So for : 77ae4a41df60c1aac16192fe9d757bc9
It was associated to file d778a96cc9 to the q.php /home/ blackhole AKA Darkleech Gang.
See here : http://malware.dontneedcoffee.com/2013/ ... -some.html
I mentionned z.php cause it was the first time that group moved from q.php to z.php
(Usual payload on that thread was Nymaim) but size > 90Kb
Have 3 other payloads for size Similar (don't trust Nymaim in the name...lame automation)
Attached if you want to see (but could really be totally unrelated and/or broken)
15dd028f9cfab60b5255d815ddd41518
189a4b1d84e9469acfd54b397e6fa922
09ffc1e93922c8fa31410dda36ecb3e4
It was associated to file d778a96cc9 to the q.php /home/ blackhole AKA Darkleech Gang.
See here : http://malware.dontneedcoffee.com/2013/ ... -some.html
I mentionned z.php cause it was the first time that group moved from q.php to z.php
(Usual payload on that thread was Nymaim) but size > 90Kb
Have 3 other payloads for size Similar (don't trust Nymaim in the name...lame automation)
Attached if you want to see (but could really be totally unrelated and/or broken)
15dd028f9cfab60b5255d815ddd41518
189a4b1d84e9469acfd54b397e6fa922
09ffc1e93922c8fa31410dda36ecb3e4
Attachments
Pass : infected
(66.22 KiB) Downloaded 54 times
(66.22 KiB) Downloaded 54 times
