LadyBoyle Payload [Downloader] - KernelMode.info

LadyBoyle Payload [Downloader]

2 posts

2 posts

LadyBoyle Payload [Downloader]

#18938 by R136a1
Sun Apr 14, 2013 6:00 pm

Hi there,

for info about LadyBoyle see:
http://www.fireeye.com/blog/technical/c ... ploit.html
http://www.symantec.com/connect/blogs/a ... yle-attack

Interesting strings inside this x64 DLL:
"...
LadyBoyle_the_x64_Class
LadyBoyle_the_x32_Class
LadyBoyle
...
http://vic.lonaera.com/show/2828.exe
..."

Payload attached.

Attachments

115f8140d97b4aa55ed6dfcf461638adfb28ff0dbffc8db9fd057e0a084fd241.zip

pw: infected
(30.1 KiB) Downloaded 61 times

Malware Reversing
http://www.malware-reversing.com

Username

R136a1

Rank

Forum Admin

Posts

272

Joined

Wed Jul 13, 2011 4:30 pm

Location

Netherlands

Re: LadyBoyle Payload [Downloader]

#19114 by R136a1
Mon Apr 29, 2013 10:00 am

Fresh Ladyboyle samples (thanks to Lastline for providing the samples):

MD5: cbf17223fca96b3b8c57f4068feb0ee5
https://www.virustotal.com/en/file/7c3d ... /analysis/

-> Tries to download: _http://css.opzbpz.com/img/img.jpg (down)

MD5: b2fdb5eeb4a73e77afa02beadfc6ce07
https://www.virustotal.com/en/file/7d25 ... /analysis/

-> Tries to download: _http://bbb.rnnnb.com/add.exe (sample attached)

Attachments

(109.08 KiB) Downloaded 44 times

cbf17223fca96b3b8c57f4068feb0ee5.zip

(30.03 KiB) Downloaded 43 times

b2fdb5eeb4a73e77afa02beadfc6ce07.zip

(30.03 KiB) Downloaded 46 times

Malware Reversing
http://www.malware-reversing.com

Username

R136a1

Rank

Forum Admin

Posts

272

Joined

Wed Jul 13, 2011 4:30 pm

Location

Netherlands

Page 1 of 1
2 posts

Return to “Malware”

Display:

Sort by:

Sort by:

Jump to: