A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #17806  by Horgh
 Tue Jan 22, 2013 1:12 pm
Trojan:Win32/Urausy.C
Fresh sample.

SHA256: 4fb7d39698a71d917d8526d6f71f344a82469893bc3881a2775105b9cee5d4e6
SHA1: ade2cabd7c85fc188d2f6566d4418a25395791ab
MD5: 4eb81bd438433786d0df86d3856f68c9
https://www.virustotal.com/file/4fb7d39 ... 358857017/

Landing page : http://i.imgur.com/0koFoP1.png
In attach : sample, stage2 of packer, unpacked binary.
Attachments
Password : infected
(63.79 KiB) Downloaded 104 times
 #18079  by nullptr
 Thu Feb 07, 2013 10:49 am
Urausy.C samples from past few days.

SHA-1:
CEEC9581EC988983D986D9B72A3B3C3EF72D63A4
5DB9D352630D1CE5853DE8ADD5464876F92075FD
391F239E6886C2DB5D7F5723B42F29BC6D579734
FF9E224A1463A08B955F2C6464AF5D9D2A36F0F9
Attachments
pwd: infected
(326.74 KiB) Downloaded 96 times
 #18299  by EP_X0FF
 Fri Feb 22, 2013 6:13 am
Urausy.

Posts moved.
 #18324  by Kafeine
 Sun Feb 24, 2013 7:11 pm
Here is an Urausy Variant that we named : Uremtoo

https://www.botnets.fr/index.php/Uremtoo (to see landings - Seems only 3 countries right now but looks like they are working on adding more)

Note : As for Urausy if your country is not targeted the http call to mothership will be content-lengh : 22 and your computer won't be locked.
Attachments
Pass: infected - 2 samples of Uremtoo
(166.43 KiB) Downloaded 99 times
  • 1
  • 2
  • 3
  • 4
  • 5
  • 9