Win32/Carberp - Page 3 - KernelMode.info

Win32/Carberp

47 posts

Re: Win32/Carberp

#11567 by onthar
Sun Feb 12, 2012 2:34 am

One more sample
C39A99122B89F23FFF8A04A0A6B6A13F
Connetcts with 146.185.242.78.
Plugin list:

bot.plug|bkC0zyP.tiff
cyberplat.plug|jxcYsFb.tiff
ddos.plug|YxarZtqdsC27y4NbVfgXJ89nQp.psd
miniav.plug|Yfgb7Q.bmp
passw.plug|N736TDBjpWbkY4zcVS1RPZfywKvJHXQ2.tiff
sb.plug|CHd5FAY3.tiff
stopav.plug|fRwX5Q.bmp

Again data from russian bank operations grabbed.

VT: 2 / 43
https://www.virustotal.com/file/7632abc ... 329013888/

AVZ quarantine attached

Attachments

pwd: virus
(161.9 KiB) Downloaded 100 times

Username

onthar

Posts

17

Joined

Wed Jun 01, 2011 9:03 pm

Location

Russia

Contact

Re: Win32/Carberp

#12106 by rkhunter
Wed Mar 14, 2012 7:36 am

MD5: 77c1009c278c18cdcbd8970ffeeff0e4
1/43

Attachments

77C1009C278C18CDCBD8970FFEEFF0E4.zip

pass:infected
(93.76 KiB) Downloaded 81 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Win32/Carberp

#12163 by rkhunter
Fri Mar 16, 2012 9:09 am

Probably Carberp, don't sure.

MD5: EA59FC75406EDC43744F0BE52BB0D5F3
2/43

Attachments

EA59FC75406EDC43744F0BE52BB0D5F3.zip

pass:infected
(124.47 KiB) Downloaded 65 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Win32/Carberp

#12215 by rkhunter
Mon Mar 19, 2012 7:18 am

Downloader

MD5: AF26E6B11BF71F39A5A0E708D4D14F09
12/43

Attachments

AF26E6B11BF71F39A5A0E708D4D14F09.zip

pass:infected
(291.23 KiB) Downloaded 74 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Win32/Carberp

#12234 by rkhunter
Tue Mar 20, 2012 8:30 am

Gang was arrested
http://translate.google.ru/translate?sl ... _103367%2F
http://www.mvd.ru/news/show_103367/

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Win32/Carberp

#12365 by rkhunter
Tue Mar 27, 2012 10:41 am

Carberp after "death", BH payload.

MD5: B3222F717A49950D7AED0CEBB5AFA35C
https://www.virustotal.com/file/1c2fa5d ... /analysis/

Attachments

B3222F717A49950D7AED0CEBB5AFA35C.zip

pass:infected
(42.01 KiB) Downloaded 80 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Win32/Carberp

#13319 by rkhunter
Sat May 19, 2012 5:39 pm

MD5: aed2f52c5ab617485247ea50f8c50b22
https://www.virustotal.com/file/95add24 ... 337448962/

Attachments

aed2f52c5ab617485247ea50f8c50b22.zip

pass:infected
(139.65 KiB) Downloaded 77 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Win32/Carberp

#13402 by Brookit
Thu May 24, 2012 8:45 pm

Carberp Gang Evolution: CARO 2012 presentation

Blogpost: http://blog.eset.com/2012/05/24/carberp ... -caro-2012

Presentation: Carberp Evolution and BlackHole: Investigation Beyond the Event Horizon

Username

Brookit

Posts

119

Joined

Wed Mar 10, 2010 8:01 pm

Re: Win32/Carberp

#14294 by Neurofunk
Tue Jun 26, 2012 3:51 pm

"Russian K-force operatives cuff suspected Carberp trojan bank raider"
http://www.theregister.co.uk/2012/06/26 ... st_russia/

Username

Neurofunk

Posts

28

Joined

Tue Oct 25, 2011 5:28 pm

Re: Win32/Carberp

#14417 by 360Tencent
Mon Jul 02, 2012 11:57 pm

http://blog.eset.com/2012/07/02/all-car ... s-arrested

Username

360Tencent

Posts

116

Joined

Thu Dec 15, 2011 12:47 pm

Page 3 of 5
47 posts

1
2
3
4
5

Return to “Malware”

Display:

Sort by:

Sort by:

Jump to: