Trojan SpyEye (alias Pincav) - Page 32

Re: Trojan SpyEye (alias Pincav)

#9430 by EP_X0FF
Fri Oct 28, 2011 9:52 am

SpyEye v1.3.4x

Pass for decrypted config: 8844F4EBB23FDE732480A38E115C8B09

custoconnector options

hxxp://66.199.227.66/index.php;80
hxxp://www.gooeylouiecake.com/test/index2.php;80
hxxp://shop.solution-networks.de/index2.php;80
hxxp://www.cf4schools.eu/admin/index2.php;80

Original + unpacked and decrypted config in attach.

http://www.virustotal.com/file-scan/rep ... 1319793335

Attachments

Malware.rar

pass: malware
(311.97 KiB) Downloaded 79 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#9534 by EP_X0FF
Fri Nov 04, 2011 1:47 pm

MSRT disinfected 605,825 machines from SpyEye in 10 days

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#9566 by markusg
Sun Nov 06, 2011 2:37 pm

B6232F3AC2B.exe
MD5 : 010b5d1967a42cac530853e33c63e2b8
http://www.virustotal.com/file-scan/rep ... 1320587525

Attachments

Recycle.Bin.rar

(289.81 KiB) Downloaded 61 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Trojan SpyEye (alias Pincav)

#9593 by EP_X0FF
Wed Nov 09, 2011 9:34 am

markusg wrote:B6232F3AC2B.exe
MD5 : 010b5d1967a42cac530853e33c63e2b8
http://www.virustotal.com/file-scan/rep ... 1320587525

Pass for decrypted config: E2A9D5948935A3B1C5A69CF81CBC5E0C

Unpacked dropper and decrypted config in attach.

Attachments

Malware.rar

pass: malware
(382.16 KiB) Downloaded 64 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#9601 by EP_X0FF
Wed Nov 09, 2011 12:11 pm

SpyEye v1.3.4x

Pass for decrypted config: 00017C5C16536E8D6F5AD0E774C84047

Gates:

hxxp://invintor.net/bst/gate.php;90
hxxp://neweuropeconsult.com/1341/gate.php;90
hxxp://neweuropeconsult.com/1341/gate.php;90
hxxp://neweuropeconsult.com/1341/gate.php;90
hxxp://transportzlv.com/etagar/dyra.php;300
hxxp://toobershmui.cjb.net/mind/index.php;300
hxxp://windernmvz.cjb.net/mind/index.php;300
hxxp://LODINGS.TK/rr.php;300
hxxp://windlonset.tk/rr.php;300
hxxp://buunetfit.tk/gls.php;300
hxxp://lindenbolle.cjb.net/mind/index.php;300
hxxp://svistoklex.com/mulq/gate.php;300
hxxp://longehinter.cjb.net/mind/index.php;300
hxxp://norwitols.com/mulq/gate.php;300
hxxp://ntoort.tk/mulq/gate.php;300
hxxp://lresterlonhs.cjb.net/mind/index.php;300
hxxp://mikalongesti.cjb.net/mind/index.php;300
hxxp://nrkloopres.co.cc/mulq/gate.php;300
hxxp://hastlooksz.co.cc/mulq/gate.php;300
hxxp://beshenklipst.co.cc/mulq/gate.php;300
hxxp://linnexmandq.co.cc/mulq/gate.php;300
hxxp://pilermansox.co.cc/mulq/gate.php;300
hxxp://mixmunelrtn.co.cc/mulq/gate.php;300

In attach dropper, unpacked dropper and decrypted config.

Attachments

Malware.rar

pass: malware
(341.41 KiB) Downloaded 69 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#9618 by EP_X0FF
Wed Nov 09, 2011 6:41 pm

SpyEye v1.3.45

Pass for decrypted config: 7AB5D2ABE3CA3CFD385D9D0D8596091D

Gates:

hxxp://totdisseny.net/gate.php;90
hxxp://bannermegan2all.ru/_cp/gate.php;90
hxxp://deeprunning2000.ru/_cp/gate.php;90
hxxp://tripoli-napoli.ru/_cp/gate.php;90
hxxp://figlimigli2004.ru/_cp/gate.php;90
hxxp://anotherfutureday.ru/_cp/gate.php;90
hxxp://loadme2you.ru/_cp/gate.php;90
hxxp://guide2buy.ru/_cp/gate.php;90
hxxp://guide2buycar.ru/_cp/gate.php;90

Original, unpacked and decrypted config in attach.

Attachments

Malware.rar

pass: malware
(445.88 KiB) Downloaded 75 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#9642 by markusg
Thu Nov 10, 2011 2:07 pm

D5D97B20E22.exe
MD5 : 9ae60187154333aa7d32cb25f4b37e90
https://www.virustotal.com/file-scan/re ... 1320932801

Attachments

C_sym.bin.rar

(172.05 KiB) Downloaded 57 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Trojan SpyEye (alias Pincav)

#9643 by EP_X0FF
Thu Nov 10, 2011 2:23 pm

markusg wrote:D5D97B20E22.exe
MD5 : 9ae60187154333aa7d32cb25f4b37e90
https://www.virustotal.com/file-scan/re ... 1320932801

Pass for decrypted config: 9B034C509AFB947384D62BE798DA46FD

Gate:

hxxp://sddkoios.com/_cp/gate.php;90

Attachments

decrypted13x.zip

(26.85 KiB) Downloaded 61 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#9797 by sugipula
Mon Nov 21, 2011 7:17 pm

new sample and updated bin for the same sample.

Attachments

Malware.rar

pass: malware
(561.67 KiB) Downloaded 66 times

Last edited by EP_X0FF on Thu Nov 24, 2011 1:54 pm, edited 1 time in total. Reason: archive reaupload with password

Username

sugipula

Rank

Banned

Posts

11

Joined

Sat Jun 25, 2011 7:21 am

Re: Trojan SpyEye (alias Pincav)

#9889 by EP_X0FF
Thu Nov 24, 2011 2:00 pm

sugipula wrote:new sample and updated bin for the same sample.

Pass for decrypted config: 9DBE0B70BC77CE2D944BD57D5551517A

Gates:

hxxp://freekinas.com/sys/rec.php;90
hxxp://deligatemyname.com/sys/rec.php;90
hxxp://huniloz.com/sys/rec.php;90
hxxp://oralania.com/sys/rec.php;90
hxxp://fretolu.com/sys/rec.php;90

Unpacked dropper and decrypted configs (internal and external) in attach.

Attachments

Malware.rar

pass: malware
(548.75 KiB) Downloaded 74 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact