Posted on 31 December 2010.
Browsing some malware repositories I found an interesting one from MDL Blog do Birungueta discuss a lot of software, it is a huge (might be famous) blog that I didn’t know about, are they providing malwares? The malware was hosted in .ru while this blog is Brazilian, are those related? Let’s see. source: unnurhmint.com/_/2/installer_v4.3061.exe date/time: [...]
Full story: KaffeNews
Posted in SecurityComments Off
Posted on 18 December 2010.
[Note: This post is continuation of my previous article] Let’s dive deeper into the internals of this powerful backdoor program. 1. Protocol Decryption Leouncia’s C&C payload decryption consists of two major phases. The first part is the formulation of a dynamic permutation table using a variable 128 bit key. This permutation table is further used to decrypt the actual payload. Let me explain it step by step: 1.1 Table Construction The main ingredient of this…
– Atif Mushtaq on FireEye Malware Intelligence Lab
Posted in SecurityComments Off
