A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #30680  by Xylitol
 Fri Aug 04, 2017 7:36 pm
Sargerras wrote:http://securityblog.s21sec.com/2014/08/ ... -here.html
i just retrieved some old screenshots of the webinjects tied to it from a draft post on my blog i never published.
As mentioned by S21 it was targeting french banks, in more detail: Caisse d'épargne, BNP Paribas, LCL, La banque postale, CIC...
they was using proachater.com, privedmidved.net, securetargeting.com, 109.234.34.156 and probably many other domains i forgot.
i've surely have their server dump somewhere, in the meantime web controller attached (i know 2 versions and both are same crap, just cosmetic changes)
Attachments
infected
(3.36 MiB) Downloaded 61 times
infected
(4.07 MiB) Downloaded 54 times
(1.46 MiB) Downloaded 56 times
 #31652  by ynvb
 Wed Jun 13, 2018 4:41 am
Following the recent affairs, we've took a deeper look on the similarities between Kronos and UPAS-Kit.
(Not suggesting in any way a relation between *any of the malware* to @MalwareTechBlog ofcourse, simply a technical analysis).

https://research.checkpoint.com/deep-di ... vs-kronos/