A forum for reverse engineering, OS internals and malware analysis 

ChessMaster

Forum for completed malware requests.

ChessMaster

 #31013  by frame4-mdpro
 Tue Nov 21, 2017 5:18 pm
Hi,

I am looking for : af1b2cd8580650d826f48ad824deef3749a7db6fde1c7e1dc115c6b0a7dfa0dd

From this article: hxxps://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/

Be great if someone has it and can forward a copy.

Thanks!

Re: ChessMaster

 #31017  by Xylitol
 Wed Nov 22, 2017 6:11 pm
Not the sample asked (BKDR_ANEL.ZKEI) but of interest:
TrendMicro: BKDR_ChChes.SM2 [VT] - [H-A] - sakai.unhamj.com
TrendMicro: BKDR_ChChes.SM2 [VT] - [H-A] - zebra.wthelpdesk.com
TrendMicro: BKDR_ChChes.SM2 [VT] - [H-A] - area.wthelpdesk.com
TrendMicro: BKDR_CHCHES.NAQ (data) [VT]
VT: 89.18.27.159

menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations ~ https://researchcenter.paloaltonetworks ... nizations/
From the article:
TrendMicro: BKDR_ChChes.SM2 [VT] - [H-A] - fukuoka.cloud-maste.com

Malware ChChes interacting with C&C server using cookie header ~ https://translate.google.co.jp/translat ... hChes.html
Attachments
infected
(638.07 KiB) Downloaded 26 times
 Return to “Completed Malware Requests”