A forum for reverse engineering, OS internals and malware analysis 

Forum for completed malware requests.
 #25533  by NoSense
 Mon Mar 30, 2015 9:26 am
Hi everybody,
I'm looking for the following malware used in the attack against the puush auto-update systems:
http://www.zdnet.com/article/puush-call ... lware-hit/
https://twitter.com/puushme/status/582296580532801536
https://www.reddit.com/r/runescape/comm ... ware_risk/

Filename: puush.daemon.exe
Known paths: C:\Users\yourusername\AppData\Roaming\puush; C:\Program Files (x86)\puush
Known behaviours: Keylogger
Known C&C location: Russia

MD5: b4e349c935914a62ea1c1ead0bf8271e
SHA1: 752c880c4c47581d97f6f5261146e22d0587b20f

Thank you!
 #25534  by EP_X0FF
 Mon Mar 30, 2015 9:35 am
MD5 b4e349c935914a62ea1c1ead0bf8271e
SHA1 752c880c4c47581d97f6f5261146e22d0587b20f
SHA256 0908622d6691945e87ff3e5d40fcf6f4e84984dbc9deced74e4e81e7718951a7
Attachments
pass: infected
(134.42 KiB) Downloaded 57 times
 #25535  by NoSense
 Mon Mar 30, 2015 9:37 am
Thank you EP_X0FF!
You can move the thread to Completed Malware Requests since there are no other samples of this malware (as far as I know).