A forum for reverse engineering, OS internals and malware analysis 

Point-of-Sale malwares / RAM scrapers

Forum for analysis and discussion about malware.

Re: Point-of-Sale malwares / RAM scrapers

 #20892  by Xylitol
 Sat Sep 21, 2013 8:35 am
Unknown PoS malware, similar to ProjectHook.
found on a previously infected machine as replacement for Dexter
https://www.virustotal.com/en/file/1c6e ... 379752374/

It call
Code: Select all
htxp://193.109.68.10:80/3VEjLtintFETnAenGM3h5yg4pHnREw/index.php
Attachments
infected
(490.09 KiB) Downloaded 114 times

Re: Point-of-Sale malwares / RAM scrapers

 #20895  by Xylitol
 Sat Sep 21, 2013 2:32 pm
Have you even looked the content of this thread ? there is Alina samples in almost every page.
Dexter v2: http://www.kernelmode.info/forum/viewto ... 110#p20877
Alina 5.6: http://www.kernelmode.info/forum/viewto ... 100#p19430

Re: Point-of-Sale malwares / RAM scrapers

 #20899  by Xylitol
 Sat Sep 21, 2013 3:36 pm
i doubt someone will post the source :|
In attach another Dexter i've extracted from infected PoS system
https://www.virustotal.com/en/file/b592 ... 379779988/
Attachments
infected
(42.69 KiB) Downloaded 108 times

Re: Point-of-Sale malwares / RAM scrapers

 #20901  by btclord
 Sun Sep 22, 2013 12:59 am
i tried to play with dexter and what i am getting is encrypted text to my website.
how to get these strings decrrypted to know what is really uploading? is there php files or panel source?

Re: Point-of-Sale malwares / RAM scrapers

 #20905  by Xylitol
 Sun Sep 22, 2013 7:47 am
btclord wrote:i tried to play with dexter and what i am getting is encrypted text to my website.
how to get these strings decrrypted to know what is really uploading? is there php files or panel source?
xor/base64
http://cybercrime-tracker.net/dexter.php
In attach another Dexter sample, and same, extracted from infected PoS.
https://www.virustotal.com/en/file/db5c ... 379848040/
Attachments
infected
(42.67 KiB) Downloaded 101 times
  • 1
  • 10
  • 11
  • 12
  • 13
  • 14
  • 25
 Return to “Malware”