Author Topic: zeus/prg/zbot/ntos/wnspoem config file decryptor (Read 13204 times)

SysAdMini · January 01, 2009, 12:25:07 pm

http://blog.threatexpert.com/2008/12/zeus-config-decryptor.html

SysAdMini · January 18, 2009, 05:54:49 pm

This decryptor tool doesn't work for the latest version of zeus.
The config file of new zeus versions is encrypted by a key which
is compiled into the binary.

That means you need an unpacked copy of the corresponding
binary in order to decrypt the config.

example :

Code: [Select]

hxxp://58.65.236.41/cfg.bin
hxxp://58.65.236.41/z.exe

/EDIT

See also the translation of a Spanish article
http://translate.google.com/translate?prev=hp&hl=en&u=http%3A%2F%2Fblog.s21sec.com%2F2009%2F01%2Fnuevas-muestras-de-zeus.html&sl=auto&tl=en

SysAdMini · January 03, 2010, 06:35:24 pm

Decrypting the Zeus Config File
http://traversecode.blogspot.com/2009/12/decrypting-zeus-config-file.html

SysAdMini · May 03, 2010, 07:30:00 am

Config Decryptor for ZeuS 2.0
http://blog.threatexpert.com/2010/05/config-decryptor-for-zeus-20.html

Author Topic: zeus/prg/zbot/ntos/wnspoem config file decryptor (Read 13204 times)

SysAdMini

zeus/prg/zbot/ntos/wnspoem config file decryptor

SysAdMini

Re: zeus/prg/zbot/ntos/wnspoem config file decryptor

SysAdMini

Re: zeus/prg/zbot/ntos/wnspoem config file decryptor

SysAdMini

Re: zeus/prg/zbot/ntos/wnspoem config file decryptor