A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #12067  by rkhunter
 Mon Mar 12, 2012 7:13 am
Trojans and stealers that targeted to online banking were active last few days (Banker/Bancos/Sisron).
Droppers for research purposes.
Attachments
pass:infected
(4.78 MiB) Downloaded 172 times
 #12642  by p4r4n0id
 Thu Apr 12, 2012 9:50 am
Hi Guys,

Have you seen this sample? MITB with the following msg injection:

'''
Your account xxxxxx xxxxxxxxx accepted an erroneous payment
ISSUE#1612000 $14.25 Rajan Madhukar
The sender requested a refund of transaction, which has been accomplished as a result of an error. In accordance with the agreement of online banking services (chapter 27, paragraph 2.24) you must return the funds credited to the sender by mistake within 2 days after admission, in order to avoid blocking of your account and termination of the contract. Some features of your account were blocked until this transaction is returned to the sender. Transfer information is available in the "Transactions" section. In order to return this transfer you should click on "Pay and Transfer" -> "Pay Anyone".

After the refund, your account will be automatically unlocked.
If you have any questions, please contact support by phone (08) 8121 8074.
'''

from: http://www.anz.com/personal/ways-bank/s ... ing-fraud/

Much appreciated,

p4r4n0id
 #15375  by Peter Kleissner
 Mon Aug 27, 2012 5:03 pm
markusg wrote:banker
Thanks for the sample. It's MultiBanker version 761 connecting to kyyrierihon.com (registered 08-20-2012). The file was compiled on 08-21-2012.