[bsteo]

If someone know an alive c&c for dexter i can try to hack it.

11e2540739d7fbea1ab8f9aa7a107648.com 173.255.196.136
7186343a80c6fa32811804d23765cda4.com 173.255.196.136
e7dce8e4671f8f03a040d08bb08ec07a.com 173.255.196.136
e7bc2d0fceee1bdfd691a80c783173b4.com 173.255.196.136
815ad1c058df1b7ba9c0998e2aa8a7b4.com 173.255.196.136
67b3dba8bc6778101892eb77249db32e.com 176.31.62.78 176.31.62.77
fabcaa97871555b68aa095335975e613.com 50.116.41.199

from the binary the panel should be at: /portal1/gateway.php

Hmm, wanted to PM Xylitol but "We are sorry, but you are not authorised to use this feature. You may have just registered here and may need to participate more to be able to use this feature." :)
I'll PM you in another forum.

[Xylitol]

for mm_bot.exe i have this (home made, not from malware server), still not tested

Code: Select all

<html>
<head>
<title>Xylitol work</title>
<meta name="author" content="EpicOut&H3R05"/>
<meta name="infos" content="The game"/>
<style media="screen" type="text/css">
body 
{
background:black;
color:red;
font-family:arial;
}
#auth
{
width:50%;
margin:auto;
padding:15px;
}
#auth h1,h4
{
text-align:center;
}
#auth input
{
background:black;
color:red;
border-radius:5px;
border-style:dashed;
display:block;
margin:auto;
padding:5px;
}
</style>
</head>
<div id="auth">
<h1>Your ID</h1>
<h4><i>(You need to have an id to view this content)</i></h4>
<form method="POST" action="<?php echo 'index.php'.$_GET['data'];?>">
<input type="password" name="id"/>
</form>
</div>
</html>
<?php
if(isset($_POST['password']) && htmlentities($_POST['password']) == "imaboss") {

      echo $_GET['data'].' a bien ete enregistre <br/>';
      file_put_contents("data.txt",$_GET['data']"\n",FILE_APPEND);
}
?>

After for Dexter, i've sent you a pm :)

[bsteo]

Thanks, could help in the work. Check your mail, soon I will be able to send PMs I think (not so soon though) ;)

[Xylitol]

Various files from http://usa.visa.com/download/merchants/ ... 110609.pdf
some are clean, some not.

[bsteo]

Wow, I won't sleep tonight :-\
Thanks for the samples!

[khanisgr8]

Intresting simples . I am analyzing them

@exitthematrix : Can you pm me the script for dertex .

[Xylitol]

Some files from http://usa.visa.com/download/merchants/ ... memory.pdf
But nothing really interesting at all.

another pdf but same seem not really interesting: http://usa.visa.com/download/merchants/ ... are_ip.pdf
anyway if you want files tell me and i will post here when i will have time.

[bsteo]

dnsmgr.exe is just a Perl script that search with REGEX for track1 and track2 and is "compiled" with Perl2exe, attached below.

[Xylitol]

Hello guys,introducing vSkimmer: http://www.xylibox.com/2013/01/vskimmer.html
Sample in attach.
https://www.virustotal.com/file/bb12fc4 ... 358237597/ > 18/46

[bsteo]

Hello guys,introducing vSkimmer: http://www.xylibox.com/2013/01/vskimmer.html
Sample in attach.
https://www.virustotal.com/file/bb12fc4 ... 358237597/ > 18/46

Your sample is the one in the wild or the one you unpacked? Thanks!