Author Topic: SpyEye C&C &files  (Read 39583 times)

0 Members and 1 Guest are viewing this topic.

October 20, 2010, 01:11:50 pm
Reply #30

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - RR-RC-Enet-Columbus - RoadRunner RR-RC-Enet-Columbus
IP  209.51.196.254
[fe.c4.33.static.xlhost.com]
AS10297
Name Server: ns2.vistapanel.net
Name Server: ns1.vistapanel.net
Code: [Select]
hxxp://virus.vistapanel.net/Main/

October 20, 2010, 03:23:02 pm
Reply #31

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Germany - ORG-nA8-RIPE - NETDIRECT AS
IP  188.72.205.79
AS28753
Name Server: ns1.kriminal-news.ru
Name Server: ns2.kriminal-news.ru
Registrant/Registrant Email: Private Person/betmarket4me@yahoo.com
Code: [Select]
hxxp://kriminal-news.ru/myeye/

October 27, 2010, 05:00:24 pm
Reply #32

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
SpyEye C&C
IP Location: Ukraine - Datacenter Hosting.UA - HOSTING-AS
IP 213.155.31.32
AS41665
ns1.interglobe.am
ns2.interglobe.am
Registrant ID: IVB514I-RU
Registrant/Email Registrant: PrivateRegContact/contact@myprivateregistration.com
Code: [Select]
hxxp://update-soft.com/spy/main/main/

November 04, 2010, 11:06:15 am
Reply #33

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - Proxy-registered route object
IP 74.118.193.156
AS46664
ns1.gfxsetup.com
ns2.gfxsetup.com
Registrant ID:4a6de5fb5ff0a647
Registrant/Email Registrant: WhoisGuard  Protected/92dcc271f34a4c0998b9b0772638b890.protect@whoisguard.com
Code: [Select]
hxxp://cashforsignup.info/secures/bin/config.binmd5sum ===> 38cdf0f66252340b18eb1a59a3f1bb0e
Code: [Select]
hxxp://www.cashforsignup.info/secures/

November 04, 2010, 03:33:10 pm
Reply #34

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://black-hosting.ru/spice/spotonmain/bin/config.binmd5sum ===> a9584d2efabf964b5a35ce9634e22877
Code: [Select]
hxxp://black-hosting.ru/spice/spotonmain/bin/build______capo_dei_capi___.exemd5sum ===> 74bdae8c4e2057c1137bb8f3b1a93cf7
http://www.virustotal.com/file-scan/report.html?id=05e60e0a4410f3991caec6aa4687f2b87897cd91d969f7c1acc585cce86ffb29-1288884518
VT 26/43 (60.5%)
Code: [Select]
hxxp://black-hosting.ru/spice/spotonmain/

November 12, 2010, 10:37:29 am
Reply #35

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://galichina.zaporizhzhe.ua/maincp/bin/bot.exemd5sum ===> 4503cc71af7215505dacf6841fae1d34
http://www.virustotal.com/file-scan/report.html?id=b7689c6c10d9887a0fdff2379fae8acc73403e3a68a4236bbb5112d41994d3d7-1289556938
VT 5/43 (11.6%)
related:
Code: [Select]
hxxp://injection-crew.biz/asdfg/gate.php?hwid=dfd71cb9551a20262c516b1a31369baf&version=1.00&os=1&response=& 
hxxp://injection-crew.biz/asdfg/gate.php?&hwid=dfd71cb9551a20262c516b1a31369baf&os=1&response=Undefined%20Comand...&

November 13, 2010, 03:52:48 pm
Reply #36

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://gmajem.x10.mx/Main/bin/config.binmd5sum ===> fc4da184dc796366df5b227380f213d8

November 15, 2010, 05:22:52 am
Reply #37

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://damptime.com/music/bin/upload/setup7281234.exemd5sum ===> e1cfb3a583da7bb2f8bd13afd4961f94
http://www.virustotal.com/file-scan/report.html?id=28f07cfec8140ef7d4a45a4abe2f316ac4c1b8e39962c3f65cc53e07b3c7a2f9-1289797746
VT 16/43 (37.2%)
Code: [Select]
hxxp://damptime.com/music/bin/upload/setup72812345.exemd5sum ===> 68bcfff8fe5bae3716aa4311b7e51dc4
http://www.virustotal.com/file-scan/report.html?id=2c396f20d45d9174d0620fcebef600f6e205ffede5dbf765990c4d33250892f1-1289798222
VT 13/43 (30.2%)

November 19, 2010, 09:30:46 am
Reply #38

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine - Datacenter Hosting.UA - HOSTING-AS
AS41665
Code: [Select]
hxxp://213.155.12.144/sec/bin/config.binmd5sum ===> 84b105947d8f8db4460b3cc7f4fdac4a
Code: [Select]
hxxp://213.155.12.144/sec/bin/k.exemd5sum ===> 380eba232fb0126c7518c17ffc28ff1b
http://www.virustotal.com/file-scan/report.html?id=a3b78f0486c5ff0fee993e42e561d9b129ff13c1b0cccf7419cd5e514873a18f-1290157914
VT 28/43 (65.1%)
Code: [Select]
hxxp://213.155.12.144/sec/bin/load.exemd5sum ===> 71ad4c13d9bcb1e8ef3296281d504a5f
http://www.virustotal.com/file-scan/report.html?id=ab890d528bc9e22897308da2056438efcc7c5da9dc52357c1e2175ef7ce6af1d-1290154619
VT 19/43 (44.2%)
Code: [Select]
hxxp://213.155.12.144/sec/bin/upload/45.exemd5sum ===> c7e12137d6212d17f4bf6e9a285282ae
http://www.virustotal.com/file-scan/report.html?id=f352936d6fedba7823b9eaf940bb325700b89c17d390542e45a1e533a4c2f888-1290158372
VT 7/41 (17.1%)
Code: [Select]
hxxp://213.155.12.144/sec/bin/upload/baby.exemd5sum ===> 6bc0d62518f47360b6f7dfba90022a38
http://www.virustotal.com/file-scan/report.html?id=43d77c8e53169e4c0785004ecab25130d670bf65151b7d047d5d3689927ad685-1290158458
VT 7/43 (16.3%)
Code: [Select]
hxxp://213.155.12.144/sec/bin/upload/v1crypted.exe
hxxp://213.155.12.144/sec/bin/upload/v1crypted1.exe
md5sum ===> 0d56e7391793c429a760992ab088658a
http://www.virustotal.com/file-scan/report.html?id=a2b4f0e1b82e8ddab05b4eb6e41dabfccf46ca67d9ddc66924b72afdd780731d-1290158586
VT 7/43 (16.3%)
Code: [Select]
hxxp://213.155.12.144/sec/bin/upload/v2crypted.exe
hxxp://213.155.12.144/sec/bin/upload/v2crypted1.exe
md5sum ===> 8cab6300b7e39ed026eb0a187972d95c
http://www.virustotal.com/file-scan/report.html?id=26cffb41db2160e6ece55d2f4439f5ab73cc5d9e442de0387c5da095199bb251-1290158668
VT 20/40 (50.0%)

November 19, 2010, 08:01:35 pm
Reply #39

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - Proxy-registered route object
IP 74.118.192.120
AS46664
ns1.playtenniseveryday.mobi
ns2.playtenniseveryday.mobi
Registrant/Email Registrant: Private Whois Service/aa2bmjj4cbedaebd2e31@qc8iazv4cbecce2a1df1.privatewhois.net
Code: [Select]
hxxp://98up.com/newman/mainstats/bin/config.binmd5sum ===> 76c7b5d26226b64f96e84b17fb61c516
Code: [Select]
hxxp://98up.com/newman/mainstats/bin/upload/1.md5sum ===> b344d91cb0e9815217af83a59fa91b69
Code: [Select]
hxxp://98up.com/newman/mainstats/bin/build.exe
hxxp://98up.com/newman/mainstats/bin/upload/build.exe
hxxp://98up.com/newman/mainstats/bin/upload/build1.exe
md5sum ===> 814b99f8bf59846f27e9cedc7b79ff65
http://www.virustotal.com/file-scan/report.html?id=703a554fd4677693011d1b20db98875377f5b8c2665445d42b17bb569a292f42-1290195556
VT 23/42 (54.8%)
related:
IP Location: Portugal - Clara.net Portugal - CLARANET-AS
IP 195.22.11.158
[web6.esoterica.pt]
AS8426
dnserver7.esoterica.pt
dnserver3.esoterica.pt
Registrant/Email Registrant: Babo & Brochado Lda/babo.brochado.lda@hotmail.com
Code: [Select]
hxxp://enerclima.pt/32.exemd5sum ===> 189469ac1c0b636fad499b0055e1e3b1
http://www.virustotal.com/file-scan/report.html?id=84a433019d5915c354de333a7ef74b0d33190dcb100732982ac207cde575b138-1290194928
VT 16/41 (39.0%)

November 20, 2010, 10:22:32 am
Reply #40

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Netherlands - ASN-PROSERVE B.V.
IP  188.93.150.25
AS21155
ns1.metaregistrar.nl 81.4.97.217
ns2.metaregistrar.nl 81.4.96.65
Code: [Select]
hxxp://my-panel.nl/SpyEye/main/

November 22, 2010, 09:06:03 pm
Reply #41

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - SharkTECH Internet Services
IP  70.39.93.57
AS46844
ns1.eu.editdns.net   AS33517
ns2.eu.editdns.net   AS46475
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org
Code: [Select]
hxxp://kokainpawer.com/fakinyea/se/build.exemd5sum ===> 9be5a75036c586f237a7dae57e79c21a
http://www.virustotal.com/file-scan/report.html?id=6f6de21dd255e9b14a0a64ef29c9e2f0cddd0a988cec6c27381ea1f1ccf59fed-1290458929
VT 24/43 (55.8%)
Code: [Select]
hxxp://kokainpawer.com/fakinyea/se/

November 23, 2010, 03:56:38 pm
Reply #42

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://kokainpawer.com/asp.exemd5sum ===> 9be5a75036c586f237a7dae57e79c21a
http://www.virustotal.com/file-scan/report.html?id=6f6de21dd255e9b14a0a64ef29c9e2f0cddd0a988cec6c27381ea1f1ccf59fed-1290527447
VT 25/41 (61.0%)
Code: [Select]
hxxp://kokainpawer.com/asp2.exemd5sum ===> fec69370e57c85380422d3b4aa4748d2
http://www.virustotal.com/file-scan/report.html?id=eac5445fc19e9d45f4bad4b39a4d842033e9b819d5f1fa12cd50c682b197c54b-1290526791
VT 19/43 (44.2%)
Code: [Select]
hxxp://kokainpawer.com/asp3.exemd5sum ===> bb9bfe00e153d6b717ca3fa288839303
http://www.virustotal.com/file-scan/report.html?id=4ac2d812b1abccc8b7c592adeb6d5489e040902b688964766b9cf03e7e69f664-1290527107
VT 22/43 (51.2%)

December 02, 2010, 07:45:56 pm
Reply #43

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine - DATAGROUP
IP  93.183.203.14
AS21219
ns1.everydns.net
ns2.everydns.net
Registrant: Stanislav V Rybakov
Code: [Select]
hxxp://eclada.co.uk/400/401/403/404/500/index/logo/v10541-v10563/bin/config.binmd5sum ===> 1ac33d926d494bfd83be6ac1cfb9daeb
Code: [Select]
hxxp://eclada.co.uk/400/401/403/404/500/index/logo/v10541-v10563/bin/IE7-WindowsXP-x86-enu.exemd5sum ===> 7163f4c4f4e8677ad2ef3ab3e6fa8e98
http://www.virustotal.com/file-scan/report.html?id=102df5d73c7dc80f1d0d7d87f55f8d2dccb5a2b4fc090d3a3fbaed834a73688f-1291318658
VT 1/41 (2.4%)
Code: [Select]
hxxp://eclada.co.uk/400/401/403/404/500/index/logo/v10541-v10563/

December 03, 2010, 03:42:55 pm
Reply #44

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - Wahome IP's  - WEBALTA-AS
IP 92.241.190.116
[heihachi.net]
AS41947
dns1.name-services.com
dns2.name-services.com
Registrant ID:a44bd91ebc72c285
Registrant/Email Registrant: Heihachi Ltd/abuse@heihachi.net
Code: [Select]
hxxp://underground-infosource.info/main/bin/1.exemd5sum ===> c6237f2f75ed0d7c60adea926fa9dc7c
http://www.virustotal.com/file-scan/report.html?id=ee0932894f40c4d6b4366a26acb72f5baf07864b78464ccfa12321cc624ae8d8-1291389494
VT 37/43 (86.0%)
Code: [Select]
hxxp://underground-infosource.info/main/bin/vpd6F53.exemd5sum ===> 60569a1f61b9bd334d91fbab6a18975a
http://www.virustotal.com/file-scan/report.html?id=2a27ba97e301e377d7577dfc9837a36703ca0f4934a2a7db2aa91c3c6a4943fc-1291389824
VT 34/43 (79.1%)