Security_Guy

YARA support

April 30, 2014 by The Official Radare Blog

The Official Radare Blog

We now have (experimental) YARA support inside radare2. If you are building from the latest git, you just have to install libyara, no need to recompile anything. [0x00000000]> yara Yara plugin | add [path] : add yara rules | clear : clear all rules | help : show this help…

Continue Reading

ASCII graphs!

April 30, 2014 by The Official Radare Blog

The Official Radare Blog

We may not have a GUI like IDA, but we still have some graphs. This is a small (200 lines of code) proof of concept, but there is more to come colors utf-8 layouts resizing animations … You can try this new feature with VV if you are using radare2…

Continue Reading

?e Hello World

April 29, 2014 by The Official Radare Blog

The Official Radare Blog

Today we are announcing the official blog of the Radare project in order to explain new features and changes, share tips and tricks, tutorials and more. The community of radare has grown a lot recently, and we need more tools to provide users a source for updated information without having…

Continue Reading

Android.Trojan.Rubobi.A (SmsPiratBot)

April 27, 2014 by Steven K

Steven K

Another Android botnet dumped recently.This malware can send and intercept sms from bots.Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia)In Russia, you can transfer money from one card to another card through mobile smsThis botnet is…

Continue Reading

Android.Trojan.Rubobi.A (SmsPiratBot)

April 27, 2014 by Steven K

Steven K

Another Android botnet dumped recently.This malware can send and intercept sms from bots.Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia)In Russia, you can transfer money from one card to another card through mobile smsThis botnet is…

Continue Reading

Android.Trojan.Rubobi.A (SmsPiratBot)

April 27, 2014 by Steven K

Steven K

Another Android botnet dumped recently.This malware can send and intercept sms from bots.Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia)In Russia, you can transfer money from one card to another card through mobile smsThis botnet is…

Continue Reading

Android.Trojan.Rubobi.A (SmsPiratBot)

April 27, 2014 by Steven K

Steven K

Another Android botnet dumped recently.This malware can send and intercept sms from bots.Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia)In Russia, you can transfer money from one card to another card through mobile smsThis botnet is…

Continue Reading

Lame scareware

April 27, 2014 by Steven K

Steven K

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.All the following was so lame that i need to talk about this. At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/If it's not the…

Continue Reading

Lame scareware

April 27, 2014 by Steven K

Steven K

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.All the following was so lame that i need to talk about this. At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/If it's not the…

Continue Reading

Lame scareware

April 27, 2014 by Steven K

Steven K

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.All the following was so lame that i need to talk about this. At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/If it's not the…

Continue Reading

Lame scareware

April 27, 2014 by Steven K

Steven K

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.All the following was so lame that i need to talk about this. At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/If it's not the…

Continue Reading

Android/FakeToken.A

April 20, 2014 by Steven K

Steven K

OTP forwarder dumped months ago.Login:Statistics:Bots:Bot:Passwords:Send a command:Commands sent:Apps:Apps builder:MD5s:2d4770137ae0b91446fc2f99d9fdb2b0f629adcfbcdd4622ad75337ec0b1a0ffdd4ac55df6500352dd2cad340a36a40fb9f9614775a54aa42f94eedbc47964461fababfd02ea09ae924cd0a7dbfb708cbc8394bc9c6adbcfca3d450ee4ede44a1cb87e1716c503bf499e529ee90e5b316db5cdd2648fcd445481cdfa2f2b065a2ad6f8b8e4aaf88b024e1ddb99833b798bac185b6aff0bec4686b7f4cb1659c8App settings:Settings:Second panel, a bit different, look like a 'test' one.Statistics:Phone:Phone search:Settings:RSA Security talked also about it here

Continue Reading

Android/FakeToken.A

April 20, 2014 by Steven K

Steven K

OTP forwarder dumped months ago.Login:Statistics:Bots:Bot:Passwords:Send a command:Commands sent:Apps:Apps builder:MD5s:2d4770137ae0b91446fc2f99d9fdb2b0f629adcfbcdd4622ad75337ec0b1a0ffdd4ac55df6500352dd2cad340a36a40fb9f9614775a54aa42f94eedbc47964461fababfd02ea09ae924cd0a7dbfb708cbc8394bc9c6adbcfca3d450ee4ede44a1cb87e1716c503bf499e529ee90e5b316db5cdd2648fcd445481cdfa2f2b065a2ad6f8b8e4aaf88b024e1ddb99833b798bac185b6aff0bec4686b7f4cb1659c8App settings:Settings:Second panel, a bit different, look like a 'test' one.Statistics:Phone:Phone search:Settings:RSA Security talked also about it here

Continue Reading

Android/FakeToken.A

April 20, 2014 by Steven K

Steven K

OTP forwarder dumped months ago.Login:Statistics:Bots:Bot:Passwords:Send a command:Commands sent:Apps:Apps builder:MD5s:2d4770137ae0b91446fc2f99d9fdb2b0f629adcfbcdd4622ad75337ec0b1a0ffdd4ac55df6500352dd2cad340a36a40fb9f9614775a54aa42f94eedbc47964461fababfd02ea09ae924cd0a7dbfb708cbc8394bc9c6adbcfca3d450ee4ede44a1cb87e1716c503bf499e529ee90e5b316db5cdd2648fcd445481cdfa2f2b065a2ad6f8b8e4aaf88b024e1ddb99833b798bac185b6aff0bec4686b7f4cb1659c8App settings:Settings:Second panel, a bit different, look like a 'test' one.Statistics:Phone:Phone search:Settings:RSA Security talked also about it here

Continue Reading

Android/FakeToken.A

April 20, 2014 by Steven K

Steven K

OTP forwarder dumped months ago.Login:Statistics:Bots:Bot:Passwords:Send a command:Commands sent:Apps:Apps builder:MD5s:2d4770137ae0b91446fc2f99d9fdb2b0f629adcfbcdd4622ad75337ec0b1a0ffdd4ac55df6500352dd2cad340a36a40fb9f9614775a54aa42f94eedbc47964461fababfd02ea09ae924cd0a7dbfb708cbc8394bc9c6adbcfca3d450ee4ede44a1cb87e1716c503bf499e529ee90e5b316db5cdd2648fcd445481cdfa2f2b065a2ad6f8b8e4aaf88b024e1ddb99833b798bac185b6aff0bec4686b7f4cb1659c8App settings:Settings:Second panel, a bit different, look like a 'test' one.Statistics:Phone:Phone search:Settings:RSA Security talked also about it here

Continue Reading