A forum for reverse engineering, OS internals and malware analysis 

Trojan SpyEye (alias Pincav)

Forum for analysis and discussion about malware.

Re: Trojan SpyEye (alias Pincav)

 #12492  by STRELiTZIA
 Mon Apr 02, 2012 12:57 pm
Thanks for sample:
Password to unzip decoded attached config file: 3B298B4955465853185AA4CF0E8B2138

Collectors:
31.184.242.140:41254
31.184.242.41:41254
31.184.242.43:41254
31.184.242.139:41254
Gates:
hxxp://31.184.242.140/gate/gate.php;90
hxxp://31.184.242.139/gate/gate.php;90
hxxp://31.184.242.41/gate/gate.php;90
hxxp://31.184.242.43/gate/gate.php;90
hxxp://fredxs12312.co.cc/uugt/gate.php;90
hxxp://fredxs12323.co.cc/uugt/gate.php;90
hxxp://fredxs12334.co.cc/uugt/gate.php;90
hxxp://fredxs12345.co.cc/uugt/gate.php;90
hxxp://fredxs12357.co.cc/uugt/gate.php;90
Attachments
(13.46 KiB) Downloaded 72 times

Re: Trojan SpyEye (alias Pincav)

 #12683  by EP_X0FF
 Fri Apr 13, 2012 1:38 pm
SpyEye

https://www.virustotal.com/file/c87139b ... /analysis/

Gate
hxxp://bys1nessbank1ng.info:8080/im3g9ios.php;150
Password for decrypted config 130CBE0950491F6148A65482B9B50CC4

Dropper + decrypted config in attach.
Attachments
pass: infected
(157.04 KiB) Downloaded 71 times

Re: Trojan SpyEye (alias Pincav)

 #12685  by EP_X0FF
 Fri Apr 13, 2012 1:47 pm
Bot itself will die only when interest to it will die :)

Re: Trojan SpyEye (alias Pincav)

 #12687  by EP_X0FF
 Fri Apr 13, 2012 2:00 pm
SpyEye was much more widely spread on black market than for example TDL. Many customers still have it and will use last version until it will produce profit.
  • 1
  • 36
  • 37
  • 38
  • 39
  • 40
  • 42
 Return to “Malware”