Author Topic: New files for Zeus servers  (Read 54150 times)

0 Members and 1 Guest are viewing this topic.

March 14, 2010, 03:40:53 pm
Reply #45

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://img25.xooimage.com/files/9/0/7/mod-181d459.exe

Code: [Select]
hxxp://tagl.org/data/cfg.bin

March 14, 2010, 04:11:09 pm
Reply #46

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Code: [Select]
hxxp://img25.xooimage.com/files/9/0/7/mod-181d459.exe

Code: [Select]
hxxp://tagl.org/data/cfg.bin

Right, but there is no config file at this location. It's only a html file.
Ruining the bad guy's day

March 14, 2010, 04:24:37 pm
Reply #47

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Right, but there is no config file at this location. It's only a html file.

"Bandwidth Limit Exceeded
The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later".

March 15, 2010, 07:52:34 pm
Reply #48

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://91.201.196.37/eeYae8.Poo4Ihmd5sum ===> a62413ec0a5d22a9b1c525eb69924dca
SHA256   ===> 1e786b45d3f8da19c7bf121fbae421c4ccec6186999c08d3e51ef0f85febc68c
Code: [Select]
hxxp://91.201.196.37/Az6lei.exemd5sum ===> c52fd71024cf836330724650236b3c8d
SHA256   ===> 53c8d0ba373f1bb955cd1f598c672655420257f2e7e091d9fb1c974c0f5f5b35
http://www.virustotal.com/analisis/53c8d0ba373f1bb955cd1f598c672655420257f2e7e091d9fb1c974c0f5f5b35-1268679820
VT 6/42 (14.29%)

March 17, 2010, 08:39:13 am
Reply #49

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
related zeusbotnet malware
Code: [Select]
hxxp://chetiripolka.com/hex/rapport.exemd5sum ===> 85d7a1efb509c4934577d3bd78050992
SHA256   ===> 6111b46803ca7334712bc95e4b2fd6aa4719a800a0b7cd3099a1324238ce82d3
http://www.virustotal.com/analisis/6111b46803ca7334712bc95e4b2fd6aa4719a800a0b7cd3099a1324238ce82d3-1268814818
VT 1/42 (2.39%)

March 17, 2010, 09:14:09 am
Reply #50

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
http://darnite.ru/ordlo/rec.php

March 18, 2010, 09:14:26 am
Reply #51

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
related malware:
Code: [Select]
hxxp://pedrodepako.biz/forum/user/setup.exemd5sum ===> 85d7a1efb509c4934577d3bd78050992
SHA256   ===> 6111b46803ca7334712bc95e4b2fd6aa4719a800a0b7cd3099a1324238ce82d3
http://www.virustotal.com/analisis/6111b46803ca7334712bc95e4b2fd6aa4719a800a0b7cd3099a1324238ce82d3-1268903283
VT 4/42 (9.53%)

see:    
Re: New files for Zeus servers
Reply #49 on: March 17, 2010, 03:39:13 am


March 19, 2010, 10:57:34 am
Reply #52

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://bagmater.com/cnf/bomb.binmd5sum ===> cba7d6ed5eef14ca393e8f63622b51f8
SHA256   ===> 6d875dcdf1f76326a7b6173d04e1d1f12bbe993a3167f3e83e88b004f7e2fc00

March 20, 2010, 12:10:36 pm
Reply #53

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 83.170.112.218
AS13213
Code: [Select]
hxxp://cin-turk.com/cfg.binmd5sum ===> 0b85aa4c7fb74fcfd0d8975d90388a4f
SHA256   ===> 79e9ea4ed40d3c69462dfd994f4181a294e457c3e53e3fcb7e78fe111ccede0c
Code: [Select]
hxxp://cin-turk.com/gate.php
other domains:
Code: [Select]
artvizit.com
cibiliyetsiz.com
ilanator.com
theypay.us

March 20, 2010, 09:27:12 pm
Reply #54

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Canada  - Quebec - Montreal - Interweb Media
IP 76.76.101.76
[reverse-mtl-76-76-101-76.gogax.com]
AS21793
Code: [Select]
hxxp://cralertyit.net/3x/dim.exemd5sum ===> 77d18a5a1b60919fa26582d56730df44
SHA256   ===> e06dce574b2b3e60d2f4ea17c1f420587cc456d4db57c38f5ea6e347dac70d17
http://www.virustotal.com/analisis/e06dce574b2b3e60d2f4ea17c1f420587cc456d4db57c38f5ea6e347dac70d17-1269119897
VT 7/42 (16.67%)

other domains:
Code: [Select]
ertunagulerka.com:http://www.threatexpert.com/report.aspx?md5=138ef7b1e0543b0284026b6d54072ebf

March 23, 2010, 11:43:31 am
Reply #55

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://sp000.org/3/lcass.exehttp://www.virustotal.com/analisis/191a1975dc0aade560994d7f280e175e865e8b99678da949c7aad058fbb647b3-1269343922
md5sum ===> 64e4ddb5fede299ed3a73542c55d5198
SHA256   ===> 191a1975dc0aade560994d7f280e175e865e8b99678da949c7aad058fbb647b3
VT 2/42 (4.77%)

related malware:
Code: [Select]
hxxp://sp000.org/kill.exemd5sum ===> 02a2c8b570a794f16cc408d9eab12e18
SHA256   ===> 6f2a611f1b2705a808fbc38fa72e872330041bc4c9356068018f7448561b97b2
http://www.virustotal.com/analisis/6f2a611f1b2705a808fbc38fa72e872330041bc4c9356068018f7448561b97b2-1269344097
VT 10/42 (23.81%)
Code: [Select]
hxxp://sp000.org/rapport.exemd5sum ===> 3370015a0afc9e643c7430acda3ff9b0
SHA256   ===> fdd61667a2b308133356232f2f10eab5c1d3367a90459ac294874da8481e9ac9
http://www.virustotal.com/analisis/fdd61667a2b308133356232f2f10eab5c1d3367a90459ac294874da8481e9ac9-1269344268
VT 12/41 (29.27%)

March 23, 2010, 01:52:01 pm
Reply #56

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Code: [Select]
hxxp://sp000.org/3/lcass.exe

also:

Code: [Select]
sp000.org/1/lcass.exe
sp000.org/2/lcass.exe
Ruining the bad guy's day

March 23, 2010, 07:32:42 pm
Reply #57

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://83.170.112.218/stop.binmd5sum ===> 067b27ac0cf8c3eb96483dca3173184c
SHA256   ===> fa2584211df4f197cfddc661b71521e3eebd2a84dfa09112689d4a83d2c53a65

other domains:
Code: [Select]
artvizit.com
cibiliyetsiz.com
ilanator.com
theypay.us

March 24, 2010, 08:38:30 pm
Reply #58

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Netherlands Amsterdam The King Host
New IP: 94.102.63.163
ASN29073

Code: [Select]
hxxp://chetiripolka.com/klp/rapport.exemd5sum ===> e0c44c21af90df03cd23f896b7b882de
SHA256   ===> 3a0ae16ac3e09f8b56dbc54bde3adb53548c00278fe309db9998b079c084acec
http://www.virustotal.com/analisis/3a0ae16ac3e09f8b56dbc54bde3adb53548c00278fe309db9998b079c084acec-1269462117
VT 6/42 (14.29%)
Code: [Select]
hxxp://chetiripolka.com/klp/hex.exemd5sum ===> af2700f0c9b1b1a4b2a7cabc74e7c3a9
SHA256   ===> 29816e2defae9b63d084097337c0755f2cca7b04b3cd6a1c33e7b2404577789e
http://www.virustotal.com/analisis/29816e2defae9b63d084097337c0755f2cca7b04b3cd6a1c33e7b2404577789e-1269462468
VT 5/42 (11.91%)

March 24, 2010, 11:28:52 pm
Reply #59

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine Pe Anton Kasminin
IP 193.104.253.22
ASN29557
Code: [Select]
hxxp://flashplayeradobe.com/forum/net5.binmd5sum ===> 9f31fa38e9861a0cbf054a738b53905f
SHA256   ===> b138f94c39126fdd9d3ab2cf8a401c84a5e0727122689ec212c1e9f7414d5d6d

related malware
Code: [Select]
hxxp://flashplayeradobe.com/forum/svchost.exemd5sum ===> 969fd33b0bcfe3958b804f945fbaed50
SHA256   ===> a2ebd8a165c0e9c3fe9f0533f2cf2fe8d23613c9ecc0addadee534d6b5209d3d 
http://www.virustotal.com/analisis/a2ebd8a165c0e9c3fe9f0533f2cf2fe8d23613c9ecc0addadee534d6b5209d3d-1269472670
VT 12/42 (28.58%)