Last week the Security researchers from Arbor Network released a report on the POS Soraya malware, they included various hashes and values which allowed researchers to research the Soraya malware. The Arbor Network did not include the source code of the Soraya POS. The found Soraya POS malware contains similarities to the Dexter and Zeus family.
The Soraya Source code
The Security Researchers from RedSocks (The Netherlands), have done a quick sweep on the Soraya malware. We had some contact with the RedSocks company, as they are experienced malware hunters. We asked them if they could provide additional information on the Soraya POS malware.
The RedSocks security researchers provided incredible valuable information about the Soraya POS malware. They were able to find the ‘Soraya Source code’.
Take a look at the following screenshots which are taken from a malicious POS Soraya malware server.
Soraya POS malware files on malicious POS server.
The cybercriminals behind the Soraya malware are using WordPress environments to host the Soraya C&C malware.
Soraya malware behaviour analysis
Soraya malware behaviour analysis 1
Md5 hashes
1df57b31a4bca7a1c93ecd50bd8fd8bf auth.php
67a6bf5b9b23c6588c756c2f2a74635c bot.php
c3e9d1dda7f1f71b4e1e2ead7c7406dd commands.php
515232eb815b7bafab57c7cdca437a7a formgrab.php
ff8cc2e792a59d068f35cb3eb2ea69bc funcs.php
b64ea0c3e9617ccd2f22d8568676a325 /inc/GeoIP.dat
d2ba8b27dc886b36e0e8ec10e013d344 /inc/geoip.inc
c94285b73f61204dcee5614f91aaf206 login.php
d9e7f69822821188eac36b82928de2a0 logout.php
e5dadfff0bc1f2113fedcf4eb3efd02f settings.php
22888a7b45adc60593e4fc2fe031be98 statistics.php
ecf98e76c99f926e09246b02e53f2533 style.css
3f391740cbbd9623c4dfb19fb203f5bc trackgrab.php
ea9a242932dfa03084db3895cf798be5 viewlog.php
Countries infected by the Soraya POS malware
Security researchers
If you are a security researcher and you want to have a copy of the ‘Soraya source code’, then send us a message via the contact form. We will respond as soon as possible.
Do include the following information in the request:
Company name
Reason why you need the files
Location of the company
Contact us
The post Download POS Soraya source code appeared first on Cyberwarzone.