A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #27739  by K_Mikhail
 Mon Jan 25, 2016 5:52 pm
Threat Actors Use Sketchy Dating Website to Launch New Home Router Attacks: https://www.damballa.com/threat-actors- ... r-attacks/

Hashes from article:
2b82c715c2f1480b57e59bd7c55ef32db312e008
c05bd53f91032f2c8cae509477d760537f014621
9b22373e8cd7c6b087ca62d1b154faa04d684549
7f168f8f17774feb5f3fe35d39c41564645afa24
92632bd26fb2828ddf5a86687c837ca734d0fbbf
9e61bb2da5e3b9760d992d052d824ffdd584e2ff
ea24cded99b27ff44d2ed2688dea93e3ca0214c2

Samples with hashes:
c05bd53f91032f2c8cae509477d760537f014621
fd6ca22baf5ba8025b5a2ce1aa750553a8d48640
92632bd26fb2828ddf5a86687c837ca734d0fbbf

are in attach.
Attachments
pw:infected
(24.73 KiB) Downloaded 66 times
 #27743  by tWiCe
 Tue Jan 26, 2016 9:21 am
In a nutshell, it's a modular trojan. ".nttpd" is a head module, designed for basic installation, blocking of network connections (except for C&C communication) and installing of modules.

I'll appreciate if somebody post hashes for modules of this trojan.