Log in with:
Facebook | Google

Name: fbimal


This is an execution of shellcode from an exploit found on Tor hidden services hosted by Freedom Hosting in September 2013. Freedom Hosting was taken down by the FBI, and an exploit for the Tor Browser Bundle was placed on the page.

The shellcode was manually extracted from the javascript on the page, placed into a C wrapper program, and then executed. As expected, the shellcode collects system information and then reports to a server that is presumably controlled by the FBI. An accompanying pcap has the traffic associated with the shellcode.

Download: rrlogs/fbimal.rr

Tags: fbi   malware   win7  

QEMU Command Line:

$PANDA_DIR/qemu/x86_64-softmmu/qemu-system-x86_64 -m 1024 -replay fbimal 

Created by: moyix

Uploaded on: Jan. 6, 2014, 3:07 p.m.