Posted February 13, 20214 yr Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net. The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives: EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb Contains 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4 also a file named 'gp' who seem a config file. emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 Contains emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384 Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 and card templates for the software. emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7 Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584 EMVStudio version 1.1.3. ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b ShadeStudio version 1.0 Telegram: @ShadeStudio Looks a lot like EMV Studio. ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a ARQC TOOL PLUS, version 1.0, skin windowsXP style. telegram: BreezyDumps mail: ceobreezy13@protonmail.com Looks a lot like EMV Studio. %TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645 ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A. Telegram: BreezyDumps Mail: ceobreezy13@protonmail.com Looks a lot like EMV Studio. emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e Bundled file with malware ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b Bundled file with malware emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302 EMVStudio version 1.1.3, seem a cracked version. emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297 EMVStudio version 1.1.3, seem a cracked version. emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a EMVStudio version 1.1.3, seem a cracked version. --- EXE contained in the above archives: %HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4 Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb) EMVStudio Trial v1.0. %HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7 EMVStudio v1.1.1 emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384 Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 EMVStudio v1.1.2 After some more research: Software matrix matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660 Don't ask me how it works. B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867 Contains a lot of stuff, older versions too. As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it. Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657) Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar': X2 Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e Contains sub-archives with many files, *infected* X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7 Bundled with malware X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867 X2 Gold, Bundled with malware B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) -> https://github.com/sigma/globalplatform/tree/master/gpshell GlobalPlatform is a standard for the management of the contents on a smart card. GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be So.. what if we look directly for GPShell.exe? We come across many archives (100+) we should expect to get X2 and cie. Quote Scanned Detections Type Name 2015-03-03 2015-03-03 20:38:15 RAR gpshell.rar 2014-12-13 2014-12-13 21:06:03 ZIP RB 4.0.zip 2015-07-25 2015-07-25 07:11:17 RAR chip RB 5.rar 2016-07-07 2016-07-07 07:52:12 RAR recurso.rar 2015-07-29 2015-07-29 19:46:49 ZIP rb5 - Copy.zip 2015-10-10 2015-10-10 10:42:11 ZIP Pen Rapaz1.zip 2015-07-03 2015-07-03 01:31:33 RAR GPShell.rar 2018-11-18 2018-11-18 15:55:27 ZIP chipset-full.zip 2015-07-03 2015-07-03 01:30:07 RAR chip to EMV (7).rar 2020-06-06 2020-06-06 08:41:23 RAR RB.rar 2016-01-06 2016-01-06 22:24:20 RAR cchipset2.0.rar 2016-03-08 2016-03-08 02:25:48 RAR chipset_v3.rar 2015-12-11 2015-12-11 16:40:01 ZIP Conversor EMV chip tools.zip 2017-11-25 2017-11-25 20:32:51 RAR Chipso.rar 2015-07-11 2015-07-11 17:59:47 RAR AMEX.rar 2019-03-08 2019-03-08 11:33:51 ZIP GPShell-1.4.4.zip 2015-07-20 2015-07-20 07:58:36 RAR last.rar 2014-11-05 2014-11-05 23:26:39 RAR BURN.rar 2015-11-22 2015-11-22 12:07:56 ZIP Conversor EMV chip tools.zip 2015-11-03 2015-11-03 14:49:52 ZIP Nova pasta (4).zip 2016-05-25 2016-05-25 11:00:36 ZIP c-set.zip 2018-03-31 2018-03-31 07:54:13 RAR c:\recurso.rar 2015-07-25 2015-07-25 18:43:56 ZIP rb5.0.zip 2016-05-26 2016-05-26 18:33:54 ZIP Chipset V2 Cracked.zip 2015-03-10 2015-03-10 02:47:29 RAR CHANGER.rar 2017-04-23 2017-04-23 09:34:35 Win32 EXE GPShell.exe 2015-01-27 2015-01-27 15:46:20 RAR Gravador Caixa.rar 2017-03-02 2017-03-02 23:40:54 RAR Pack - Especial de 2K Tazaah.rar 2015-08-26 2015-08-26 01:21:29 7ZIP C:\Users\hp\Downloads\Files MSR2006.7z 2016-02-27 2016-02-27 16:24:07 ZIP softuri.zip 2016-03-21 2016-03-21 01:22:55 ZIP script debit (2).zip 2016-07-11 2016-07-11 17:10:36 RAR Chip.rar 2014-12-12 2014-12-12 19:07:15 ZIP Bradesco_Express_1.0.zip 2015-09-19 2015-09-19 18:31:21 ZIP chp.zip 2015-07-22 2015-07-22 15:02:12 ZIP engine.zip 2015-03-03 2015-03-03 15:40:09 ZIP CODEX_bY_CODEX.zip 2015-08-03 2015-08-03 05:03:28 RAR Debito-Cx.rar 2015-12-03 2015-12-03 08:04:11 ZIP Track2ChipARQC.zip 2016-02-13 2016-02-13 00:32:03 RAR EMV Writer.rar 2015-11-30 2015-11-30 10:38:23 JAR /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file 2016-11-08 2016-11-08 14:10:53 ZIP ChipSoft.zip 2016-05-22 2016-05-22 04:55:27 RAR FLAMIGO.rar 2016-02-20 2016-02-20 12:21:49 RAR /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file 2016-02-10 2016-02-10 15:45:17 RAR EMV_Stuff_EMV2016.rar 2015-08-27 2015-08-27 20:57:09 ZIP R.B. 6.0.zip 2015-06-06 2015-06-06 17:29:46 RAR Codex.rar 2019-12-12 2019-12-12 01:46:33 ZIP emv.zip 2015-09-28 2015-09-28 20:31:26 RAR R.B6.0.rar 2016-05-17 2016-05-17 19:42:33 RAR Debito X.rar 2015-10-10 2015-10-10 19:07:09 RAR CODE BB betooooo.rar 2017-03-01 2017-03-01 11:02:06 RAR R.B. 6.0.rar 2015-11-28 2015-11-28 04:23:45 RAR ChipSET.rar 2016-02-02 2016-02-02 17:52:35 RAR EMV CHIP.rar 2016-03-14 2016-03-14 07:33:18 ZIP CARDING_EMV.zip 2014-11-21 2014-11-21 21:20:34 ZIP EMV.zip 2015-12-03 2015-12-03 10:25:04 ZIP chipset2.0.zip 2016-05-09 2016-05-09 19:42:42 RAR GPShell.rar 2015-07-22 2015-07-22 22:08:58 ZIP R.B 4.0.zip 2015-03-03 2015-03-03 15:41:07 RAR GPShell.rar 2020-06-10 2020-06-10 01:43:58 7ZIP B.R. Smart Card Writer.7z 2016-03-11 2016-03-11 23:41:44 RAR R B-5.rar 2016-01-31 2016-01-31 05:00:59 RAR CODEX bY CODEX BRANCO.rar 2016-05-26 2016-05-26 18:39:29 RAR ChipSET.rar 2016-07-11 2016-07-11 06:43:24 RAR FLAMIGO.rar 2016-03-14 2016-03-14 02:14:39 RAR Conversor EMV chip tools.rar 2017-02-24 2017-02-24 03:41:20 ZIP EMV_encode.zip 2017-07-14 2017-07-14 19:17:34 ZIP RBXI.zip 2020-09-22 2020-09-22 06:39:06 Win32 EXE EMV ReaderWriter v8.6.exe 2017-03-12 2017-03-12 13:27:49 RAR GPShellCHANGER.rar 2020-06-09 2020-06-09 03:35:34 Win32 EXE RB 4.0 3.exe 2017-03-14 2017-03-14 17:02:50 RAR codex gp shell e mais cabeças.rar 2020-09-24 2020-09-24 16:15:18 Win32 EXE braemvxox.exe 2017-05-05 2017-05-05 16:42:45 RAR Dr.Heisenberg? ?? RB4??.rar 2019-07-22 2019-07-22 21:36:30 Win32 EXE EMV ReaderWriter v8.6.exe 2017-05-16 2017-05-16 00:47:06 RAR EMVToolslite.rar 2017-05-21 2017-05-21 14:10:59 ZIP EMV Software.zip 2017-05-21 2017-05-21 18:10:09 ZIP RB 4.0.zip 2017-05-21 2017-05-21 18:14:21 ZIP CHIPSET V 3.7.zip 2017-06-27 2017-06-27 19:55:59 RAR CHIPSET V 3.7.rar 2017-07-14 2017-07-14 15:34:02 ZIP X2 5.1 FULL VERSION - Whatsmy1name.zip 2017-07-15 2017-07-15 05:28:21 ZIP CODEXULTIMO.zip 2017-11-08 2017-11-08 22:46:44 RAR PACK CARDER PRO-By TalesHacking.rar 2020-11-25 2020-11-25 02:28:30 Win32 EXE 433dfe593fad09f50e88d22b039f8f80.virobj 2018-09-06 2018-09-06 22:52:07 Win32 EXE 8d62e6bef8820d5f36233f33f6dbcfd0.virobj 2017-11-25 2017-11-25 20:20:29 ZIP X2 certified software.zip 2018-02-27 2018-02-27 06:03:47 ZIP emvMX.zip 2017-09-29 2017-09-29 15:50:34 RAR EMV 10.0.rar 2017-10-09 2017-10-09 04:39:42 RAR CODEX BB.rar 2017-11-10 2017-11-10 00:41:46 Win32 EXE Y:\_Pro\EMV_enc.exe 2017-10-17 2017-10-17 19:30:07 RAR /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file 2017-12-30 2017-12-30 10:28:11 ZIP EMVTRACK2CHIP SOFTWARES LATEST (2).zip 2017-12-30 2017-12-30 18:00:25 ZIP Attachments-chipset.zip 2018-01-07 2018-01-07 14:52:55 ZIP Attachments-chipset.zip 2018-01-08 2018-01-08 18:17:39 ZIP emvMX.zip 2018-01-18 2018-01-18 17:11:13 RAR GpShell.rar 2020-05-28 2020-05-28 22:37:01 ZIP Emv Beta.zip 2016-06-25 2016-06-25 22:59:57 RAR Chipset.rar 2016-06-26 2016-06-26 13:28:35 RAR RB4.rar 2017-01-12 2017-01-12 02:03:05 RAR EMV Writer.rar 2016-07-13 2016-07-13 20:29:35 RAR ICCARD FOR MCR200 10 (1).rar Randomly: EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290 Contains a soft pack: codex-by-codex: basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5 Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786 infected also with W32/Neshta-A. Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b infected also with W32/Neshta-A. Version without neshta: 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e Edited version of 'jcophiro': Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c exfiltrate also datas🙂 jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08 exfiltrate also datas 🙂 SmartCard GoldMetal: new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e 3D files of skimmers (lmao, what's up with that in the archive) dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5 new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68 new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7 N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa X1 x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f Toronto (A renamed version of x1, protected by password) here you will have also one jumpy boy to patch. TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56! One last random archive for fun: chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2: Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880 Voila, u da carder now. What if we go on youtube, and looks in comments inside emv software videos?: lol, seem legit. Conclusion on this afternoon wasted looking for useless stuff: Lots of lamers, and for some reason there are quite a few Castilians. Carders like to do reshacking to rebrand smart-card reading/writing software Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe. edit: just ran across a bigass zip: EMV SOFTWARE.rar - 48b204bd7d264459660054272b881fdf7847c6100c4bcb3a5dfee1603aeac59f (593.56 MB) x2: 76d11132b4ec7cabbbf1c674d2f52ad2b54ab71bc0567923af686be470fdcff3 ChipSetv1.4: 4725c1a75d4d348299319815a073b141e22bff0ef1ace32f754f4e2946908ef4 *infected* EMV Break: 01111732e37631bb4da3c3056fe5d750743730532a63bcdd061a2c1c5160b023 *infected* Matrix: 5d00faaccc0e9a7c3fc1eb16266f33a5c1e99b870e7454c47f42305e2cdfc564 *user: admin, pass: ewqdsacxz* NFC&EMV Tool: 7f12b489b041ce920bc92cd95cee238a875f8fb9771942adf2d476c2e2d4fda0 R.B. 6.0: 4d02db9e8e4b83665b5bb4b6ad959478d81260706c9a57d68fa44c6b17e2264f EMV Reader Writer Software V8: dc32698c13de42e87913c6d90939186a56ca4586e0397df52ed85e47443ceef4 X1 4.1: 2b924e13e705ecf9ea9199c6011dc4bd1d9160bffd1d6db0e5b0e0f40c01f47c X1 v5: 6f24acf9a3ed15b5ef034460850679d7e9df1233386a36fc0a4b787844ee2e2e X2A: da012c9b8ceceada9eb4db6b2de253cba1b2612ff5dc38c76ab0fd3784fc9640 X2G: 7dca48a66fa1cb27b1bb12b72d2de27580993f71b463bf472fc5e22cc4e15e32 Edited February 14, 20214 yr by Xyl2k
February 21, 20214 yr Author built a small list this weekend of emv softwares who got developed by carders/for fraud purpose: https://github.com/Xyl2k/EMV-Softwares-malware-list it's over 100 hashs.
April 7, 20214 yr Author no channel, just a guy and insignificant as it's just my own research after a chittalk.
May 4, 20214 yr Author At first it was just about one harmful program, but the more i digged the more i found these, in the end i ended-up building a list with corresponding hashes and what does they looks like. one can datamine the files to build a landscape, find similarities, dates, graph the thing, find more, etc.. i haven't yet tried to do it. kinda what i did for global atm malware wall with http://atm.cybercrime-tracker.net/
January 29, 20223 yr On 2/13/2021 at 10:19 PM, Xyl2k said: Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net. The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives: EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb Contains 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4 also a file named 'gp' who seem a config file. emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 Contains emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384 Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 and card templates for the software. emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7 Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584 EMVStudio version 1.1.3. ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b ShadeStudio version 1.0 Telegram: @ShadeStudio Looks a lot like EMV Studio. ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a ARQC TOOL PLUS, version 1.0, skin windowsXP style. telegram: BreezyDumps mail: ceobreezy13@protonmail.com Looks a lot like EMV Studio. %TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645 ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A. Telegram: BreezyDumps Mail: ceobreezy13@protonmail.com Looks a lot like EMV Studio. emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e Bundled file with malware ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b Bundled file with malware emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302 EMVStudio version 1.1.3, seem a cracked version. emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297 EMVStudio version 1.1.3, seem a cracked version. emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a EMVStudio version 1.1.3, seem a cracked version. --- EXE contained in the above archives: %HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4 Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb) EMVStudio Trial v1.0. %HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7 EMVStudio v1.1.1 emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384 Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6 EMVStudio v1.1.2 After some more research: Software matrix matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660 Don't ask me how it works. B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867 Contains a lot of stuff, older versions too. As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it. Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657) Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar': X2 Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e Contains sub-archives with many files, *infected* X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7 Bundled with malware X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867 X2 Gold, Bundled with malware B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) -> https://github.com/sigma/globalplatform/tree/master/gpshell GlobalPlatform is a standard for the management of the contents on a smart card. GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be So.. what if we look directly for GPShell.exe? We come across many archives (100+) we should expect to get X2 and cie. Randomly: EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290 Contains a soft pack: codex-by-codex: basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5 Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786 infected also with W32/Neshta-A. Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b infected also with W32/Neshta-A. Version without neshta: 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e Edited version of 'jcophiro': Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c exfiltrate also datas🙂 jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08 exfiltrate also datas 🙂 SmartCard GoldMetal: new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e 3D files of skimmers (lmao, what's up with that in the archive) dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5 new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68 new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7 N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa X1 x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f Toronto (A renamed version of x1, protected by password) here you will have also one jumpy boy to patch. TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56! One last random archive for fun: chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2: Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880 Voila, u da carder now. What if we go on youtube, and looks in comments inside emv software videos?: lol, seem legit. Conclusion on this afternoon wasted looking for useless stuff: Lots of lamers, and for some reason there are quite a few Castilians. Carders like to do reshacking to rebrand smart-card reading/writing software Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe. edit: just ran across a bigass zip: EMV SOFTWARE.rar - 48b204bd7d264459660054272b881fdf7847c6100c4bcb3a5dfee1603aeac59f (593.56 MB) x2: 76d11132b4ec7cabbbf1c674d2f52ad2b54ab71bc0567923af686be470fdcff3 ChipSetv1.4: 4725c1a75d4d348299319815a073b141e22bff0ef1ace32f754f4e2946908ef4 *infected* EMV Break: 01111732e37631bb4da3c3056fe5d750743730532a63bcdd061a2c1c5160b023 *infected* Matrix: 5d00faaccc0e9a7c3fc1eb16266f33a5c1e99b870e7454c47f42305e2cdfc564 *user: admin, pass: ewqdsacxz* NFC&EMV Tool: 7f12b489b041ce920bc92cd95cee238a875f8fb9771942adf2d476c2e2d4fda0 R.B. 6.0: 4d02db9e8e4b83665b5bb4b6ad959478d81260706c9a57d68fa44c6b17e2264f EMV Reader Writer Software V8: dc32698c13de42e87913c6d90939186a56ca4586e0397df52ed85e47443ceef4 X1 4.1: 2b924e13e705ecf9ea9199c6011dc4bd1d9160bffd1d6db0e5b0e0f40c01f47c X1 v5: 6f24acf9a3ed15b5ef034460850679d7e9df1233386a36fc0a4b787844ee2e2e X2A: da012c9b8ceceada9eb4db6b2de253cba1b2612ff5dc38c76ab0fd3784fc9640 X2G: 7dca48a66fa1cb27b1bb12b72d2de27580993f71b463bf472fc5e22cc4e15e32
March 2, 20223 yr Hi, how do I download files in cybercrime? Thanks. But when I want to download. A window pops up that requires me to enter a user and password.
January 2, 20241 yr So not even a download link for us to check It too for what you talking about..?? 🤨
January 2, 20241 yr 8 hours ago, DELvEK said: So not even a download link for us to check It too for what you talking about..?? 🤨 You have all SHA-256 hashes [VirusTotal]
May 2, 20241 yr On 2/14/2021 at 4:19 AM, Xyl2k said: What if we go on youtube, and looks in comments inside emv software videos?: lol, seem legit. nah that's bot.
Create an account or sign in to comment