A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #15180  by Evilcry
 Tue Aug 14, 2012 12:28 pm
SHA256: 9f5d3033392671e5b545461fb90370ff2f40d2378b8029a0022aa95c187b656d
SHA1: e325aec4539dd69b727db5c21febf5932e47a808
MD5: f4a01eb1739624041556980d0c80b82b

https://www.virustotal.com/file/9f5d303 ... 344946212/

Detection ratio: 3 / 42

Provenience: Compromised Web Server

Target Countries (Banks, etc.): Japan, Germany, Italy, Poland, other various .com (probably UK and USA)
Attachments
Pwd: infected
(280.43 KiB) Downloaded 82 times
 #15358  by Evilcry
 Sun Aug 26, 2012 8:21 am
Following sample is an updated version of the one mentioned in the previous post.

SHA256: b7bbb0d1e03b1b8dd8d8c62317e52910a610b429c82e9a0afef84a1fd19e0e22
SHA1: 7b0d57a745b23376035f1b9b90af41cd495fdb77
MD5: 220b9661371e1728e366b4e00d41580d

Detection: 0/40

https://www.virustotal.com/file/b7bbb0d ... 345968230/

Targets: Unchanged

The domain containing the executable is reported below:

http://www.phishtank.com/phish_detail.p ... id=1539409
Attachments
pwd: infected
(257.8 KiB) Downloaded 78 times
  • 1
  • 11
  • 12
  • 13
  • 14
  • 15
  • 29