Trojan SpyEye (alias Pincav) - Page 37

Re: Trojan SpyEye (alias Pincav)

#12201 by rkhunter
Sat Mar 17, 2012 1:35 pm

Again...

MD5: 5E7AC0EAE9D3B069D90BD5AD849BA95E
4/43

Attachments

5E7AC0EAE9D3B069D90BD5AD849BA95E.zip

pass:infected
(151.11 KiB) Downloaded 76 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#12225 by Neurofunk
Mon Mar 19, 2012 9:05 pm

Must be relatively fresh low detection on this, only reason I found this on a users machine was because of this:
C:\Documents and Settings\<removed>\Local Settings\Temporary Internet Files\Content.IE5\U6VNK9EL\Ticket_American_Airlines_pdf[1]\Ticket_American_Airlines_pdf.exe

Executable and Conf found in C:\Windows7 hidden from view I have attached them below, the downloader in the fake American Airlines ticket was this: TrojanDownloader:Win32/Dofoil.O

File name: 4D525EC11CC.exe
https://www.virustotal.com/file/4652cc4 ... 332190253/
MD5: f1dbc166edca50739836562ab54a1aeb
0/43

Attachments

4D525EC11CC.zip

Password: infected
(569.96 KiB) Downloaded 71 times

Username

Neurofunk

Posts

28

Joined

Tue Oct 25, 2011 5:28 pm

Re: Trojan SpyEye (alias Pincav)

#12227 by EP_X0FF
Tue Mar 20, 2012 3:32 am

Neurofunk wrote:File name: 4D525EC11CC.exe
https://www.virustotal.com/file/4652cc4 ... 332190253/
MD5: f1dbc166edca50739836562ab54a1aeb
0/43

Unpacked dropper and decrypted config in attach.

Attachments

Malware.rar

pass: malware
(458.08 KiB) Downloaded 69 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#12228 by rough_spear
Tue Mar 20, 2012 6:29 am

Hi EP_X0FF,
What is the password for decrypted13x_78B99546421ABAB330B17D278262EABB.zip file.

EP_X0FF wrote:
Neurofunk wrote:File name: 4D525EC11CC.exe
https://www.virustotal.com/file/4652cc4 ... 332190253/
MD5: f1dbc166edca50739836562ab54a1aeb
0/43
Unpacked dropper and decrypted config in attach.

Regards,

rough_spear.

Username

rough_spear

Posts

163

Joined

Mon Oct 18, 2010 4:46 pm

Location

India

Re: Trojan SpyEye (alias Pincav)

#12229 by rkhunter
Tue Mar 20, 2012 7:34 am

Installs to C:\x64drvsys.

MD5: 52CB0A4257D13881E8ACFA39327372A0
3/43

Attachments

52CB0A4257D13881E8ACFA39327372A0.zip

pass:infected
(149.73 KiB) Downloaded 77 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#12237 by EP_X0FF
Tue Mar 20, 2012 10:38 am

rough_spear wrote:Hi EP_X0FF,
What is the password for decrypted13x_78B99546421ABAB330B17D278262EABB.zip file.

78B99546421ABAB330B17D278262EABB

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#12244 by rkhunter
Tue Mar 20, 2012 5:21 pm

SpyEye's Top 40 Banks http://www.f-secure.com/weblog/archives/00002335.html

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#12247 by STRELiTZIA
Tue Mar 20, 2012 7:20 pm

rkhunter wrote:Installs to C:\x64drvsys.

MD5: 52CB0A4257D13881E8ACFA39327372A0
3/43

The same (password, gates and collectors):
http://www.kernelmode.info/forum/viewto ... BC2#p11025

Username

STRELiTZIA

Posts

104

Joined

Sun Mar 14, 2010 7:02 am

Re: Trojan SpyEye (alias Pincav)

#12355 by markusg
Mon Mar 26, 2012 5:52 pm

SHA256:
ed59625b28d9a6226839c3c6d5f966ecdfd4da53693c765eda0d8fe1169e7e47
File name:
Washer2.rar.exe
Detection ratio:
10 / 43
https://www.virustotal.com/file/ed59625 ... 332784113/

Attachments

Washer2.rar

(79.5 KiB) Downloaded 62 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Trojan SpyEye (alias Pincav)

#12356 by Buster_BSA
Mon Mar 26, 2012 7:32 pm

markusg wrote:SHA256:
ed59625b28d9a6226839c3c6d5f966ecdfd4da53693c765eda0d8fe1169e7e47
File name:
Washer2.rar.exe
Detection ratio:
10 / 43
https://www.virustotal.com/file/ed59625 ... 332784113/

Corrupted sample?

Username

Buster_BSA

Posts

390

Joined

Mon Mar 22, 2010 6:42 am