Zeus Gameover - Page 3 - KernelMode.info

Re: Zeus Gameover

#22364 by forty-six
Wed Mar 05, 2014 4:35 pm

GMO w/ RK dropped via Angler.

bcdedit.exe -set TESTSIGNING ON
%s\drivers\%s.sys
runas
ComSpec
\\.\NtSecureSys
SeShutdownPrivilege
kernel32
IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
*EUDC*
ZwQuerySystemInformation
ntdll.dll
svchost.exe
SystemDefaultEUDCFont
EUDC\%d
ObReferenceObjectByHandle
ZwDuplicateToken
ObOpenObjectByPointer
PsReferencePrimaryToken
PsInitialSystemProcess
ObfReferenceObject
IoGetCurrentProcess
KeDelayExecutionThread
WinExec
GetModuleFileNameA
GetTickCount
GetSystemDirectoryA
CloseHandle
GetLastError
GetCurrentProcess
Sleep
GetExitCodeThread
WaitForSingleObject
CreateThread

Attachments

0852.7z

(453.11 KiB) Downloaded 81 times

Username

forty-six

Posts

66

Joined

Tue Sep 03, 2013 3:23 pm

Re: Zeus Gameover

#22572 by Xylitol
Wed Mar 26, 2014 3:41 pm

Code: Select all

granchhunting.com/img/al2602.enc

https://www.virustotal.com/en/file/d415 ... 395848494/

Attachments

gameover.zip

infected
(924.37 KiB) Downloaded 79 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Zeus Gameover

#22591 by patriq
Fri Mar 28, 2014 12:33 pm

Xylitol wrote:
Code: Select all
granchhunting.com/img/al2602.enc
https://www.virustotal.com/en/file/d415 ... 395848494/

more attached

Code: Select all

granchhunting.com/img/net19.exe

https://www.virustotal.com/en/file/0fa1 ... 396009084/

https://malwr.com/analysis/ZWYyNjZlMjY5 ... Q0MTU1NDk/

Attachments

net19.exe.zip

infected
(87.57 KiB) Downloaded 69 times

Username

patriq

Posts

109

Joined

Fri Jun 28, 2013 8:11 pm

Re: Zeus Gameover

#22593 by bao
Fri Mar 28, 2014 4:53 pm

https://www.virustotal.com/ru/file/0fa1 ... 396009084/
https://malwr.com/analysis/MGE2MTdkNGNm ... ZiYmZiYWQ/

Attachments

1.zip

virus
(507.58 KiB) Downloaded 67 times

Username

bao

Posts

20

Joined

Sat Sep 22, 2012 9:27 pm

Re: Zeus Gameover

#22594 by unixfreaxjp
Sat Mar 29, 2014 8:18 am

GMO via this malvertising:

VT: https://www.virustotal.com/en/file/6e3f ... 396076550/
Sample is : (attached)

Attachments

018.7z

pwd: infected
See comment in VT for thorough details (important)
(1020.37 KiB) Downloaded 87 times

Username

unixfreaxjp

Posts

501

Joined

Thu Apr 12, 2012 4:53 pm

Re: Zeus Gameover

#22621 by Xylitol
Fri Apr 04, 2014 11:22 am

https://www.virustotal.com/en/file/806a ... 396610451/
Zeus Gameover targeting france

Attachments

Avis.de.Paiement.zip

infected
(907.17 KiB) Downloaded 84 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Zeus Gameover

#22667 by patriq
Thu Apr 10, 2014 4:30 pm

11d983b19f9b9aeb500a09eeaf7adeb0

https://malwr.com/analysis/NmU1Mzg5Nzhm ... U1OTBiMzE/

Code: Select all

Sample pulled from:

hxxp://esoftmechanics.com/spengler/beatle
hxxp://floormastersandiego.com/impugning/felsitic

*same file, different name.

Username

patriq

Posts

109

Joined

Fri Jun 28, 2013 8:11 pm

Re: Zeus Gameover

#22992 by r3shl4k1sh
Thu May 29, 2014 2:16 pm

ZeusP2P.

VT Low detection 2/53: https://www.virustotal.com/en/file/597f ... 401371918/

Malwr: https://malwr.com/analysis/NDQzNmRjZTcz ... EzYmM0NTQ/

Attachments

ZeusP2P.zip

pass: infected
(342.96 KiB) Downloaded 88 times

Username

r3shl4k1sh

Posts

119

Joined

Tue Feb 05, 2013 10:26 pm

Location

Israel

Contact

Re: Zeus Gameover

#23015 by EP_X0FF
Mon Jun 02, 2014 3:56 pm

Takedown
https://www.europol.europa.eu/content/i ... ransomware
http://www.symantec.com/connect/blogs/i ... me-network

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Zeus Gameover

#23016 by Xylitol
Mon Jun 02, 2014 4:23 pm

http://www.justice.gov/opa/gameover-zeus.html
http://www.abuse.ch/?p=7822

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact