Quantcast
Channel: XyliBox
Browsing all 25 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Win32/Spy.POSCardStealer.O and unknown POS Sniffer

Finally some new stuff (hmm, no)Let's talk about Win32/Spy.POSCardStealer.O identified by ESET.It's pretty lame but let's see it anyway.On the first procedure the malware will register a reg key in...

View Article



Image may be NSFW.
Clik here to view.

Win32/Atrax.A

Atrax is a TOR botnet, you can read about it on the excellent post of Aleksandr.Someone on kernelmode.info posted recently a fresh sample:MD5: 44a6a7d4a039f7cc2db6e85601f6d8c1Fun things also, the coder...

View Article

Image may be NSFW.
Clik here to view.

Win32/BruteForce.WP

DrWeb released a news about this malware in August, they know it as 'Trojan.WPCracker.1'And more recently ~ 1e8cd0f0f1702820c870302520bc0176.This executable communicate with a C&C at...

View Article

Image may be NSFW.
Clik here to view.

How the protection of Citadel got cracked

Recently on a forum someone requested cbcs.exe (Citadel Backconnect Server)If you want to read more about the Backconnect on Citadel, the link that g4m372 shared is cool:...

View Article

Image may be NSFW.
Clik here to view.

Jolly Roger Stealer

Friend Kafeine have already do a post on it, although someone recently sent me a url on my cybercrime tracker.. i give a f%$k• dns: 1 ›› ip: 178.162.193.24 - adresse: LOADER.ISTMEIN.DEBot statistic:CPU...

View Article


Image may be NSFW.
Clik here to view.

Troj/WowSpy-A

Recently a malware who target World of Warcraft got identified.This threat is known as Disker, Mal/DllHook-A or Trojan.Siggen5.64266 and can steal player accounts even if they use a Battle.net...

View Article

Image may be NSFW.
Clik here to view.

Decoding Zeus 2.9.6.1 dynamic config

I got a look on the zeus builder who was released by the MMBB guy on exploit.in, finally i'm decided to write something about it, so let's talk about the change in the config encryption.MD5:...

View Article

Image may be NSFW.
Clik here to view.

Plasma HTTP

Advert:Login:Online bot:offline bots:Commands:Statistics:Logs:Yeah take this lame article to second degree, i just talk about Plasma because i've promised to write something today on irc.I'm not dead...

View Article


Image may be NSFW.
Clik here to view.

Zeus 1.1.3.4

RSA FirstWatch throw me recently a sample of a 'new' Zeus variant.I didn't really check all the changes that were made but seem it's nothing more than just a standard Zeus v2.But wait, it communicates...

View Article


Image may be NSFW.
Clik here to view.

ZeusVM and steganography

Months ago, researchers observed an evolution of ZeusVM, time to get back on this family.For informations,The first ZeusVM sample i've seen using steganography was the 21 November 2013.The IP of the...

View Article

Image may be NSFW.
Clik here to view.

Android/FakeToken.A

OTP forwarder dumped months ago.Login:Statistics:Bots:Bot:Passwords:Send a command:Commands sent:Apps:Apps...

View Article

Image may be NSFW.
Clik here to view.

Lame scareware

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.All the following was so lame that i need...

View Article

Image may be NSFW.
Clik here to view.

Android.Trojan.Rubobi.A (SmsPiratBot)

Another Android botnet dumped recently.This malware can send and intercept sms from bots.Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the...

View Article


Image may be NSFW.
Clik here to view.

ATSEngine

ATSEngine injects can be found oftenly inside Zeus configs, it makes the webinjects more dynamic because most of the content is located remotely and can be updated much easily instead of sending new...

View Article

Image may be NSFW.
Clik here to view.

Install service for Malware affiliates and individuals

This install service was running since a long time but the server recently died.People targeted are from Russia, Ukraine, Belarus, Kazakhstan, and Uzbekistan.Login:Statistics by days:(Date, Unique...

View Article


Image may be NSFW.
Clik here to view.

i/o

Wow, it's been a awhile since i haven't written anything new here...So to answer many questions.. no i'm not dead, and will try to get active again a bit next year.I'm not writing this due to...

View Article

Image may be NSFW.
Clik here to view.

iBanking

iBanking is an android malware made to intercept voice and text informations.The panel is poorly coded.Login:Projects:Phone list:SMS List:All SMS (Incomming)All SMS (Outgoing):Call list...

View Article


Image may be NSFW.
Clik here to view.

Neutrino bot

Neutrino bot is a malware who appeared and vanished quickly like Phase.not worth the look anyway. Advert:Login:Task:Statistics:Clients:Files:Logs:Settings:

View Article

Image may be NSFW.
Clik here to view.

Phase (Win32/PhaseBot-A)

Small write-up about 'Phase' a malware who appeared and vanished very rapidly.I had a look on it with MalwareTech who wrote several stories, it was shown that Phase is in reality a 'new' version of...

View Article

Image may be NSFW.
Clik here to view.

Captain Barbarossa

Captain Barbarossa, is used for Paypal phishing and sold as phishing kit, the kit include an admin panel.User is tricked with a fake Paypal login asking for details, here in German:Once infos are...

View Article
Browsing all 25 articles
Browse latest View live




Latest Images