NgrBot (aka Win32/Dorkbot.gen!A) - Page 5

Re: NgrBot (aka Win32/Dorkbot.gen!A)

#11865 by rkhunter
Tue Feb 28, 2012 9:38 am

MD5: D37E913DE5A101812C263965AB17CCED
0/43

Attachments

D37E913DE5A101812C263965AB17CCED.zip

pass:infected
(133.54 KiB) Downloaded 79 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: NgrBot (aka Win32/Dorkbot.gen!A)

#12099 by rkhunter
Tue Mar 13, 2012 5:41 pm

http://blogs.technet.com/b/mmpc/archive ... g-bad.aspx

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: NgrBot (aka Win32/Dorkbot.gen!A)

#12493 by nullptr
Mon Apr 02, 2012 2:44 pm

http://www.virustotal.com/file/7fd47383 ... /analysis/

dropper + decrypted files in attachment

Attachments

Dorkbot.zip

pwd: malware
(165.82 KiB) Downloaded 76 times

Username

nullptr

Posts

209

Joined

Sun Mar 14, 2010 6:35 am

Re: NgrBot (aka Win32/Dorkbot.gen!A)

#13953 by 360Tencent
Wed Jun 13, 2012 5:57 pm

http://resources.infosecinstitute.com/ngr-rootkit/

Username

360Tencent

Posts

116

Joined

Thu Dec 15, 2011 12:47 pm

Worm:Win32/Dorkbot.A

#15629 by dumb110
Mon Sep 17, 2012 6:40 am

i am looking for:
http://minotauranalysis.com/search.aspx ... 2cc93d2b54

Username

dumb110

Posts

111

Joined

Tue Jun 05, 2012 1:29 pm

Re: Malware Requests, part 2

#15630 by EP_X0FF
Mon Sep 17, 2012 6:54 am

dumb110 wrote:i am looking for:
http://minotauranalysis.com/search.aspx ... 2cc93d2b54

Attachments

VideoExclusivo.rar

pass: malware
(123.48 KiB) Downloaded 73 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

skype spam (trojan)

#15814 by markusg
Sat Sep 29, 2012 11:57 pm

today night, we get some requests from infected peoples, they get in a message, this files, via sendspacee urls
https://www.virustotal.com/file/2b5ef3b ... /analysis/
normaly it comes as zip archiv

Attachments

image-skype.rar

(160.63 KiB) Downloaded 62 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: skype spam (trojan)

#15815 by markusg
Sun Sep 30, 2012 12:33 am

it connect to:
promos.fling.com
and other ips, i seen in zero access samples, so perhaps z-access.
it loads other files from hotfile, i will attach

Attachments

dropped.rar

(271.84 KiB) Downloaded 61 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: skype spam (trojan)

#15816 by markusg
Sun Sep 30, 2012 12:38 am

ok
the produkt name
ProductName..............: ;%`TODO;%`:;%`Product;%`;%`Name;%`
of
File name:
weifgwf.ong
shows me also, its z-access, i see this in the uploaded samples of main in the last days
but this one drops z-access into recycler

Last edited by markusg on Sun Sep 30, 2012 3:43 am, edited 1 time in total.

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: skype spam (trojan)

#15817 by markusg
Sun Sep 30, 2012 3:05 am

a ok, so
ogxEz57
is the file sending the infekted links to kontakts:
url chema:
sendspace.com/pro/dl/8a963g?image =kontaktname

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm