[slipstream]

Hi Guys,

Facing an issue where I have managed to dump unencrypted malware and located some interesting strings but I cannot access the domain that the malware is calling back to. The malware is active and keeps sending SYN packets to the C&C.

I've captured various request in which the malware is sending GET&POST's probably sending back information about the target. However all the POST requests look encrypted.

Anyone interested in having a go at this with me?

[slipstream]

[UPDATE]

Turns out I've discovered more about the malware, It's quite fresh and it's had a detection rate of 0/52 for 2 days until today. I believe I've discovered a hardcoded Password string via forcing the real malware to drop then running a static analysis strings search.

Anyone willing to help investigate further I would appreciate it greatly!

[EP_X0FF]

You have your thread about the same http://www.kernelmode.info/forum/viewto ... =16&t=3283, no need to multiple.