64.56.64.29(ngr botnet hosted in United States Los Angeles Perfect International In)

By Pig, December 14, 2012

server: 64.56.64.29:1887
server: 174.37.172.71:1887
server: 184.172.60.181:1887
server: 5.153.6.203 TCP:1887
Server Password:
Username: hxfyijc
Nickname: n{DE|XPa}hxfyijc
Channel: #pool (Password: leonis)
Cannel:#r3
Channeltopic: :~pu hxxp://hotfile.com/dl/184384511/5b0f4b2/omaigato.exe 765cce9dee5448f58d9e798d91dbf809 ~s -o ~s

find more infos about the owner and domains searching for 1887 in this blog

downloaded samples:
hxxp://199.7.177.244/dl/184384734/6e6cd1d/all.exe==>downloads these links:hxxp://80.86.83.93/index (2musicaonline.com)
hxxp://80.86.83.93/Emo-Screamo/ (2musicaonline.com)
hxxp://hotfile.com/dl/184299133/b91a140/8346g527rg239gth34t24t.html
thanks to aLiSs the turkish kebap for submiting samples

hosting infos:
http://whois.domaintools.com/64.56.64.29

Categories: Uncategorized

Tags: ngrBot

Previous postimg197-imageshack.info (Andromeda http botnet and Spyeye banking malware hosted by ecatel.net)

Next posthoney.punked.us (Andromeda http botnet hosted by kimsufi.com

1 Comment

Anonymous - December 15, 2012 at 10:26 am

Hahaha lmfao at this

thanks to aLiSs the turkish kebap for submiting samples

Selam to ali

dd.sult4n.net(ngrBot hosted in United States Chicago Steadfast Networks)

178.86.23.225(ngrBot hosted in Ukraine Odessa Tehnologii Budushego Llc)

t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)

1 Comment

Anonymous - December 15, 2012 at 10:26 am

Comments are closed