Malware Domain List

Malware Related => Malware Analysis => Topic started by: SysAdMini on January 01, 2009, 12:25:07 pm

Title: zeus/prg/zbot/ntos/wnspoem config file decryptor
Post by: SysAdMini on January 01, 2009, 12:25:07 pm
http://blog.threatexpert.com/2008/12/zeus-config-decryptor.html
Title: Re: zeus/prg/zbot/ntos/wnspoem config file decryptor
Post by: SysAdMini on January 18, 2009, 05:54:49 pm
This decryptor tool doesn't work for the latest version of zeus.
The config file of new zeus versions is encrypted by a key which
is compiled into the binary.

That means you need an unpacked copy of the corresponding
binary in order to decrypt the config.

example :
Code: [Select]
hxxp://58.65.236.41/cfg.bin
hxxp://58.65.236.41/z.exe

/EDIT

See also the translation of a Spanish article
http://translate.google.com/translate?prev=hp&hl=en&u=http%3A%2F%2Fblog.s21sec.com%2F2009%2F01%2Fnuevas-muestras-de-zeus.html&sl=auto&tl=en
Title: Re: zeus/prg/zbot/ntos/wnspoem config file decryptor
Post by: SysAdMini on January 03, 2010, 06:35:24 pm
Decrypting the Zeus Config File
http://traversecode.blogspot.com/2009/12/decrypting-zeus-config-file.html
Title: Re: zeus/prg/zbot/ntos/wnspoem config file decryptor
Post by: SysAdMini on May 03, 2010, 07:30:00 am
Config Decryptor for ZeuS 2.0
http://blog.threatexpert.com/2010/05/config-decryptor-for-zeus-20.html