A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #15420  by Xylitol
 Thu Aug 30, 2012 9:40 am
http://news.drweb.com/show/?i=2679&lng=en&c=14
Sample for Windows/GNU-Linux/Solaris/Mac OS X + Shellcodes in attach.
Small note, for Mac there is the Mach-O and the Application Bundle
You do not have the required permissions to view the files attached to this post.
 #27782  by maddog4012
 Fri Jan 29, 2016 9:11 pm
Here is a variant of Netwire I can across today I have included the word doc that is sent to the victim e-mail. when the doc is opened it downloads Netwire
You do not have the required permissions to view the files attached to this post.
 #27783  by Xylitol
 Fri Jan 29, 2016 11:36 pm
What's the password?
edit: virus

Doc file downloading
Code: Select all
http://247financedeal.com/dbust.exe
https://www.virustotal.com/en/file/ae22 ... 454114939/
Win32/Spy.Weecnaw.A (ESET) ~ http://www.virusradar.com/en/Win32_Spy. ... escription

Image
 #30514  by Antelox
 Thu Jun 29, 2017 8:19 am
markusg wrote:SHA256:
69f61b266fbcdbfd90b23ce4087206488f509ae3a38f356ff64e4d241e02dfad
Dateiname:
LICENS~1.EXE
Erkennungsrate:
14 / 59
https://virustotal.com/de/file/69f61b26 ... 498699772/
It's NetWire RAT.

C2s:
85.95.184.183:33360
xdem777.duckdns.org:20000
xdem777.linkpc.net:7777
In attachment the unpacked.

BR,

Antelox
You do not have the required permissions to view the files attached to this post.