Probably political spearfishing campaign - AV please help - Page 2

Re: Probably political spearfishing campaign - AV please hel

#19340 by R136a1
Mon May 20, 2013 12:11 pm

The Big picture:
http://blogs.norman.com/2013/security-r ... ver-report

Malware Reversing
http://www.malware-reversing.com

Username

R136a1

Rank

Forum Admin

Posts

272

Joined

Wed Jul 13, 2011 4:30 pm

Location

Netherlands

Re: Probably political spearfishing campaign - AV please hel

#19360 by dumb110
Tue May 21, 2013 8:37 am

CVE-2012-0158 RTF Document: 3b1d9d65159bea24ab1060e5603f9e3c2d38d08d
pakterrisiomforindian.exe: d859f1cf99049f89258c1faa59dcd97f587e45ac
pakistandefencetoindiantopmiltrysecreat.exe: 1db89237ef786c7f22a8d4cd7eccda8f6286a6de
Downloader: 08ce405f0a0277de355454862b164ffd94a7ea36
Document uploader: DB22E7DEA0C1CAF203072693485DE4E4FD2CB56A
System information gathering: 0D610F3F51750EADCF426E10E6DE5313605400FA
Keylogger: AE7B9CFB10CD65B98C59DC012D6726B66BE92897
Screenshot: A0DD0B8FD0C98E917BFDC96182088CAB5505CCD2
Connect-back shell: 09D4ECA67B1D071E57C5951D97FE9DD9C62F1580
Self-replication through removable drives: 20A29D1F89C07BAFBB4C61CE208531D68125C8E

Anyone got these above mentioned samples?

Username

dumb110

Posts

111

Joined

Tue Jun 05, 2012 1:29 pm

Re: Probably political spearfishing campaign - AV please hel

#19361 by EP_X0FF
Tue May 21, 2013 11:28 am

dumb110 wrote:CVE-2012-0158 RTF Document: 3b1d9d65159bea24ab1060e5603f9e3c2d38d08d
pakterrisiomforindian.exe: d859f1cf99049f89258c1faa59dcd97f587e45ac
pakistandefencetoindiantopmiltrysecreat.exe: 1db89237ef786c7f22a8d4cd7eccda8f6286a6de
Downloader: 08ce405f0a0277de355454862b164ffd94a7ea36
Document uploader: DB22E7DEA0C1CAF203072693485DE4E4FD2CB56A
System information gathering: 0D610F3F51750EADCF426E10E6DE5313605400FA
Keylogger: AE7B9CFB10CD65B98C59DC012D6726B66BE92897
Screenshot: A0DD0B8FD0C98E917BFDC96182088CAB5505CCD2
Connect-back shell: 09D4ECA67B1D071E57C5951D97FE9DD9C62F1580
Self-replication through removable drives: 20A29D1F89C07BAFBB4C61CE208531D68125C8E

Anyone got these above mentioned samples?

All your last posts are requests of random malware, from different media news. You do not provide anything in exchange and obviously did no analyze samples (as they all already researched). What is the purpose of this request spam? Collect and repost media malware somewhere else?

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Probably political spearfishing campaign - AV please hel

#19364 by dumb110
Tue May 21, 2013 3:34 pm

Sorry if my posts were mis-understood,This wasnt a request spam and as you see I havent been around here much.But thanks anyway for this amazing forum :)

By the way, I found the keylogger componenet my self just now.

Attachments

0b88f197b4266e6b78ea0dcb9b3496e9.zip

infected
(135.81 KiB) Downloaded 46 times

Username

dumb110

Posts

111

Joined

Tue Jun 05, 2012 1:29 pm