Recently aaSSfxxx posted an interesting file on kernelmode
a POS malware loaded via Andromeda according to him.
I've asked him to write something so i will not explain you the life about how this malware work, have a look here: http://aassfxxx.infos.st/article21/pos-malware-ram-scrapper
But like i've told him on comment... root the fucker !
The bad guys run a windows server, track2 are sent on it (or shits grabbed, i've not reversed the exe so i don't know what is grabbed actually)
have to thanks him for the bad configuration who allow you to enable xp_cmdshell (LOL)
No more IIS please
They even use cracked app:
Not related but also fun (cf: @MalwareScene):
And finally... another idiot leaving stuff, including the latest panel of Citadel.