update.cygo.net(trojan clicker hosted in Korea, Republic Of Seoul Thrunet Co. Ltd)

By Pig, April 6, 2011

update.cygo.net 211.110.16.132

Outgoing connection to remote server: update.cygo.net TCP port 80

Network Activity – DNS Queries:

Name Query Type Query Result Successful Protocol
partner.cygo.net DNS_TYPE_A 211.110.16.132 211.110.16.134 1 udp

– HTTP Conversations:

From ANUBIS:1033 to 211.110.16.134:80 – [update.cygo.net]
Request: GET /csrssp.dll
Response: 200 “OK”
From ANUBIS:1034 to 211.110.16.132:80 – [partner.cygo.net]
Request: POST /check.php
Response: 200 “OK”

files downloaded from the trojan:
csrssp.dll (40 KB)
download:
http://89b43b47.filesonthe.net

csrssp.zip (249 KB)
download:
http://48caa1a1.miniurls.co

msmon.zip (229 KB)
download:
http://f6e9f5c6.goneviral.com

msservice.zip (229 KB)
download:
http://www.multiupload.com/NHOETH6668

Categories: Uncategorized

Previous postbiofaction.no-ip.biz(rat user from Miami United States Miami Beach Mia Adsl Cbb)

Next posthdpta2020.no-ip.info(porn trojan hosted in United States Woodstock Fdcservers.net)