A forum for reverse engineering, OS internals and malware analysis 

Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

Forum for analysis and discussion about malware.

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

 #7778  by Quads
 Fri Jul 29, 2011 8:45 pm
I know that, I'm not stupid, It is that fact they are using TDL's fame to spam etc. to try and infect users, so that is why I posted on the TDL board.

Quads

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

 #7895  by EP_X0FF
 Mon Aug 08, 2011 1:55 pm
markusg wrote:setup.exe
https://www.virustotal.com/file-scan/re ... 1312808492
Muldrop.

Drops TDL4
[main]
version=0.03
aid=30000
sid=7
builddate=351
installdate=8.8.2011 13:29:25
rnd=2424628990
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=hxxps://lo4undreyk.com/;hxxps://sh01cilewk.com/;hxxps://cap01tchaa.com/;hxxps://kur1k0nona.com/;hxxps://u101mnay2k.com/
wsrv=hxxp://gnarenyawr.com/;hxxp://rinderwayr.com/;hxxp://jukdoout0.com/;hxxp://swltcho0.com/;hxxp://ranmjyuke.com/
psrv=hxxp://crj71ki813ck.com/
version=0.28
additionally drops TrojanDownloader:Win32/Renos.PT and Autorunner.
Attachments
pass: malware
(324.76 KiB) Downloaded 86 times

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

 #7922  by EP_X0FF
 Wed Aug 10, 2011 3:27 pm
markusg wrote:10-Aug-11-8c802c85c3cc1c1-3018591a88b76128916af6b52492cef[...].exe
http://www.virustotal.com/file-scan/rep ... 1312983393
[main]
version=0.03
aid=30185
sid=0
builddate=351
installdate=10.8.2011 15:25:4
rnd=2157954516
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=hxxps://lo4undreyk.com/;hxxps://sh01cilewk.com/;hxxps://cap01tchaa.com/;hxxps://kur1k0nona.com/;hxxps://u101mnay2k.com/
wsrv=hxxp://gnarenyawr.com/;hxxp://rinderwayr.com/;hxxp://jukdoout0.com/;hxxp://swltcho0.com/;hxxp://ranmjyuke.com/
psrv=hxxp://crj71ki813ck.com/
version=0.28
Attachments
pass: malware
(91.15 KiB) Downloaded 93 times
  • 1
  • 49
  • 50
  • 51
  • 52
  • 53
  • 60
 Return to “Malware”