Resolved seattleschools.co to 168.144.32.16 Server: seattleschools.co Gate file: /beta/order.php Another betabot from this commentor. There is a umbra loader panel at hxxp://seattleschools.co/panel/Panel/ No sample again. Hosting infos: http://whois.domaintools.com/168.144.32.16
199.127.102.218(Umbra Loader hosted in United States Miami Avesta Networks Llc)
Panel here: hxxp://199.127.102.218/handy/beta/Panel/Panel/ stub here: hxxp://199.127.102.218/handy/beta/Bot/stub/ Builder: hxxp://199.127.102.218/handy/UMBRA_LOADER_1.2.0.RAR usb spread plugin: hxxp://199.127.102.218/handy/beta/Bot/Plugins/usbspreader.umbplg hosting infos: http://whois.domaintools.com/199.127.102.218
freetop.mobi(Umbra Loader hosted in United States Fredericksburg Singlehop Inc)
Umbra Loader Panel: http://www.freetop.mobi/en/panel/Panel/ Vertexnet Loader Panel: http://mymobilewap.info/utube/bot/ Traffic – by DNS: mymobilewap.info 69.175.127.82 www.freetop.mobi 69.175.127.82 Traffic – by TCP/IP Connections: 69.175.127.82 80 Traffic – by URL: URL mymobilewap.info/utube/stel.exe mymobilewap.info/utube/server.exe www.freetop.mobi/en/panel/Panel/bot.php u can find more executables here: mymobilewap.info/utube/ Analysis results: http://www.xandora.net/xangui/malware/view/b455957506ffa7202211e7c74ecdd7bb hosting infos: http://whois.domaintools.com/69.175.127.82