A forum for reverse engineering, OS internals and malware analysis 

Trojan SpyEye (alias Pincav)

Forum for analysis and discussion about malware.

Re: Trojan SpyEye (alias Pincav)

 #8961  by EP_X0FF
 Wed Oct 05, 2011 12:39 am
sugipula wrote:and http://support.clean-mx.de/clean-mx/viruses.php

I know about these websites.

I m wondering if there's any others that have SPYEYE samples.
I dont want random samples , i need specific , spyeye , so I can analyze
This thread overall contains about 100+ spyeye samples of almost all available versions.

Re: Trojan SpyEye (alias Pincav)

 #8995  by Xylitol
 Thu Oct 06, 2011 6:41 pm
markusg wrote:B6232F3AE78.exe
MD5   : 29534e8af5c7f8af8418133d2c6d76a1
https://www.virustotal.com/file-scan/re ... 1317919895
SpyEye v1.3.48 who call this gate: https://spyeyetracker.abuse.ch/monitor. ... rg23ma.com

--

Also for those who are curious of this one: http://www.kernelmode.info/forum/viewto ... =260#p8918
815 bots online, and most of them are from Argentina

Image

Only 7GB free on 500GB and server is slow as fuck.
No professional people.

Re: Trojan SpyEye (alias Pincav)

 #9003  by EP_X0FF
 Fri Oct 07, 2011 1:07 am
Decrypted config from last sample attached.

Pass: 6CB5879FB91A3B0175742B5FEC117205

Plugins: ccgrabber, customconnector, emailgrabber, ffcertgrabber, ftpgrabber.
C:\Data\Documents\My Projects\CC\CardNet\Progs\Client\SpyEye\plugins\emailgrabber\source\Release\emailgrabber.pdb
Gates:
hxxp://wearsdu4enfarg23ma.com/g/logisz22.php;200
hxxp://wearsdu4enfarg2ser.com/g/logfak3422.php;200
hxxp://wearsdu4enfarg27asd.com/g/rase54f.php;200
hxxp://wearsdu4enfarg28ka.com/g/Has56gg.php;200
Attachments
(84.95 KiB) Downloaded 64 times
  • 1
  • 26
  • 27
  • 28
  • 29
  • 30
  • 42
 Return to “Malware”