Trojan SpyEye (alias Pincav)

Forum for analysis and discussion about malware.
User avatar
rkhunter
Posts: 1156
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Malware Requests

Post by rkhunter » Wed May 23, 2012 7:12 am

360Tencent wrote:http://blog.gdatasoftware.com/blog/arti ... -name.html

SHA256: show in "an interesting spyeye build"

and maybe kaspersky also found it

http://www.securelist.com/en/blog/208193513/Big_Brother
MD5: 1a47e3325f64a60442666de6f3184d56
SHA256: f9d0beaba8b5fd62a3f18e13be94470344dbb1db9e4b088158dbb1374f0828cb
Trojan:Win32/EyeStye.N
You do not have the required permissions to view the files attached to this post.

leeno
Posts: 45
Joined: Wed Apr 11, 2012 10:19 am

Re: Malware Requests

Post by leeno » Mon Jun 04, 2012 9:39 pm

Help on Following any live samples for
spyeye variant:
http://www.securelist.com/en/blog/208193513/Big_Brother

Thanks

Leeno

User avatar
rkhunter
Posts: 1156
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Malware Requests

Post by rkhunter » Tue Jun 05, 2012 7:35 am

leeno wrote:Help on Following any live samples for
spyeye variant:
http://www.securelist.com/en/blog/208193513/Big_Brother
Was posted before - http://www.kernelmode.info/forum/viewto ... 375#p13375


User avatar
kmd
Posts: 271
Joined: Mon Mar 15, 2010 4:09 am
Location: Russian Federation

Re: Trojan SpyEye (alias Pincav)

Post by kmd » Tue Oct 30, 2012 7:13 pm

1.3.48 builder fully cracked
credits to banned from opensc
pass infected
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1681
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by Xylitol » Sun Nov 18, 2012 11:20 pm

SpyEye loaded onto http loader used by HF skids for selling installs hxxp://fpbb.com.br/images/zeusyo.exe
VT: 3/44 >> https://www.virustotal.com/file/7adfaff ... 353266757/

Code: Select all

cn1: hxxp://control.av-update-server.net/~ciscoFirewall/
md5 pw: 546e89665afe59ee8d5748f6e2c83f85
Small botnet: 593 offline, 232 online with no back connect db, looks like they are guys stupid enought to use this.
You do not have the required permissions to view the files attached to this post.

User avatar
EP_X0FF
Global Moderator
Posts: 4882
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by EP_X0FF » Mon Nov 19, 2012 3:12 am

Xylitol wrote:SpyEye loaded onto http loader used by HF skids for selling installs hxxp://fpbb.com.br/images/zeusyo.exe
VT: 3/44 >> https://www.virustotal.com/file/7adfaff ... 353266757/

Code: Select all

cn1: hxxp://control.av-update-server.net/~ciscoFirewall/
md5 pw: 546e89665afe59ee8d5748f6e2c83f85
Small botnet: 593 offline, 232 online with no back connect db, looks like they are guys stupid enought to use this.
ver=10348

Decrypted dropper and decrypted config in attach.

Pass for config: 5076848FB39AC6DD00000051E39468E3

Must be HF l33t kids used leaked and cracked builder.
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration

markusg
Posts: 735
Joined: Mon Mar 15, 2010 2:53 pm

Re: Trojan SpyEye (alias Pincav)

Post by markusg » Wed Dec 26, 2012 7:48 pm

one of my users send me this sample.
its 3 days old, because i was not at home
https://www.virustotal.com/file/b6bf03d ... /analysis/
You do not have the required permissions to view the files attached to this post.

User avatar
STRELiTZIA
Posts: 103
Joined: Sun Mar 14, 2010 7:02 am

Re: Trojan SpyEye (alias Pincav)

Post by STRELiTZIA » Thu Dec 27, 2012 8:53 am

hxxp://www.chengdaepe.com/system/gate.php;90
hxxp://members-save.com/components/gate.php;90
hxxp://www.sibylleallgaier.com/wp-content/gate.php;90
hxxp://www.paydaysupermarket.com/wp-content/gate.php;90
hxxp://btmir.ru/admin/gate.php;90
hxxp://www.stoneplus.cn/it/gate.php;90
hxxp://uttraining.com/data/gate.php;90
95.170.86.84:443
Password to unzip config: 4B234ADDC6118EAB4B2678E3F694E9FE
You do not have the required permissions to view the files attached to this post.

User avatar
Aleksandra
Posts: 79
Joined: Sun Jun 05, 2011 9:34 pm

Re: Trojan SpyEye (alias Pincav)

Post by Aleksandra » Fri Jan 04, 2013 4:50 pm

MD5: 059789e2e3920a773d12c0706c80896b
SHA1: 685c517483788734538cef992ea35332f744908f
https://www.virustotal.com/file/f189b7a ... /analysis/
You do not have the required permissions to view the files attached to this post.

Post Reply