bitcoinglobalbanking.com (Betabot http botnet hosted by leaseweb.com)

By I_Post_Ur_Info, August 9, 2013

Resolved bitcoinglobalbanking.com to 82.192.92.5

Server: bitcoinglobalbanking.com
Gate file: /b/order.php

Alternate domain: bitcointradingdepot.com

This botnet wasn’t actually mining bitcoins when I checked it. I’m very surprised.

Hosting infos: http://whois.domaintools.com/82.192.92.5

Related md5s (search on malwr.com to download the samples):
Beta bot bbfdbd53810751401b720641687a6116

EDIT: It finally started bitcoin mining

Mining infos:
macromedia.exe” -a scrypt -o http://mine.pool-x.eu:8080 -u jc2244.cr -p dododo -g no -t 8
Shell.exe” -a sha256 -o eu.triplemining.com:8344 -u j2244_cr -p cheese -t 0 -I 1

A blackshades exe hosted on the server points to jc2244bs.no-ip.biz, which currently points to 64.139.247.103, a residential IP.

EDIT: He has a new version using the same domains with a new gate location.
New gate file: /swedftmfp/order.php

New md5: 316c434e77df2976934f574db68ce257

Categories: Uncategorized

Tags: beta botBitcoin Miner Botnet

Previous postEpicBot v1.0 by h22turbo(hosted in United Kingdom Derby Webfusion Internet Solutions)

Next postthebankslife.no-ip.biz (Athena irc botnet hosted by shellxnet.com)

sinsec.net (Betabot http botnet hosted by alibabahost.com)

api.wifi-update.biz (Betabot http botnet hosted by oneandone.net)

frizzcams.com (Betabot http botnet hosted by Balticservers.com)