A forum for reverse engineering, OS internals and malware analysis 

Fakem RAT

Forum for completed malware requests.

Fakem RAT

 #25115  by p4r4n0id
 Sat Jan 31, 2015 9:18 am
Hi,

Looking for samples with the fake MSN / Yahoo traffic mentioned here: http://blog.trendmicro.com/trendlabs-se ... ss-trojan/

was not able to upload the sample with the fake HTML traffic - d65cc2beed0f11ad0520c92023ac2709, I will try later again.....

10x,

p4r4n0id

Re: Fakem RAT

 #25126  by p4r4n0id
 Sun Feb 01, 2015 9:50 pm
Thx guys but d65cc2beed0f11ad0520c92023ac2709 is a sample I already got, looking for the fake yahoo / msn ones ( no hashes unfortunately, thought maybe someone is familiar with them.... )

Re: Fakem RAT

 #25131  by p4r4n0id
 Mon Feb 02, 2015 11:54 am
Found it :)

MD5: e3bec47b32dcd24e4c15693ab9af5113

This is the fake MSN traffic sample, connects to zjhao.dtdns.net.

Attached,
p4r4n0id
Attachments
pwd: infected
(18.68 KiB) Downloaded 47 times
 Return to “Completed Malware Requests”