Attachments
(127.35 KiB) Downloaded 61 times
markusg wrote:https://www.virustotal.com/file-scan/re ... 1317397490This is ngrBot aka Win32/Dorkbot.A
decrypted, 30/43 - http://www.virustotal.com/file-scan/rep ... 1317432018
A forum for reverse engineering, OS internals and malware analysis
decrypted, 30/43 - http://www.virustotal.com/file-scan/rep ... 1317432018
Attachments
pwd: malware
(48.55 KiB) Downloaded 61 times
(48.55 KiB) Downloaded 61 times
Hi All, :D
W32.Jorik/ngrbot sample.
Web link - hxxp://wiztechautomationsolutions.com/tols.exe
File Size - 158KB
VT Link - http://www.virustotal.com/file-scan/rep ... 1318862114
MD5 : d1876eea2443db6a8ed44bebff7081fa
SHA1 : 55fb9d1ff9e825a162f8d4f1b319453b4790aac5
SHA256: 3efd740fc805fe0e697b39cb153099def0187c5a5fb67ec7efcb52876df097ed
ssdeep: 3072:W3zyLTvBYetasoHQXyuxl4jzn9nJaHV/fizz6hl6p/DaZhuid0g9TrQLaN4:W3zeTlW4Dz
4VnJa1HizhDEuimgZUuN
Regards,
rough_spear. ;)
W32.Jorik/ngrbot sample.
Web link - hxxp://wiztechautomationsolutions.com/tols.exe
File Size - 158KB
VT Link - http://www.virustotal.com/file-scan/rep ... 1318862114
MD5 : d1876eea2443db6a8ed44bebff7081fa
SHA1 : 55fb9d1ff9e825a162f8d4f1b319453b4790aac5
SHA256: 3efd740fc805fe0e697b39cb153099def0187c5a5fb67ec7efcb52876df097ed
ssdeep: 3072:W3zyLTvBYetasoHQXyuxl4jzn9nJaHV/fizz6hl6p/DaZhuid0g9TrQLaN4:W3zeTlW4Dz
4VnJa1HizhDEuimgZUuN
Regards,
rough_spear. ;)
Attachments
password - malware.
(130.36 KiB) Downloaded 59 times
(130.36 KiB) Downloaded 59 times
rough_spear wrote:Hi All, :DAttempt to read hxxp://www.hastyrefills.com/url.txt which is C&C data. Not available, only in search cache.
W32.Jorik/ngrbot sample. 8-)
YwKCxcStcfSFAHXHVqVQdownloads hxxp://cudear.com/view.php?=Facebook-pic####-JPEG which is trojan downloader which downloads ngrBot from hxxp://solarpanelscleveland.com/bbb.exe
12| Combien de bonnes photos!!#! :O hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
20|hoh. interessante bilder?!!:) hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
6|om det var dig??#= hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
29| Vad ar det foto?#??# ? :) hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
19| of je het leuk??!= :D hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
21|Smieszne zdjecia?#?!:P hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
16|hhhh,Dato di riconoscere una fotografia??!= hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
5|Wow,To je neverjetno,,= photos - hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
7| Sie in das Bild??#. _ hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
39|L0l!!**, kuris t??? nuotrauk?#?!!* hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
9| Who the F.#K is that?!#- hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
10|,jaja mira esta foto?!!#_ es tu cabron?!#! hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
24| haha, care este c?#! fotografie!# = hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
22|si usted estaba en la imagen??!# :) hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
26|hihihe ,to si ti na fotki?_ :) hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
25|???!!!! :) hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
0|Wow,! is this is you fotoo??#!= ;) hxxp://cudear.com/view.php?=Facebook-pic####-JPEG
Attachments
pass: malware
(125.76 KiB) Downloaded 59 times
(125.76 KiB) Downloaded 59 times
Ring0 - the source of inspiration
Dorkbot
original 9 /42 (21.4%)
http://www.virustotal.com/file-scan/rep ... 1319451010
decrypted 29/ 43 (67.4%)
http://www.virustotal.com/file-scan/rep ... 1319637469
both in attach
original 9 /42 (21.4%)
http://www.virustotal.com/file-scan/rep ... 1319451010
decrypted 29/ 43 (67.4%)
http://www.virustotal.com/file-scan/rep ... 1319637469
both in attach
Attachments
pass: malware
(144.38 KiB) Downloaded 61 times
(144.38 KiB) Downloaded 61 times
Ring0 - the source of inspiration
Dorkbot (crypter TensilCrypt? with AntiVM and multiple process restarting feature)
http://www.virustotal.com/file-scan/rep ... 1320478396
dropper and unpacked in attach
http://www.virustotal.com/file-scan/rep ... 1320478396
dropper and unpacked in attach
Attachments
pass: malware
(164.99 KiB) Downloaded 65 times
(164.99 KiB) Downloaded 65 times
Ring0 - the source of inspiration
Hello All, :D
one more sample of Dorkbot.
Web link - hxxp://hotfile.com/dl/134029104/66497b1/FACEBOOK-DSC0000897643223311011.jpg.exe
VT link - http://www.virustotal.com/file-scan/rep ... 1320502037
MD5 : d4bd4e85105b81459a42b11a3303b526
SHA1 : a747f224ef864b66af440ed976e49fe8fad88419
SHA256: bf823e69b582262317857d26520ffac551ae2ff8c0b17a5c6cbd92175a2b9304
ssdeep: 6144:cnoK+2p8PW+MioJzQuZMi5ui6EgDlwJrf:woT++qJ0uZj5RE65
File size : 208896 bytes
Regards,
rough_spear. ;)
one more sample of Dorkbot.
Web link - hxxp://hotfile.com/dl/134029104/66497b1/FACEBOOK-DSC0000897643223311011.jpg.exe
VT link - http://www.virustotal.com/file-scan/rep ... 1320502037
MD5 : d4bd4e85105b81459a42b11a3303b526
SHA1 : a747f224ef864b66af440ed976e49fe8fad88419
SHA256: bf823e69b582262317857d26520ffac551ae2ff8c0b17a5c6cbd92175a2b9304
ssdeep: 6144:cnoK+2p8PW+MioJzQuZMi5ui6EgDlwJrf:woT++qJ0uZj5RE65
File size : 208896 bytes
Regards,
rough_spear. ;)
Attachments
password - malware.
(147.09 KiB) Downloaded 59 times
(147.09 KiB) Downloaded 59 times
Attachments
pass:malware
(63.14 KiB) Downloaded 54 times
(63.14 KiB) Downloaded 54 times
rkhunter wrote:Worm:Win32/Dorkbot.INice description
32d929a7b9cf0c8a2c8d516720d95fe4
VT
http://www.microsoft.com/security/porta ... FDorkbot.I
rkhunter wrote:Worm:Win32/Dorkbot.Ifrom infected machine
32d929a7b9cf0c8a2c8d516720d95fe4
VT
Attachments
pass:malware
(150.53 KiB) Downloaded 53 times
(150.53 KiB) Downloaded 53 times