Domains used to control bots:
crioamazonas.ru not active
cuzcoxxx.ru 173.224.219.197 port 6068 irc server
hisexoxxx.ru not active
mlrioamazonas.ru not active
rioamazonas.ru not active
sexoxxx.ru not active
sfsexoxxx.ru not active
u can find channels or more by checking the sample
hosting infos:
http://whois.domaintools.com/173.224.219.197
Anonymous - June 14, 2012 at 4:47 am
[quote='Cryptographic HF']
This is a beta test and you are being pm cause I would like you to beta test my crypter and tell me how you like it. After 2 weeks of
using the crypter the beta test will be over and I would appricate
it if you could fill out a short servey which will be handed out at
the closing of the beta test. The download is listed below.
Thank You,
Cryptographic HF
Divine crypter Download:
http://localhostr.com/files/GuNIJVk/Divine%20Crypter.exe
[/quote]
that is from hackfroums has been pmed to many members.
Pig - June 14, 2012 at 6:02 pm
3 files are droped and theyre both malwares
look in current user folder==>currentApplication Data 3 files inside betamoniter.exe,winlogin.exe,594374.exe
i supose u allready know how to run malwares into virtual machines
have fun
Pig - June 14, 2012 at 6:30 pm
betamoniter.exe is blackshades and conects to Remote Host Port Number
blackshades.ru 8080
Anonymous - June 14, 2012 at 6:44 pm
http://swazers.com/ <– Spyeye
http://timeserv.in/Panel/Panel <— Umbra Loader