www.istanbulnakliyecileri.com (Andromeda http botnet hosted by ozkula.com.tr)

By I_Post_Ur_Info, May 29, 2013

Resolved www.istanbulnakliyecileri.com to 37.247.108.48

Server: www.istanbulnakliyecileri.com
Gate file: /firmalar/and/image.php

Plugins
Rootkit: hxxp://www.istanbulnakliyecileri.com/firmalar/and/r.pack
Socks: hxxp://www.istanbulnakliyecileri.com/firmalar/and/s.pack
Formgrabber: hxxp://www.istanbulnakliyecileri.com/firmalar/and/f.pack
Gate file: hxxp://www.istanbulnakliyecileri.com/firmalar/and/fg.php

This appears to be hosted on a hacked site.

Hosting infos: http://whois.domaintools.com/37.247.108.48

Related md5s (search on malwr.com to download the samples):
8709c21be7d72c8ec8aaaa55ccc64b84

Categories: Uncategorized

Tags: Andromeda Bot

Previous postrunawaswarm.ru (Ice 9 banking malware hosted by hc.ru)

Next postx.e1b2.org (ngrBot irc botnet hosted by namecheap.com)

shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)

xylox.su (Betabot and Andromeda http botnets hosted by Panamaserver.com)

scum1904life.com (Andromeda http botnet hosted by 2×4.ru)