linux.xinhuamei.net(Malware Hosted in China Shenyang Chinanet Liaoning Province Network)

By Pig, January 13, 2016

linux.xinhuamei.net   DNS_TYPE_A   123.184.41.30

Malware installs as service,injects to iexplorer and does selfdelete : “C:WINDOWSsystem32cmd.exe” /c del C:a.exe > nul

Sample here : hxxp://www.xup.in/dl,17109295/a.7z/

Hosting Infos :
http://whois.domaintools.com/123.184.41.30

Categories: Uncategorized
Tags: