[maddog4012]

Do you have any samples or hash values for ModPOS

[benkow_]

if you have access to VT: https://www.virustotal.com/en/file/2004 ... /analysis/ (source: https://twitter.com/Seifreed/status/669543251804835840 and http://www.monerisusa.com/support/~/med ... 14JUL.ashx )

[Xylitol]

attached.

[R136a1]

Hi folks,

some info about this malware can be found here: http://www.isightpartners.com/2015/11/modpos/

Because the report does not mention any file hashes (which sucks!), I thought I give it a try and finally found some droppers. Might be older versions, since the PE time stamps date back to 2012. Anyway, better than nothing...

Droppers:
https://www.virustotal.com/en/file/4e32 ... /analysis/
https://www.virustotal.com/en/file/2aa3 ... /analysis/
https://www.virustotal.com/en/file/6c9d ... /analysis/
https://www.virustotal.com/en/file/4739 ... /analysis/
https://www.virustotal.com/en/file/f4ea ... /analysis/

Main driver component can be found here: http://www.kernelmode.info/forum/viewto ... =20&t=4119

Regards

[p1nk]

I compressed all the PoS samples listed in the Discover report and uploaded them to:

http://malshare.com/users/~p1nk/pos_bulk.zip

password: infected

[Phant0m]

Did anyone got fallback url from samples ? maybe to try hacking panel