A forum for reverse engineering, OS internals and malware analysis 

Trojan-Spy.Win32.TeleBot.a

Forum for analysis and discussion about malware.

Trojan-Spy.Win32.TeleBot.a

 #31260  by Xylitol
 Tue Feb 13, 2018 7:39 pm
Zero-day vulnerability in Telegram ~ https://securelist.com/zero-day-vulnera ... ram/83800/
Telegram 0-Day Used to Spread Monero and Zcash Mining Malware ~ https://www.bleepingcomputer.com/news/s ... g-malware/
Telegram Founder: Crypto Mining Malware Attack Isn't Due to App Flaw ~ https://t.me/durov/71
¯\_(ツ)_/¯ ~ https://twitter.com/codelancer/status/9 ... 1019179008

Downloader: https://www.virustotal.com/en/file/f775 ... 518549189/
Code: Select all
public static string Token = "349810543:AAHThGGPckBg6prpAvENzmecI2DPaj31D5Q";
Attachments
infected
(466.83 KiB) Downloaded 57 times

Re: Trojan-Spy.Win32.TeleBot.a

 #31279  by p1nk
 Tue Feb 20, 2018 1:21 am
Damn. The author really wanted to make sure they have coverage for all systems:
Code: Select all
if (platform == PlatformID.Win32NT)
							{
								byte wProductType = oSVERSIONINFOEX.wProductType;
								switch (major)
								{
								case 3:
									text = "Windows NT 3.51";
									break;
								case 4:
								{
 Return to “Malware”