e3ea0 Win32:CarberpPlugin-D [Trj]

------------

+ other with unknown MD5:

cyberplat.plug
rtlext.plug
docfind.plug
addtrust.plug
vncdll.plug
User avatar
Xylitol
Global Moderator
Posts: 1683
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Tue Apr 09, 2013 9:03 am

exe and apk also in attach
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
Posts: 1156
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Wed Jun 19, 2013 8:57 am

User avatar
EP_X0FF
Global Moderator
Posts: 4887
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Fri Jul 05, 2013 3:08 pm

http://www.sbu.gov.ua/sbu/control/uk/pu ... t_id=39574
google translate
Pechersky District Court of Kyiv sentenced members of hacker group, which was led by a Russian citizen to five years in prison with three years suspended.
Ring0 - the source of inspiration
Win32:Virut
Posts: 324
Joined: Sat Jun 02, 2012 2:22 pm

Mon Jul 22, 2013 9:13 am

Hello, I'm looking for particular sample of

a) AhnLab detected as Trojan/Win32.Zbot but I don't think it is Zbot.
b) MD5 b1345f655c106b9944a390c2d491f1e8

https://malwr.com/analysis/Mjg1MzRhNDUx ... I3MGMzM2Q/
https://www.virustotal.com/file/c481369 ... /analysis/

MD5 b1345f655c106b9944a390c2d491f1e8
SHA1 e7b136f641b742823f23533f3d9defcd434c0e72
SHA256 c4813692f1094dff15c4a34765ddd2dfac841425b1e9e82337525eb3ec7ab4eb
SHA512 a6e5790917b0374db907beceec4cbfe3fc9444c704ad4d0d7c8318d1dd06d9a26ffe78909a6a166238fe72eea29949091ecb6b396db94cb4c5158832a1af8673
CRC32 45588056

Thank you.
Post Reply