Thnx to Xylitol for the name of the bot.
Contacts domains
details
“34324325kgkgfkgf.com”
“dsffdsk323721372131.com”
“fdshjfsh324332432.com”
“jdsiwiqweiqwyreqwi.com”
Runs shell commands
details
“cmd /c C:UsersPSPUBWSAppDataLocalTemp243765.bat” “C:38650f5c2beb183eaaba236d1b576c255a9be49af34db85705bed16d23ea11” on 2015-6-6.13:57:14.679
Dropped files
details
“UserInfo.dll” has type “PE32 executable (DLL) (GUI) Intel 80386, for MS Windows”
“17 The Notorious B.I.G. – Suicidal Thoughts.flac” has type “data”
“subtleties.dll” has type “PE32 executable (DLL) (GUI) Intel 80386, for MS Windows”
“243765.bat” has type “ASCII text, with CRLF, CR line terminators”
Checks on FTP client related files
details
“” opened file “C:Program FilesCommon FilesIpswitchWS_FTP” (DesiredAccess: 1048577, OpenOptions: 16417)
“” opened file “C:UsersPSPUBWSAppDataRoamingSmartFTP” (DesiredAccess: 1048577, OpenOptions: 16417)
“” opened file “C:ProgramDataSmartFTP” (DesiredAccess: 1048577, OpenOptions: 16417)
“” opened file “C:UsersPSPUBWSAppDataLocalSmartFTP” (DesiredAccess: 1048577, OpenOptions: 16417)
Anonymous - June 18, 2015 at 12:22 am
Here is someones exe i found believe latest betabot
hxxp://sunnyamk.com/9lv1WmQ3tYCyIrX-XNKOMguwadCYqoS-wePr3vLVmR08zgq-92W8B5DQRHlNwfX.exe do you have jabber that we can talk on since i find many daily. ?
Pig - June 20, 2015 at 7:45 pm
sure here is my jabber rotkari@jabber.calyxinstitute.org
Steven K - June 30, 2015 at 11:41 am
9lv1WmQ3tYCyIrX-XNKOMguwadCYqoS-wePr3vLVmR08zgq-92W8B5DQRHlNwfX.exe is Kasidet (aka Neutrino bot)