[Quads]

Another what looks like a SMS code oe phone number



Quads

[EP_X0FF]

Old fresh crypted MBRlock in attach.

SHA-1
2ff9d3a67b946d3e771654870f16576261ce86d0

https://www.virustotal.com/file/f880002 ... /analysis/

[EP_X0FF]

Fresh MBRlock.

SHA1: 7c8791be7b1530055f1a54a36b74489783b09820

https://www.virustotal.com/file/34ad70c ... /analysis/

Unlock code: 45746777
However I think code auto generated for each new build (rebuilds few times per day seems) so posting unblock codes makes no real sense.

Dropper created 23 May 2011, MBR code with randomized unlock code + tel number appends to dropper as overlay. Assume there is somewhere builder for it, allowing to customize code/tel (not meaning infamous work from vazonez).

[EP_X0FF]

Fresh MBRlock.

Landing hxxp://threedimensionaltrojans.biz/ (domain quickly regenerating)
hxxp://threedimensionaltrojans.biz/download/ <= numerous copy.

SHA-1 a2acae2c2693c14a2d814c216cdad60e659d8787

Too boring to unpack.

[Xylitol]

https://www.virustotal.com/fr/file/44e8 ... /analysis/
mbrlock