« previous next »
Pages: [1] 2 3 ... 22   Go Down

Author Topic: New files for Zeus servers  (Read 221148 times)

0 Members and 3 Guests are viewing this topic.

January 31, 2010, 12:27:51 pm
Read 221148 times

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
New files for Zeus servers
config url:

Code: [Select]
hxxp://115.100.250.86/us/orders.xlsmd5sum ===> 6974b30e1a4efdd4f1cc0f79151f321a
Logged
January 31, 2010, 12:39:46 pm
Reply #1

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
and

Code: [Select]
hxxp://115.100.250.86/us/test/orders1.xls
Logged
February 01, 2010, 06:32:43 pm
Reply #2

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Code: [Select]
hxxp://91.206.201.14/~canada/wes/qasqw.bin
Logged
February 02, 2010, 05:55:43 pm
Reply #3

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Code: [Select]
hxxp://uyerfbvo.cn/primo/numo.bin
Logged
February 07, 2010, 09:38:37 am
Reply #4

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Code: [Select]
hxxp://193.104.27.110/wtf/ins1w.rarmd5sum ===> 16bcf0c69a08716219497596483559a4
http://www.virustotal.com/analisis/e81fd80eafb9f33343dba102b78b68fc432bd38d79e0fc2422d5db5454934d41-1265401010
VT 6/40 (15.00%)
Logged
February 07, 2010, 11:24:40 am
Reply #5

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Logged
February 09, 2010, 12:11:17 am
Reply #6

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Code: [Select]
hxxp://bl.fcrazy.com/hhf/mmn.bin
Logged
February 09, 2010, 11:05:00 am
Reply #7

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Code: [Select]
hxxp://87.242.115.123[115.242.87.in-addr.arpa]
AS25532

abuse@masterhost.ru

config url:
Code: [Select]
hxxp://87.242.115.123/Imgtrojan:
Code: [Select]
hxxp://87.242.115.123/z.exehttp://www.virustotal.com/analisis/f755425c6ed5a0ba0c1ce042d2aa09d909b7f0871967bffcb2b322f65806969a-1265712778
VT 19/41 (46.35%)
md5sum ===> a55b5b6a65a5372c65e3ef94fe05d071
dropzone:
Code: [Select]
hxxp://87.242.115.161/2k8/gate.php?id=3cd5e97e
Logged
February 09, 2010, 02:53:15 pm
Reply #8

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Zeus trojan for
Code: [Select]
z130217.infobox.ru:

Code: [Select]
hxxp://carderam.com[9.10.79ae.static.theplanet.com]
IP: 174.121.16.9
Code: [Select]
hostgator.com/domainsAS21844

Creation date: 29 Jan 2010

IP Location:  United States  - Texas - Dallas - Theplanet.com Internet Services Inc

Registrant: Anders Nielsen
email: support@hostgator.com

Code: [Select]
hxxp:carderam.com/instal/qw.exemd5sum ===> db44269456d4ac033c8d37f33a5c9f4f
http:/http://www.virustotal.com/analisis/66e5d406a758f933b8fbc66f55693aebbb55972f00d6c75b34cdd7ee62411d06-1265726840
VT 10/41 (24.4%)
Logged
February 10, 2010, 11:56:14 am
Reply #9

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Code: [Select]
androzo.ru/ccc/androzo2.ngf
md5sum ===>c4aa1353bdbbe445a9988c3c5a1bf167
Logged
February 10, 2010, 04:05:14 pm
Reply #10

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Code: [Select]
hxxp://94.75.228.245[hosted-by.leaseweb.com]
AS16265

zeus trojan:
Code: [Select]
hxxp://94.75.228.245/l2/1.php==> us12.exe 2e3a89eef66c632778365ef08b79a9ed
http://www.virustotal.com/analisis/6d53c57069a7e307b97bcc8fbaf5b1dc98e1b9222b1492157f1859e3449a5413-1265817198

Code: [Select]
hxxp://94.75.228.245/l2/stat.phpredirects to
Code: [Select]
hxxp://www.panel911.com/traffic/in.cgi?google3
config url:
Code: [Select]
hxxp://94.75.228.245/us4/basemd5sum ===> 59c74d0e15c2c9d9b03ee4340f719922

trojan
Code: [Select]
hxxp://94.75.228.245/l2/2.php==> x.exe 8b4bd8d9cec03e627865f6a03b495634
http://www.virustotal.com/analisis/94d02bfdab79f1d852b49eb8acd0fb4099d03010e1e9403c396ece8da2234dd6-1265817006
Logged
February 10, 2010, 05:20:16 pm
Reply #11

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Quote from: jackberri on February 10, 2010, 04:05:14 pm

trojan
Code: [Select]
hxxp://94.75.228.245/l2/2.php==> x.exe 8b4bd8d9cec03e627865f6a03b495634
http://www.virustotal.com/analisis/94d02bfdab79f1d852b49eb8acd0fb4099d03010e1e9403c396ece8da2234dd6-1265817006

[...]
Open file: fWezuS.GPE
                       ^ ^^^
Logged
February 14, 2010, 08:08:14 pm
Reply #12

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Code: [Select]
hxxp://115.100.250.119/us/proview.exemd5sum ===> 6e1db6cf6832f592adf0be5fd065060d
http://www.virustotal.com/analisis/32e2fab7e52e1f8f1a829a9196fee50b2fe61a93a67f98ba69147ffecb4050e1-1266177710
Code: [Select]
hxxp://115.100.250.119/us/pv.xlsmd5sum ===> 59dec669a761eb0fc8ace722757c7e63
Code: [Select]
hxxp://115.100.250.119/7tImbTH8HY.php
Logged
February 15, 2010, 08:46:45 pm
Reply #13

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
Code: [Select]
hxxp://115.100.250.81/uk/price.xls
md5sum ===> 89be72d5ec6063d2cc760720af17085b
Logged
February 18, 2010, 03:54:58 pm
Reply #14

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New files for Zeus servers
zeus trojans (and other related malmare):

Code: [Select]
hxxp://bhostonline.com/loaderadv562.exemd5sum ===> afe0c42bd76163762ac798938046743a

for:
Code: [Select]
hxxp://96.9.183.149/app21.bin
hxxp://174.36.237.84/app21s.bin    incoming?


Code: [Select]
hxxp://bhostonline.com/loaderadv563.exemd5sum ===> 5b12cf0e2439517af6af8c8ba6b0f7b4

for
Code: [Select]
hxxp://174.36.237.84/app21s.bin
Logged
Pages: [1] 2 3 ... 22   Go Up
« previous next »