Author Topic: C&C Server and .exe with it (Read 11611 times)

Sicqas · March 04, 2016, 01:38:50 pm

I recently got a Direct Link of a EXE containing Malware. (C&C)

Here's the Link to the Deepviz Analysis:

Currently Scanning.

And the Link to Virustotal:

https://www.virustotal.com/en/file/e543e7e5fca52d68be705badecbab53b03ad9be6785a451066d4b5637efcbc20/analysis/1456258716/

The Domain is:

hxxp://oaspodpaskdjnghzatrffgcasetfrd.cf/
And some more.

Malwr Analysis: (currently Scanning)

https://malwr.com/analysis/MDM0YjZhYWJhMjc1NDc3NmFkOWEzMDc3ODRiYTU4MzA/

Download Link:

hxxp://nevergreen.net/6ob

Hope you will block all the Domains!

Thanks.

SysAdMini · March 04, 2016, 01:55:15 pm

Thanks for submission and welcome to MDL!

Please make sure to post malicious urls in a way they can't be clicked accidentally, for example by replacing http by hxxp.

Sicqas · March 04, 2016, 02:42:44 pm

Okay, sorry didn't known it.
Oh just realised i'm in the wrong Forum, can someone move this?

Another Analyis: https://www.hybrid-analysis.com/sample/e543e7e5fca52d68be705badecbab53b03ad9be6785a451066d4b5637efcbc20?environmentId=1

+ Domain: kioioqrieuj7t451453fcgasdvgb.cf

SysAdMini · March 04, 2016, 03:52:58 pm

Wrong forum?

It fits perfectly here.

Sicqas · March 04, 2016, 03:54:11 pm

Ah okay, tought because of the Malware it would fit it another better.

How can i report these Domains that they get locked?

SysAdMini · March 04, 2016, 04:26:56 pm

In this particular case you can report abuse at http://nevergreen.net/report_file.html

For C&C domains you can contact domain registrars. Abuse contact can usually be found in whois details.

http://whois.domaintools.com/oaspodpaskdjnghzatrffgcasetfrd.cf

Author Topic: C&C Server and .exe with it (Read 11611 times)

Sicqas

C&C Server and .exe with it

SysAdMini

Re: C&C Server and .exe with it

Sicqas

Re: C&C Server and .exe with it

SysAdMini

Re: C&C Server and .exe with it

Sicqas

Re: C&C Server and .exe with it

SysAdMini

Re: C&C Server and .exe with it