Attachments
pass:infected
(461.63 KiB) Downloaded 60 times
(461.63 KiB) Downloaded 60 times
rkhunter wrote:One moreSame as http://www.kernelmode.info/forum/viewto ... 1A0#p10861
MD5: cb07c383a4c5dca59ad380d23ca82629
A forum for reverse engineering, OS internals and malware analysis
Spyeye.
SHA256: 2f1b980c6c59597968c172f3e68816592bad715805d90b4d9b413909476e286d
Detection ratio: 13 / 43
https://www.virustotal.com/file/2f1b980 ... 326382132/
:D
SHA256: 2f1b980c6c59597968c172f3e68816592bad715805d90b4d9b413909476e286d
Detection ratio: 13 / 43
https://www.virustotal.com/file/2f1b980 ... 326382132/
:D
Attachments
password = infected
(326.48 KiB) Downloaded 70 times
(326.48 KiB) Downloaded 70 times
Thanks.
Sample by EX!:
Pass for decrypted config: 1D877A868F11E87E27D03C3026BC37CE
Gates:
Sample by EX!:
Pass for decrypted config: 1D877A868F11E87E27D03C3026BC37CE
Gates:
hxxp://veroabelos0.com/~abrvalg2/gate.php;600Collectors:
hxxp://srepolik20.com/~abrvalg2/gate.php;600
hxxp://neropisap.com/~abrvalg2/gate.php;600
hxxp://opionisa0.com/~abrvalg2/gate.php;600
veroabelos0.com:8081
srepolik20.com:8081
neropisap.com:8081
opionisa0.com:8081
Attachments
(46.86 KiB) Downloaded 64 times
SpyEye.
https://www.virustotal.com/file/0f2ce4a ... 326525304/
Gates:
hxxp://veroabelos0.com/~abrvalg2/gate.php;1200 <--- Online
hxxp://vikingwer5.com/~abrvalg2/gate.php;1200
hxxp://daber45ex4.com/~abrvalg2/gate.php;1200
hxxp://cras86exa45.com/~abrvalg2/gate.php;1200
hxxp://kabr234exa46.com/~abrvalg2/gate.php;1200
Collectors:
veroabelos0.com:8081
vikingwer5.com:8081
daber45ex4.com:8081
cras86exa45.com:8081
kabr234exa46.com:8081
Password for decrypted config: 5180434427834B7D7C5D6B03AC241BC2
:D
https://www.virustotal.com/file/0f2ce4a ... 326525304/
Gates:
hxxp://veroabelos0.com/~abrvalg2/gate.php;1200 <--- Online
hxxp://vikingwer5.com/~abrvalg2/gate.php;1200
hxxp://daber45ex4.com/~abrvalg2/gate.php;1200
hxxp://cras86exa45.com/~abrvalg2/gate.php;1200
hxxp://kabr234exa46.com/~abrvalg2/gate.php;1200
Collectors:
veroabelos0.com:8081
vikingwer5.com:8081
daber45ex4.com:8081
cras86exa45.com:8081
kabr234exa46.com:8081
Password for decrypted config: 5180434427834B7D7C5D6B03AC241BC2
:D
Attachments
(186.32 KiB) Downloaded 85 times
SpyEye under new cryptor/obfuscator - VirTool:Win32/Obfuscator.LL (usual record - EyeStye.N does not working as can see)
MD5: 303351e5b05e93fd8780ef18c6daeeb6
3/43
MD5: 303351e5b05e93fd8780ef18c6daeeb6
3/43
Attachments
pass:infected
(166.27 KiB) Downloaded 63 times
(166.27 KiB) Downloaded 63 times
rkhunter wrote:SpyEye under new cryptor/obfuscator - VirTool:Win32/Obfuscator.LL (usual record - EyeStye.N does not working as can see)
MD5: 303351e5b05e93fd8780ef18c6daeeb6
3/43
Pass for decrypted config: 130CBE0950491F6148A65482B9B50CC4
Gates from customconnector cfg
hxxp://onlineebank.info:8080/pic1s0fs.php;150
hxxp://1nbank.info:8080/pic1s0fs.php;150
Attachments
(5.19 KiB) Downloaded 67 times
Ring0 - the source of inspiration
Attachments
pass:infected
(326.35 KiB) Downloaded 71 times
(326.35 KiB) Downloaded 71 times
rkhunter wrote:SpyEye FUDReviewed before
MD5: e8754229e032e9d0f5b618f083110577
0/0
http://www.kernelmode.info/forum/viewto ... 1A0#p10976
http://www.kernelmode.info/forum/viewto ... 1A0#p10949
http://www.kernelmode.info/forum/viewto ... 1A0#p10861
http://www.kernelmode.info/forum/viewto ... 1A0#p10628
unpacked dropper attached (obfuscation and upx removed), config is the same as above.
https://www.virustotal.com/file/ee7d2b5 ... 327159610/
Attachments
pass: malware
(173.85 KiB) Downloaded 85 times
(173.85 KiB) Downloaded 85 times
Ring0 - the source of inspiration
brothers found this panel and said new version
http://imageshack.us/photo/my-images/35/1480v.png
http://imageshack.us/photo/my-images/35/1480v.png
