securitybananas.com

In many reports we see that countries like Russia, India, Brasil are taking part in the world of cybercrime. During a research I discoverd an executbale which was new to me. Before going into reverse engineering I always try to use the short-way and searched for it on some forums. The ‘tool’ is called ‘Deeper RAT’. According to the developer with the nickname ‘binaryEvil’, ‘it’s a reverse connection remote administration tool that allows you to remote control computers that are behind firewalls and routers’

According to the developer it has following features:

[Features:]

[1] Main:
[a] Server size ~ 80 Kb
[b] Memory execution
[c] Encrypted connection
[d] All traffics are through one port
[e] Users filtration
[f] Broadcasting
[g] Sound events

[2] Spy:
[a] Information
[b] Unicode Key Logger
-> OFF Keys
[c] CAM Capture
[d] Screen Capture
[e] Clipboard Monitor

[3] Manage:
[a] Process Manager
[b] Service Manager
-> Install Service
-> Edit Service
[c] Window Manager
[d] File Manager
-> File Search
-> Multiple File Transfer
[e] Registry Manager
-> Registry Search

[4] Tools:
[a] CMD Shell
[b] Multiple Downloader
[c] Power Manager

In the next screenshot you will see the ‘Service Manager’

The main port Deeper is running on is TCP 511 and the default password provided is abcd1234 (duh)

No detection (yet) from AV vendors.

Extra information:

File size executable Deeper: 1929216 bytes

MD5 checksum 5581b843081c9cc1d742b4cac0d13fe9

PEInfo: PE Structure information

( base data )
entrypointaddress.: 0×3968
timedatestamp…..: 0x4aa72241 (Wed Sep 09 03:34:25 2009)
machinetype…….: 0x14c (I386)

name viradd virsiz rawdsiz ntrpy md5
.text 0×1000 0x19c720 0x19d000 6.66 3e882a17b12c010579566ad855d3eb0f
.data 0x19e000 0xe664 0×1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x1ad000 0x37c1d 0×38000 6.77 71725bba745f5d3fde9ced06721de930

Security researcher Dino Dai Zovi has had his hands in the Mac OS X security dirt for a long time. In fact, he says he has been using OS X since it was referred to as “the next step.”

It should come as no surprise then that his July 29 talk at the upcoming Black Hat security conference will be centered on the Mac. This time, he is bringing with him a proof-of-concept for a new type of Mac rootkit.

The Mac OS X kernel is a hybrid BSD and Mach kernel, he explained. It is the second half of this dual personality that he is interested in with his research, as his rootkit works by silently abusing traditional Mach remote procedure call facilities and inter-process communication.

Read the full story on:

http://securitywatch.eweek.com/rootkits/mac_security_researcher_to_reveal_rootkit_a_black_hat.html