Trojan-Downloader.Win32.Banload(malware hosted in India Delhi Lala_madhoram_bhagwan_dass_chritable_society)

– DNS Queries:

envc.machcar.kr DNS_TYPE_A 222.24.94.15
vhosts.packmanbd.com DNS_TYPE_A 222.24.94.19 222.24.94.19

– HTTP Conversations:

222.24.94.15:80 – [envc.machcar.kr]
Request: POST /envc.php
Response: 200 “OK”
222.24.94.19:80 – [vhosts.packmanbd.com]
Request: GET /manual/vhosts.txt
Response: 200 “OK”

Url used to infect people:
http://pedofilia.warbe.org/id/noticias/g1.globo.com/pedofilia/2011/0-19384pastor-e-filmado-fazendo-sexo-oral-com-adolescente.php?0.82545

Direct download:
http://pedofilia.warbe.org/id/noticias/g1.globo.com/pedofilia/2011/videos-pedofilia-1039-pastor-fazendo-sexo-oral-com-adolescente-AVI.exe

Hosting infos:
http://whois.domaintools.com/122.160.131.225

Categories: Uncategorized