Malware Domain List

Malware Related => Malicious Domains => Topic started by: berzerke on October 15, 2013, 03:48:44 pm

Title: Spam Attachments
Post by: berzerke on October 15, 2013, 03:48:44 pm
First post. I do use your lists and would like to give back. If there's a better way to post the info below, I'm listening. Anyway...

Got a spam attachment (https://www.virustotal.com/en/file/b2b5f9ea3202520e4a1c75b2500dc200cda9158034d83bd98963ac93e4681aff/analysis/ (https://www.virustotal.com/en/file/b2b5f9ea3202520e4a1c75b2500dc200cda9158034d83bd98963ac93e4681aff/analysis/)). When run, it connects, via UDP, port 443 to
   mtfsl.com  184.22.215.50.
Title: Re: Spam Attachments
Post by: berzerke on October 16, 2013, 03:32:00 pm
Another sample, this time it looks like a Zeus dropper. Virus total: https://www.virustotal.com/en/file/1835957467ab7a2660b3aafa1b9c616a0682323ba1e52912ea1d48ed092cb5b0/analysis/ (https://www.virustotal.com/en/file/1835957467ab7a2660b3aafa1b9c616a0682323ba1e52912ea1d48ed092cb5b0/analysis/)

This, after sleeping for several minutes, connects to zombies7.in 182.18.150.53