YARA support

We now have (experimental) YARA support inside radare2. If you are building from the latest git, you just have to install libyara, no need to recompile anything. [0x00000000]> yara Yara plugin | add [path] : add yara rules | clear : clear all rules | help : show this help…

ASCII graphs!

We may not have a GUI like IDA, but we still have some graphs. This is a small (200 lines of code) proof of concept, but there is more to come colors utf-8 layouts resizing animations … You can try this new feature with VV if you are using radare2…

?e Hello World

Today we are announcing the official blog of the Radare project in order to explain new features and changes, share tips and tricks, tutorials and more. The community of radare has grown a lot recently, and we need more tools to provide users a source for updated information without having…

Android.Trojan.Rubobi.A (SmsPiratBot)

Another Android botnet dumped recently.This malware can send and intercept sms from bots.Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia)In Russia, you can transfer money from one card to another card through mobile smsThis botnet is…

Android.Trojan.Rubobi.A (SmsPiratBot)

Another Android botnet dumped recently.This malware can send and intercept sms from bots.Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia)In Russia, you can transfer money from one card to another card through mobile smsThis botnet is…

Android.Trojan.Rubobi.A (SmsPiratBot)

Another Android botnet dumped recently.This malware can send and intercept sms from bots.Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia)In Russia, you can transfer money from one card to another card through mobile smsThis botnet is…

Android.Trojan.Rubobi.A (SmsPiratBot)

Another Android botnet dumped recently.This malware can send and intercept sms from bots.Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia)In Russia, you can transfer money from one card to another card through mobile smsThis botnet is…

Lame scareware

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.All the following was so lame that i need to talk about this. At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/If it's not the…

Lame scareware

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.All the following was so lame that i need to talk about this. At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/If it's not the…

Lame scareware

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.All the following was so lame that i need to talk about this. At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/If it's not the…

Lame scareware

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.All the following was so lame that i need to talk about this. At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/If it's not the…

Android/FakeToken.A

OTP forwarder dumped months ago.Login:Statistics:Bots:Bot:Passwords:Send a command:Commands sent:Apps:Apps builder:MD5s:2d4770137ae0b91446fc2f99d9fdb2b0f629adcfbcdd4622ad75337ec0b1a0ffdd4ac55df6500352dd2cad340a36a40fb9f9614775a54aa42f94eedbc47964461fababfd02ea09ae924cd0a7dbfb708cbc8394bc9c6adbcfca3d450ee4ede44a1cb87e1716c503bf499e529ee90e5b316db5cdd2648fcd445481cdfa2f2b065a2ad6f8b8e4aaf88b024e1ddb99833b798bac185b6aff0bec4686b7f4cb1659c8App settings:Settings:Second panel, a bit different, look like a 'test' one.Statistics:Phone:Phone search:Settings:RSA Security talked also about it here

Android/FakeToken.A

OTP forwarder dumped months ago.Login:Statistics:Bots:Bot:Passwords:Send a command:Commands sent:Apps:Apps builder:MD5s:2d4770137ae0b91446fc2f99d9fdb2b0f629adcfbcdd4622ad75337ec0b1a0ffdd4ac55df6500352dd2cad340a36a40fb9f9614775a54aa42f94eedbc47964461fababfd02ea09ae924cd0a7dbfb708cbc8394bc9c6adbcfca3d450ee4ede44a1cb87e1716c503bf499e529ee90e5b316db5cdd2648fcd445481cdfa2f2b065a2ad6f8b8e4aaf88b024e1ddb99833b798bac185b6aff0bec4686b7f4cb1659c8App settings:Settings:Second panel, a bit different, look like a 'test' one.Statistics:Phone:Phone search:Settings:RSA Security talked also about it here

Android/FakeToken.A

OTP forwarder dumped months ago.Login:Statistics:Bots:Bot:Passwords:Send a command:Commands sent:Apps:Apps builder:MD5s:2d4770137ae0b91446fc2f99d9fdb2b0f629adcfbcdd4622ad75337ec0b1a0ffdd4ac55df6500352dd2cad340a36a40fb9f9614775a54aa42f94eedbc47964461fababfd02ea09ae924cd0a7dbfb708cbc8394bc9c6adbcfca3d450ee4ede44a1cb87e1716c503bf499e529ee90e5b316db5cdd2648fcd445481cdfa2f2b065a2ad6f8b8e4aaf88b024e1ddb99833b798bac185b6aff0bec4686b7f4cb1659c8App settings:Settings:Second panel, a bit different, look like a 'test' one.Statistics:Phone:Phone search:Settings:RSA Security talked also about it here

Android/FakeToken.A

OTP forwarder dumped months ago.Login:Statistics:Bots:Bot:Passwords:Send a command:Commands sent:Apps:Apps builder:MD5s:2d4770137ae0b91446fc2f99d9fdb2b0f629adcfbcdd4622ad75337ec0b1a0ffdd4ac55df6500352dd2cad340a36a40fb9f9614775a54aa42f94eedbc47964461fababfd02ea09ae924cd0a7dbfb708cbc8394bc9c6adbcfca3d450ee4ede44a1cb87e1716c503bf499e529ee90e5b316db5cdd2648fcd445481cdfa2f2b065a2ad6f8b8e4aaf88b024e1ddb99833b798bac185b6aff0bec4686b7f4cb1659c8App settings:Settings:Second panel, a bit different, look like a 'test' one.Statistics:Phone:Phone search:Settings:RSA Security talked also about it here