queerbag.com(Andromeda Bot hosted in France Paris Ovh Systems)

Samples are provided from this anonymous guy in this post http://www.exposedbotnets.com/2012/04/img196-imageshackushttp-malware-hosted.html

Resolved : [queerbag.com] To [188.165.212.101]

Control panel here http://queerbag.com/jow1z/ u ned user:pass to login
2 exe samples are in this directory http://queerbag.com/bot/
ourbot.exe conects to port 8000 tcp

UPDATE:
There is another domain name user from this file
Resolved : [ugnazi.com] To [176.31.237.84]
here u will find greeting from ugnazi group with adolf’s picture
http://ugnazi.com/jow1z/
ps ugnazi=uglynazi lol

hosting infos:
http://whois.domaintools.com/188.165.212.101

Categories: Uncategorized

Previous postaaa1adasadasda444.net(Andromeda http Bot hosted in Czech Republic Prague Casablanca Int)

Next postvps.modtech360.info(ngrBot hosted in Netherlands Amsterdam Snel Internet Services B.v)

11 Comments

Anonymous - April 30, 2012 at 12:46 am

Found another

http://iamthegodmotherfucker.queerbag.com/DUNKNIDONATSNINININ/botz.exe

rooted his server.

Anonymous - April 30, 2012 at 12:55 am

found –

http://www.sendspace.com/file/r632wp

http://www.sendspace.com/delete/r632wp/ab90b1712afade4dcd5807367c71d1f1

Anonymous - April 30, 2012 at 1:38 am

Keeping you up to date on the ircs of mystical.
vps.modtech360.info:6664 #Boss
http://dl.dropbox.com/u/74786330/mysticca.exe

Anonymous - April 30, 2012 at 2:28 am

Posting some weird http bot. Connects to http://liilli.in. Also seems to hammer google with blank http requests. Don't know why.
Other domain (exact same weird shit on it) http://tonkman.w2c.ru/
http://www.mediafire.com/?02m898oxdjhj4xw

Anonymous - April 30, 2012 at 2:49 am

New ircbot jessieandthetoyboys.com.br/cc_aryan_4-27.exe
Connects to yaboyyoshi.info:5500 or 6969 pass: none #aryan# none
All this bitcoin mining. It's out of control

Anonymous - April 30, 2012 at 9:44 pm

Hey, i see that you are having fun with my andros and ircs lol :).

Pig - April 30, 2012 at 9:54 pm

sure u are helping alot and i apreciate your work and help
feel free to post here anything u find irc bot samples,http malwares,p2p worms etc

Anonymous - May 2, 2012 at 8:57 pm

Hey i though you would like to take a look at the new http bot on the market here is a bin of it have fun.
http://www.sendspace.com/file/v0rpqb
http://www.sendspace.com/delete/v0rpqb/8a394e0eea820c852c8e2ffb26685f4c

Pig - May 2, 2012 at 9:29 pm

sure i m checking this now lol

Pig - May 2, 2012 at 10:30 pm

what's the name of this http bot ?
i found files downloaded and fake google chrome installed in the system from this sample

Anonymous - August 11, 2012 at 10:02 am

Andromeda v2