Pages

Thursday, March 21, 2013

DarkSeoul - Jokra - MBR wiper samples



If all you needed for happiness is to destroy a few virtual machines, here are the samples for today's headline maker.
The malware overwrites master boot record (MBR) as described here:
Trojan.Jokra - Symantec
DarkSeoul: SophosLabs identifies malware used in South Korean internet attack
South Korean Banks, Media Companies Targeted by Destructive Malware - McAfee
South Korean Banks and Broadcasting Organizations Suffer Major Damage from Cyber Attack - Symantec.




SHA256: 422c767682bee719d85298554af5c59cf7e48cf57daaf1c5bdd87c5d1aab40cc
SHA1: bf823cfee2b2072efb7fed11898eb235e2b3c1ed
MD5: 9263e40d9823aecf9388b64de34eae54
File size: 417.5 KB ( 427520 bytes )
File type: Win32 EXE
Tags: peexe upx
Detection ratio: 14 / 45
Analysis date: 2013-03-21 01:23:59 UTC ( 2 hours, 55 minutes ago )
AhnLab-V3 Dropper/Eraser.427520 20130320
AntiVir TR/KillMBR.Y.2 20130320
Commtouch W32/Warezov.gen2!W32DL 20130320
DrWeb Trojan.KillFiles.10563 20130321
F-Prot W32/Warezov.gen2!W32DL 20130321
Microsoft Trojan:Win32/Dembr.A 20130320
NANO-Antivirus Virus.Win32.Gen.ccmw 20130321
nProtect Trojan/W32.Agent.427520.EJ 20130320
PCTools Trojan.Jokra 20130321
Symantec Trojan.Jokra 20130321
TrendMicro-HouseCall TROJ_GEN.F47V0320 20130321
VBA32 BScope.Trojan.MTA.0161 20130320
ViRobot Dropper.S.Agent.427520.A 20130320


SHA256: 239ed753232d3cc0e75323d16d359150937934d30da022628e575997c8dd60a2
SHA1: 9f69da40dda6367789041aaff01cf61d562b7c21
MD5: 5fcd6e1dace6b0599429d913850f0364
File size: 24.0 KB ( 24576 bytes )
File name: 239ed753232d3cc0e75323d16d359150937934d30da022628e575997c8dd60a2
File type: Win32 EXE
Tags: peexe
Detection ratio: 16 / 45
Analysis date: 2013-03-21 00:33:17 UTC ( 3 hours, 48 minutes ago )
AhnLab-V3 Win-Trojan/Agent.24576.JPG 20130320
AntiVir TR/KillMBR.Y.1 20130320
ClamAV Win.Trojan.Agent-257543 20130320
DrWeb Trojan.KillFiles.10563 20130321
Fortinet W32/Pak.ACED1!tr 20130320
Malwarebytes Trojan.MBR.Killer 20130320
McAfee KillMBR-FBIA 20130320
McAfee-GW-Edition Artemis!5FCD6E1DACE6 20130320
NANO-Antivirus Virus.Win32.Gen.ccmw 20130320
nProtect Trojan/W32.Agent.24576.EAO 20130320
PCTools Trojan.Jokra 20130321
Sophos Mal/EncPk-ACE 20130320
Symantec Trojan.Jokra 20130321
TrendMicro TROJ_INJECTO.BDE 20130320
TrendMicro-HouseCall TROJ_INJECTO.BDE 20130321
ViRobot Trojan.Win32.U.KillMBR.24576.A 20130320


8 comments:

  1. HelloI study and analysis of malicious code professionals.
    I'd like to know darkseoul.zip password you would like to analyze the.

    my email adress : d_k016@naver.com

    ReplyDelete
  2. Hello I study malicious code professionals.
    I'd like to know darkseoul.zip password Please reply to me

    my email adress : master0226@naver.com

    ReplyDelete
  3. Please do not leave your addresses here. The instructions say "please email me". thank you. You will be spammed by email harvesters and no passwords.

    ReplyDelete
    Replies
    1. Your email adrees is not correct. So I couldn`t send mail to you

      Delete
    2. It is in my profile. Works for everyone

      Delete
  4. hi plese reply to me darkseoul.zip
    my email address : ddongsbrk@gmail.com

    ReplyDelete
  5. Hi, I'd like to know darkseoul.zip password. My email: rogerliu0630@gmail.com

    Thanks

    ReplyDelete
    Replies
    1. Request declined. Read comments and replies to them above.

      Delete