anonproducts.info(Loader hosted in Germany Frankfurt Leaseweb Germany Gmbh)

Another post from same guy here http://www.exposedbotnets.com/2012/04/webethugsinsomnia-bot-hosted-in.html

Samples here:
http://www.mediafire.com/?f25869md9bv3q9d password: virus

Control Panel:

Control Panel Url http://anonproducts.info/xx/

Loader.exe is a .net http bot, that connects to global-carding.ru/gate.php. Used for ddosing and loading malware (mainly RATS). Most files to be installed are loaded from webcamchat4free.in.
Packet captures of it in action http://www.mediafire.com/?t8obhi8jttvh1l5

Credits to our anonymous friend for this

Hosting infos:
http://whois.domaintools.com/212.95.43.243

Categories: Uncategorized

4 Comments

Anonymous - April 22, 2012 at 5:32 pm

Someone was trying to load ngrbots from it.
https://www.virustotal.com/file/ccecd94042e8c0e18b1c4000cecfc9f7fbd4068b3f0eaafba2d7469f0b24afa1/analysis/1335114222/
Not sure if it was the guy who owned it or someone who saw it here

Pig - April 22, 2012 at 5:42 pm

if u have the exe file upload it and post it here

Anonymous - April 23, 2012 at 2:37 am

Here it is. http://www.mediafire.com/?uqng8gtlq5f4blc
Password is virus.

Anonymous - April 26, 2012 at 2:58 pm

global-carding.ru is a seeq botnet, which is a n0ise mod. I probably should have guessed once I saw the panel and that it was c#.

Comments are closed