Xyl2k Posted February 13, 2021 Posted February 13, 2021 (edited) Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net. The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives: EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb Contains 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4 also a file named 'gp' who seem a config file. emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 Contains emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384 Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 and card templates for the software. emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7 Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584 EMVStudio version 1.1.3. ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b ShadeStudio version 1.0 Telegram: @ShadeStudio Looks a lot like EMV Studio. ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a ARQC TOOL PLUS, version 1.0, skin windowsXP style. telegram: BreezyDumps mail: ceobreezy13@protonmail.com Looks a lot like EMV Studio. %TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645 ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A. Telegram: BreezyDumps Mail: ceobreezy13@protonmail.com Looks a lot like EMV Studio. emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e Bundled file with malware ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b Bundled file with malware emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302 EMVStudio version 1.1.3, seem a cracked version. emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297 EMVStudio version 1.1.3, seem a cracked version. emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a EMVStudio version 1.1.3, seem a cracked version. --- EXE contained in the above archives: %HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4 Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb) EMVStudio Trial v1.0. %HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7 EMVStudio v1.1.1 emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384 Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 EMVStudio v1.1.2 After some more research: Software matrix matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660 Don't ask me how it works. B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867 Contains a lot of stuff, older versions too. As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it. Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657) Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar': X2 Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e Contains sub-archives with many files, *infected* X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7 Bundled with malware X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867 X2 Gold, Bundled with malware B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) -> https://github.com/sigma/globalplatform/tree/master/gpshell GlobalPlatform is a standard for the management of the contents on a smart card. GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be So.. what if we look directly for GPShell.exe? We come across many archives (100+) we should expect to get X2 and cie. Quote Scanned Detections Type Name 2015-03-03 2015-03-03 20:38:15 RAR gpshell.rar 2014-12-13 2014-12-13 21:06:03 ZIP RB 4.0.zip 2015-07-25 2015-07-25 07:11:17 RAR chip RB 5.rar 2016-07-07 2016-07-07 07:52:12 RAR recurso.rar 2015-07-29 2015-07-29 19:46:49 ZIP rb5 - Copy.zip 2015-10-10 2015-10-10 10:42:11 ZIP Pen Rapaz1.zip 2015-07-03 2015-07-03 01:31:33 RAR GPShell.rar 2018-11-18 2018-11-18 15:55:27 ZIP chipset-full.zip 2015-07-03 2015-07-03 01:30:07 RAR chip to EMV (7).rar 2020-06-06 2020-06-06 08:41:23 RAR RB.rar 2016-01-06 2016-01-06 22:24:20 RAR cchipset2.0.rar 2016-03-08 2016-03-08 02:25:48 RAR chipset_v3.rar 2015-12-11 2015-12-11 16:40:01 ZIP Conversor EMV chip tools.zip 2017-11-25 2017-11-25 20:32:51 RAR Chipso.rar 2015-07-11 2015-07-11 17:59:47 RAR AMEX.rar 2019-03-08 2019-03-08 11:33:51 ZIP GPShell-1.4.4.zip 2015-07-20 2015-07-20 07:58:36 RAR last.rar 2014-11-05 2014-11-05 23:26:39 RAR BURN.rar 2015-11-22 2015-11-22 12:07:56 ZIP Conversor EMV chip tools.zip 2015-11-03 2015-11-03 14:49:52 ZIP Nova pasta (4).zip 2016-05-25 2016-05-25 11:00:36 ZIP c-set.zip 2018-03-31 2018-03-31 07:54:13 RAR c:\recurso.rar 2015-07-25 2015-07-25 18:43:56 ZIP rb5.0.zip 2016-05-26 2016-05-26 18:33:54 ZIP Chipset V2 Cracked.zip 2015-03-10 2015-03-10 02:47:29 RAR CHANGER.rar 2017-04-23 2017-04-23 09:34:35 Win32 EXE GPShell.exe 2015-01-27 2015-01-27 15:46:20 RAR Gravador Caixa.rar 2017-03-02 2017-03-02 23:40:54 RAR Pack - Especial de 2K Tazaah.rar 2015-08-26 2015-08-26 01:21:29 7ZIP C:\Users\hp\Downloads\Files MSR2006.7z 2016-02-27 2016-02-27 16:24:07 ZIP softuri.zip 2016-03-21 2016-03-21 01:22:55 ZIP script debit (2).zip 2016-07-11 2016-07-11 17:10:36 RAR Chip.rar 2014-12-12 2014-12-12 19:07:15 ZIP Bradesco_Express_1.0.zip 2015-09-19 2015-09-19 18:31:21 ZIP chp.zip 2015-07-22 2015-07-22 15:02:12 ZIP engine.zip 2015-03-03 2015-03-03 15:40:09 ZIP CODEX_bY_CODEX.zip 2015-08-03 2015-08-03 05:03:28 RAR Debito-Cx.rar 2015-12-03 2015-12-03 08:04:11 ZIP Track2ChipARQC.zip 2016-02-13 2016-02-13 00:32:03 RAR EMV Writer.rar 2015-11-30 2015-11-30 10:38:23 JAR /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file 2016-11-08 2016-11-08 14:10:53 ZIP ChipSoft.zip 2016-05-22 2016-05-22 04:55:27 RAR FLAMIGO.rar 2016-02-20 2016-02-20 12:21:49 RAR /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file 2016-02-10 2016-02-10 15:45:17 RAR EMV_Stuff_EMV2016.rar 2015-08-27 2015-08-27 20:57:09 ZIP R.B. 6.0.zip 2015-06-06 2015-06-06 17:29:46 RAR Codex.rar 2019-12-12 2019-12-12 01:46:33 ZIP emv.zip 2015-09-28 2015-09-28 20:31:26 RAR R.B6.0.rar 2016-05-17 2016-05-17 19:42:33 RAR Debito X.rar 2015-10-10 2015-10-10 19:07:09 RAR CODE BB betooooo.rar 2017-03-01 2017-03-01 11:02:06 RAR R.B. 6.0.rar 2015-11-28 2015-11-28 04:23:45 RAR ChipSET.rar 2016-02-02 2016-02-02 17:52:35 RAR EMV CHIP.rar 2016-03-14 2016-03-14 07:33:18 ZIP CARDING_EMV.zip 2014-11-21 2014-11-21 21:20:34 ZIP EMV.zip 2015-12-03 2015-12-03 10:25:04 ZIP chipset2.0.zip 2016-05-09 2016-05-09 19:42:42 RAR GPShell.rar 2015-07-22 2015-07-22 22:08:58 ZIP R.B 4.0.zip 2015-03-03 2015-03-03 15:41:07 RAR GPShell.rar 2020-06-10 2020-06-10 01:43:58 7ZIP B.R. Smart Card Writer.7z 2016-03-11 2016-03-11 23:41:44 RAR R B-5.rar 2016-01-31 2016-01-31 05:00:59 RAR CODEX bY CODEX BRANCO.rar 2016-05-26 2016-05-26 18:39:29 RAR ChipSET.rar 2016-07-11 2016-07-11 06:43:24 RAR FLAMIGO.rar 2016-03-14 2016-03-14 02:14:39 RAR Conversor EMV chip tools.rar 2017-02-24 2017-02-24 03:41:20 ZIP EMV_encode.zip 2017-07-14 2017-07-14 19:17:34 ZIP RBXI.zip 2020-09-22 2020-09-22 06:39:06 Win32 EXE EMV ReaderWriter v8.6.exe 2017-03-12 2017-03-12 13:27:49 RAR GPShellCHANGER.rar 2020-06-09 2020-06-09 03:35:34 Win32 EXE RB 4.0 3.exe 2017-03-14 2017-03-14 17:02:50 RAR codex gp shell e mais cabeças.rar 2020-09-24 2020-09-24 16:15:18 Win32 EXE braemvxox.exe 2017-05-05 2017-05-05 16:42:45 RAR Dr.Heisenberg? ?? RB4??.rar 2019-07-22 2019-07-22 21:36:30 Win32 EXE EMV ReaderWriter v8.6.exe 2017-05-16 2017-05-16 00:47:06 RAR EMVToolslite.rar 2017-05-21 2017-05-21 14:10:59 ZIP EMV Software.zip 2017-05-21 2017-05-21 18:10:09 ZIP RB 4.0.zip 2017-05-21 2017-05-21 18:14:21 ZIP CHIPSET V 3.7.zip 2017-06-27 2017-06-27 19:55:59 RAR CHIPSET V 3.7.rar 2017-07-14 2017-07-14 15:34:02 ZIP X2 5.1 FULL VERSION - Whatsmy1name.zip 2017-07-15 2017-07-15 05:28:21 ZIP CODEXULTIMO.zip 2017-11-08 2017-11-08 22:46:44 RAR PACK CARDER PRO-By TalesHacking.rar 2020-11-25 2020-11-25 02:28:30 Win32 EXE 433dfe593fad09f50e88d22b039f8f80.virobj 2018-09-06 2018-09-06 22:52:07 Win32 EXE 8d62e6bef8820d5f36233f33f6dbcfd0.virobj 2017-11-25 2017-11-25 20:20:29 ZIP X2 certified software.zip 2018-02-27 2018-02-27 06:03:47 ZIP emvMX.zip 2017-09-29 2017-09-29 15:50:34 RAR EMV 10.0.rar 2017-10-09 2017-10-09 04:39:42 RAR CODEX BB.rar 2017-11-10 2017-11-10 00:41:46 Win32 EXE Y:\_Pro\EMV_enc.exe 2017-10-17 2017-10-17 19:30:07 RAR /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file 2017-12-30 2017-12-30 10:28:11 ZIP EMVTRACK2CHIP SOFTWARES LATEST (2).zip 2017-12-30 2017-12-30 18:00:25 ZIP Attachments-chipset.zip 2018-01-07 2018-01-07 14:52:55 ZIP Attachments-chipset.zip 2018-01-08 2018-01-08 18:17:39 ZIP emvMX.zip 2018-01-18 2018-01-18 17:11:13 RAR GpShell.rar 2020-05-28 2020-05-28 22:37:01 ZIP Emv Beta.zip 2016-06-25 2016-06-25 22:59:57 RAR Chipset.rar 2016-06-26 2016-06-26 13:28:35 RAR RB4.rar 2017-01-12 2017-01-12 02:03:05 RAR EMV Writer.rar 2016-07-13 2016-07-13 20:29:35 RAR ICCARD FOR MCR200 10 (1).rar Randomly: EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290 Contains a soft pack: codex-by-codex: basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5 Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786 infected also with W32/Neshta-A. Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b infected also with W32/Neshta-A. Version without neshta: 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e Edited version of 'jcophiro': Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c exfiltrate also datas🙂 jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08 exfiltrate also datas 🙂 SmartCard GoldMetal: new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e 3D files of skimmers (lmao, what's up with that in the archive) dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5 new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68 new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7 N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa X1 x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f Toronto (A renamed version of x1, protected by password) here you will have also one jumpy boy to patch. TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56! One last random archive for fun: chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2: Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880 Voila, u da carder now. What if we go on youtube, and looks in comments inside emv software videos?: lol, seem legit. Conclusion on this afternoon wasted looking for useless stuff: Lots of lamers, and for some reason there are quite a few Castilians. Carders like to do reshacking to rebrand smart-card reading/writing software Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe. edit: just ran across a bigass zip: EMV SOFTWARE.rar - 48b204bd7d264459660054272b881fdf7847c6100c4bcb3a5dfee1603aeac59f (593.56 MB) x2: 76d11132b4ec7cabbbf1c674d2f52ad2b54ab71bc0567923af686be470fdcff3 ChipSetv1.4: 4725c1a75d4d348299319815a073b141e22bff0ef1ace32f754f4e2946908ef4 *infected* EMV Break: 01111732e37631bb4da3c3056fe5d750743730532a63bcdd061a2c1c5160b023 *infected* Matrix: 5d00faaccc0e9a7c3fc1eb16266f33a5c1e99b870e7454c47f42305e2cdfc564 *user: admin, pass: ewqdsacxz* NFC&EMV Tool: 7f12b489b041ce920bc92cd95cee238a875f8fb9771942adf2d476c2e2d4fda0 R.B. 6.0: 4d02db9e8e4b83665b5bb4b6ad959478d81260706c9a57d68fa44c6b17e2264f EMV Reader Writer Software V8: dc32698c13de42e87913c6d90939186a56ca4586e0397df52ed85e47443ceef4 X1 4.1: 2b924e13e705ecf9ea9199c6011dc4bd1d9160bffd1d6db0e5b0e0f40c01f47c X1 v5: 6f24acf9a3ed15b5ef034460850679d7e9df1233386a36fc0a4b787844ee2e2e X2A: da012c9b8ceceada9eb4db6b2de253cba1b2612ff5dc38c76ab0fd3784fc9640 X2G: 7dca48a66fa1cb27b1bb12b72d2de27580993f71b463bf472fc5e22cc4e15e32 Edited February 14, 2021 by Xyl2k 1 1
Xyl2k Posted February 21, 2021 Author Posted February 21, 2021 built a small list this weekend of emv softwares who got developed by carders/for fraud purpose: https://github.com/Xyl2k/EMV-Softwares-malware-list it's over 100 hashs.
Gp06 Posted April 5, 2021 Posted April 5, 2021 Hii can you please tell me the telegraph channel name or telegram ID pls
Xyl2k Posted April 7, 2021 Author Posted April 7, 2021 no channel, just a guy and insignificant as it's just my own research after a chittalk.
HostageOfCode Posted May 4, 2021 Posted May 4, 2021 What is the point of this thread I don't understand?
Xyl2k Posted May 4, 2021 Author Posted May 4, 2021 At first it was just about one harmful program, but the more i digged the more i found these, in the end i ended-up building a list with corresponding hashes and what does they looks like. one can datamine the files to build a landscape, find similarities, dates, graph the thing, find more, etc.. i haven't yet tried to do it. kinda what i did for global atm malware wall with http://atm.cybercrime-tracker.net/
Albania2022 Posted January 29, 2022 Posted January 29, 2022 On 2/13/2021 at 10:19 PM, Xyl2k said: Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net. The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives: EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb Contains 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4 also a file named 'gp' who seem a config file. emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 Contains emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384 Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 and card templates for the software. emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7 Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584 EMVStudio version 1.1.3. ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b ShadeStudio version 1.0 Telegram: @ShadeStudio Looks a lot like EMV Studio. ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a ARQC TOOL PLUS, version 1.0, skin windowsXP style. telegram: BreezyDumps mail: ceobreezy13@protonmail.com Looks a lot like EMV Studio. %TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645 ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A. Telegram: BreezyDumps Mail: ceobreezy13@protonmail.com Looks a lot like EMV Studio. emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e Bundled file with malware ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b Bundled file with malware emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302 EMVStudio version 1.1.3, seem a cracked version. emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297 EMVStudio version 1.1.3, seem a cracked version. emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a EMVStudio version 1.1.3, seem a cracked version. --- EXE contained in the above archives: %HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4 Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb) EMVStudio Trial v1.0. %HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7 EMVStudio v1.1.1 emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384 Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 EMVStudio v1.1.2 After some more research: Software matrix matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660 Don't ask me how it works. B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867 Contains a lot of stuff, older versions too. As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it. Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657) Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar': X2 Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e Contains sub-archives with many files, *infected* X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7 Bundled with malware X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867 X2 Gold, Bundled with malware B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) -> https://github.com/sigma/globalplatform/tree/master/gpshell GlobalPlatform is a standard for the management of the contents on a smart card. GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be So.. what if we look directly for GPShell.exe? We come across many archives (100+) we should expect to get X2 and cie. Randomly: EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290 Contains a soft pack: codex-by-codex: basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5 Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786 infected also with W32/Neshta-A. Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b infected also with W32/Neshta-A. Version without neshta: 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e Edited version of 'jcophiro': Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c exfiltrate also datas🙂 jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08 exfiltrate also datas 🙂 SmartCard GoldMetal: new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e 3D files of skimmers (lmao, what's up with that in the archive) dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5 new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68 new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7 N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa X1 x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f Toronto (A renamed version of x1, protected by password) here you will have also one jumpy boy to patch. TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56! One last random archive for fun: chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2: Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880 Voila, u da carder now. What if we go on youtube, and looks in comments inside emv software videos?: lol, seem legit. Conclusion on this afternoon wasted looking for useless stuff: Lots of lamers, and for some reason there are quite a few Castilians. Carders like to do reshacking to rebrand smart-card reading/writing software Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe. edit: just ran across a bigass zip: EMV SOFTWARE.rar - 48b204bd7d264459660054272b881fdf7847c6100c4bcb3a5dfee1603aeac59f (593.56 MB) x2: 76d11132b4ec7cabbbf1c674d2f52ad2b54ab71bc0567923af686be470fdcff3 ChipSetv1.4: 4725c1a75d4d348299319815a073b141e22bff0ef1ace32f754f4e2946908ef4 *infected* EMV Break: 01111732e37631bb4da3c3056fe5d750743730532a63bcdd061a2c1c5160b023 *infected* Matrix: 5d00faaccc0e9a7c3fc1eb16266f33a5c1e99b870e7454c47f42305e2cdfc564 *user: admin, pass: ewqdsacxz* NFC&EMV Tool: 7f12b489b041ce920bc92cd95cee238a875f8fb9771942adf2d476c2e2d4fda0 R.B. 6.0: 4d02db9e8e4b83665b5bb4b6ad959478d81260706c9a57d68fa44c6b17e2264f EMV Reader Writer Software V8: dc32698c13de42e87913c6d90939186a56ca4586e0397df52ed85e47443ceef4 X1 4.1: 2b924e13e705ecf9ea9199c6011dc4bd1d9160bffd1d6db0e5b0e0f40c01f47c X1 v5: 6f24acf9a3ed15b5ef034460850679d7e9df1233386a36fc0a4b787844ee2e2e X2A: da012c9b8ceceada9eb4db6b2de253cba1b2612ff5dc38c76ab0fd3784fc9640 X2G: 7dca48a66fa1cb27b1bb12b72d2de27580993f71b463bf472fc5e22cc4e15e32
leo369 Posted March 2, 2022 Posted March 2, 2022 Hi, how do I download files in cybercrime? Thanks. But when I want to download. A window pops up that requires me to enter a user and password.
DELvEK Posted January 2 Posted January 2 So not even a download link for us to check It too for what you talking about..?? 🤨
MarcElBichon Posted January 2 Posted January 2 8 hours ago, DELvEK said: So not even a download link for us to check It too for what you talking about..?? 🤨 You have all SHA-256 hashes [VirusTotal]
Bang1338 Posted May 2 Posted May 2 On 2/14/2021 at 4:19 AM, Xyl2k said: What if we go on youtube, and looks in comments inside emv software videos?: lol, seem legit. nah that's bot.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now