gohome.cathosting.ninja(IRC botnet hosted in Netherlands Roosendaal Nforce Entertainment B.v.)

By Pig, June 20, 2015

Thanks to the anonymous guy  who send me the executable.

Domains used from the botnet to connect to the server : gohome.cathosting.ninja
IRC connection : 188.209.49.76:6667

Files downloaded from the botnet :

URL: hxxp://sunnyamk.com/biox.exe
URL: hxxp://sunnyamk.com/11111111111111111111111111111111111111111.exe
URL: hxxp://sunnyamk.com/qVQLzrpnA7D1X3KwCPse4y00hP6aHIXyiQiyyhlX.exe

All Domains :

Domain Address Country
www.sunnyamk.com 188.209.49.76 Romania
sunnyamk.com 188.209.49.76 Romania
gohome.cathosting.ninja 188.209.49.76 Romania

Samples here.

More on video

http://postimg.org/image/whd5v4zhh/

Categories: Uncategorized