J2TEAM Security: A must-have extension for Chrome users. Install now!

Crimepack 3.1.3 Exploit kit Leaked, available for Download!

Crimepack 3.1.3 Exploit kit Leaked, available for Download! | Juno_okyo's Blog
1 min read
Crimepack 3.1.3 Exploit kit Leaked, available for Download! | Juno_okyo's Blog


Part 1: Java Exploit
As stated above, I focus on a malware that exploits a recent JRE vulnerability: CVE-2010-0840 to execute malicious files on a victim system. This malware comes inside a jar file, which contains the following two classes: Crimepack.class and KAVS.class.

Part 1.1: Crimepack.class
This class is the engine of the malware, it is obfuscated, but you can quickly strip off the obfuscation (my python beta tool is great…), once you get rid of the obfuscation you can see the following code:

Crimepack 3.1.3 Exploit kit Leaked, available for Download! | Juno_okyo's Blog


As always, we have an Applet that access to the data parameter, generates a random name for the exe payload that will be dropped in the system temp directory and then executed. So at this point as you can see we have nothing new, the above is a common Java downloader… but let’s scroll down:

Crimepack 3.1.3 Exploit kit Leaked, available for Download! | Juno_okyo's Blog


Above, we can see that the malware is creating a new instance of the KAVS class (description follows), in order to trigger the JRE vulnerability by using a call to the getValue() method (..snipped above..).
Part 1.2: KAVS.class
Here is the hand-crafted class, I say hand-crafted because such class cannot be compiled by using a standard compiler, so you have to edit the compiled class by editing the bytecode

Crimepack 3.1.3 Exploit kit Leaked, available for Download! | Juno_okyo's Blog

Part 2: PDF-generator on demand
The kit contains a nice php script that drops custom pdf on-demand, which means that you can have several mutations of the same piece of malware, by simply connecting to a malicious link.
Download Here : http://www.multiupload.com/3HGKHWMRS5
Leader at J2TEAM. Website: https://j2team.dev/

Bạn có thể thích những bài đăng này

  • [VIDEO] Thử nghiệm Slowloris+ với WebHunter 4.5 …
  • Download Link is at the bottom of this post ^_^ Home page: http://www.itsecteam.com/products/web-application-exploiter-wappex/ DOWNLOAD HERE : http://ge.tt…
  • Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from …
  • Tool tự code nhằm phục vụ mục đích phá ChangUonDyU của mình :)) Nay share cho anh em :) Chức năng: Lọc querry từ ChangUonDyU Chatbox để lấy data. Cá…
  • Đầu tiên các bạn vào diễn đàn cần lấy danh sách member. Vào đường dẫn theo dạng: http://www.domain.com/forum/memberlist.php (tức là thêm memberlist.php vào cuối link diễn đàn đó).…
  • Chức năng: Scan phiên bản của vBB. Hoạt động: Quét dựa vào mã nguồn/CSS/JS của vBB (lợi dụng các comment của vBulletin TeaM để đóng bản quyền). Download: http://www.me…

Đăng nhận xét

Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!