n39rfiuewh9uihc.org(Bredolab hosted in Russian Federation St. Petersburg Petersburg Internet Network Ltd)

By Pig, February 18, 2012

Registry Change
The following Registry Keys were changed
Action Registry
Changed [NTUSER/Software/Microsoft/Internet Explorer/Main/Default Feeds]
Changed [NTUSER/Software/Microsoft/Internet Explorer/PhishingFilter]
Changed [NTUSER/Software/Microsoft/Internet Explorer/Recovery]

Traffic – by DNS:
n39rfiuewh9uihc.org 146.185.242.131

Traffic – by TCP/IP Connections:
146.185.242.131 80

Traffic – by URL:
URL
n39rfiuewh9uihc.org/G0X7Z3vtzdpVPR4sBFa95jxTSQYAD82f.tiff
n39rfiuewh9uihc.org/tBKNvbQpVYCDRSGmck4nxAaWhX.bmp

xandora results here:
http://www.xandora.net/xangui/malware/view/692cfa2313899607124752a9f8d88b6d

hosting infos:
http://whois.domaintools.com/146.185.242.131

Categories: Uncategorized

Tags: Bredolab

Previous postfreetop.mobi(Umbra Loader hosted in United States Fredericksburg Singlehop Inc)

Next postmicolosoft.in(Trojan-Ransom.Winlock hosted in United States Scranton Network Operations Center Inc)