A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #15247  by PX5
 Sat Aug 18, 2012 4:24 pm
Most success i have with mebroot is to follow the links provided on malwaredomainlist, like this one...

superaudi.pl/index.php?tp=4f7c0388f5020946

Allows the malware to load as it thinks it should, I guess.

Ive not had any luck with that link today, may have to go hunt another fresh one down.


Just used a old VM and infected fine using this link and Windows XP SP3

176.31.127.134/index.php?tp=0f4b6d00d5c05110

Hope it helps
 #15449  by Peter Kleissner
 Fri Aug 31, 2012 1:21 pm
Live exploit page at the moment http://liveregistrystill.net/index.php? ... 1e02b2f4b3 blackhole exploit kit, serving a java exploit
Wepawet scan at http://wepawet.iseclab.org/view.php?has ... 52&type=js

Attached the dropped file, 80 KB. It's connecting to boababsshake.pro with IP 85.17.90.141
Attachments
Pw: infected
(52.16 KiB) Downloaded 94 times
 #19210  by Blaze
 Tue May 07, 2013 7:26 pm
Anyone encountered any recent Sinowal samples? Seeing a surge in topics asking for help for this malware.
  • 1
  • 8
  • 9
  • 10
  • 11
  • 12