About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Monday, November 17, 2014

Server.class 3d9ffbe03567067ae0d68124b5b7b748 from Alienspy rat

File: Server.class
MD5:  3d9ffbe03567067ae0d68124b5b7b748
Size: 520

Ascii Strings:
---------------------------------------------------------------------------
config
Ljava/util/Properties;
socket
Ljava/net/Socket;
Ljava/io/ObjectOutputStream;
Ljava/io/ObjectInputStream;
<init>
Code
LineNumberTable
LocalVariableTable
this
Lplugins/Server;
onLine
OnOffLine
offLine
getId
()Ljava/lang/String;
SourceFile
Server.java
plugins/Server
java/lang/Object

Unicode Strings:
---------------------------------------------------------------------------

iWimMQLgpsT2624529381479181764.png Java Alienspy+pony loader strings

File: iWimMQLgpsT2624529381479181764.png
MD5:  fab8de636d6f1ec93eeecaade8b9bc68
Size: 755017

Read more »
Labels: ,

Alienspy timestamp file 29OVHAabdr.tmp 355fe2f7e5dde196d446d9043858f850 and 1fe3748200de881996a9b861c0c925ec

1416188848781 << time in unix epoch format


File: 29OVHAabdr.tmp
MD5:  355fe2f7e5dde196d446d9043858f850
Size: 13

Ascii Strings:
---------------------------------------------------------------------------
1416188848781

Unicode Strings:
---------------------------------------------------------------------------

==========================================================
File: xooJlYrm61.tmp
MD5:  1fe3748200de881996a9b861c0c925ec
Size: 13

Ascii Strings:
---------------------------------------------------------------------------
1380162273468

Unicode Strings:
---------------------------------------------------------------------------

e783bdd20a976eaeaae1ff4624487420 strings Desktop.ini

File: Desktop.ini
MD5:  e783bdd20a976eaeaae1ff4624487420
Size: 63

Ascii Strings:
---------------------------------------------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}

Unicode Strings:
---------------------------------------------------

AlienSpy classes strings (from MD5: ABE6EF71E44D2E145033800D0DCCEA57.jar)

File: Server.class
MD5:  3d9ffbe03567067ae0d68124b5b7b748
Size: 520

Read more »
Labels:

AlienSply RAT strings db46adcfae462e7c475c171fbe66df82

File: unXX0JIhwW.txt
MD5:  db46adcfae462e7c475c171fbe66df82
Size: 131178

Read more »
Labels:

Pony Loader dropped .bat file 3880eeb1c736d853eb13b44898b718ab strings

File: 13648031.bat
MD5:  3880eeb1c736d853eb13b44898b718ab
Size: 94

Ascii Strings:
---------------------------------------------------------------------------
   :ktk  
     del  
 %1
if
 exist
   %1
  goto
 ktk
 del
  %0

Unicode Strings:
---------------------------------------------------------------------------
Labels:

Pony Loader strings asdqw4727319084772952101234.exe b5e7cd42b45f8670adaf96bbca5ae2d0

File: asdqw4727319084772952101234.exe
MD5:  b5e7cd42b45f8670adaf96bbca5ae2d0
Size: 792122

Read more »
Labels:

OiuFr7LcfXq1847924646026958055.vbs - AlienRAT dropped VBS

Note: Laura is the user name on the sandbox


File: OiuFr7LcfXq1847924646026958055.vbs
MD5:  9e1ede0dedadb7af34c0222ada2d58c9
Size: 1542

Read more »
Labels:
Subscribe to: Posts (Atom)