notes

The DGA of Qadars v3

In March, the following sample caught my attention because it relies on a Domain Generation Algorithm (DGA) to communicate with its C&C-servers: md5 0dcbb31cbc5279293cb5ebf4cd9eff4e

read
notes

The DGA of PadCryptVersions 2.2.86.0 and 2.2.97.1

EDIT 2016-03-06: I completely missed that Lawrence Abrams of BleepinComputer.com not only reversed the DGA of PadCrypt long before me, but also tweeted an updated version of the DGA. Many thanks to...

read
notes

The DGA of Qakbot.T

Qakbot, Akbot or Qbot is an older banking trojan from 2009 that underwent multiple modifications ā€” Symantec calls the current version Generation 10, Microsoft arrived at letter ā€œUā€ . Since at least...

read

Phorpiex - An IRC wormFull reversal for the fun of it

Phorpiex is a worm controlled over IRC. It can be instructed to do mainly three things: (1) download and run other executables, including the possibility to update itself; (2) to brute-force SMTP credentials...

read