Author Topic: Trojan Ransom  (Read 64980 times)

0 Members and 1 Guest are viewing this topic.

March 22, 2012, 10:26:06 am
Reply #240

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Redirects to Ransom WindowsSecurity

Quote
hxxp://npornokq.ru/video.htm
hxxp://vtds5.ru/in.cgi?2

Ransom WindowsSecurity

Quote
hxxp://pornoxxx-conline5b.ru/a/xxx_porno.exe
hxxp://rl4328.ru/c.php?f=65c76

BH EK

Quote
hxxp://rl4328.ru/indexi.php?pagexxi=b69b091ad032a484

March 22, 2012, 10:49:30 am
Reply #241

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323

Quote
hxxp://npornokq.ru/video.htm
hxxp://vtds5.ru/in.cgi?2

Quote
hxxp://pornoxxx-conline5b.ru/a/xxx_porno.exe


Don't respond. Are hosts down are or does it work for specific regions only  ?
Ruining the bad guy's day

March 22, 2012, 11:28:33 am
Reply #242

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Hmm, re-checked, yes they don't respond for me too. And ransom binary is damaged - "Not valid win32 application".
Will look if I can get any other locations.

March 22, 2012, 12:02:23 pm
Reply #243

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Should be up and running.

Redirectors

Quote
hxxp://teaserxxx.ru/go.php?sid=1
hxxp://wg5xv.ru/in.cgi?4
hxxp://wg5xv.ru/in.cgi?2

Additionally

Quote
hxxp://teaserxxx.ru/go.php?sid=2
redirects to site with Java SMS trojan

Quote
hxxp://update3212.ru/d.php?a=y284q214z4z2x4u2w4t2t2r2y3q2x4b4x223b41364x2d4v2&nb

https://www.virustotal.com/file/2a200a51f1860014ba8a9f5386e3dea1fef375cc96fc586f6aa48c0b4b345822/analysis/1332417873/

March 22, 2012, 12:43:46 pm
Reply #244

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Should be up and running.

Redirectors

Quote
hxxp://teaserxxx.ru/go.php?sid=1
hxxp://wg5xv.ru/in.cgi?4
hxxp://wg5xv.ru/in.cgi?2

Additionally

Quote
hxxp://teaserxxx.ru/go.php?sid=2

Hmm. Don't redirect (http code 200 only) or don't redirect to malware.
Ruining the bad guy's day

March 31, 2012, 12:15:54 pm
Reply #245

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
BH EK

Quote
hxxp://ac0c28.ru/indexi.php?pagexxi=1e3ec5b370028657

http://wepawet.iseclab.org/view.php?hash=2394fac9db3e644c2e1c4ec4f136676d&t=1333195951&type=js

Ransom WindowsSecurity

Quote
hxxp://videoxxx-onlinee1h.ru/a/xxx_porno.exe
hxxp://ac0c28.ru/data/ap2.php?f=fd54a

April 06, 2012, 12:21:11 pm
Reply #246

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Ransom WindowsSecurity

Quote
hxxp://aa3bqc.ru/files/f624d

BH EK

Quote
hxxp://aa3bqc.ru/indexi.php?pagexxi=58816068d374b9fb

April 06, 2012, 04:42:29 pm
Reply #247

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Ransom WindowsSecurity

Quote
hxxp://aa3bqc.ru/files/08d5e
hxxp://aa3bqc.ru/files/edd61

April 07, 2012, 10:19:34 am
Reply #248

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Ransom WindowsSecurity

Quote
hxxp://ipornolw.ru/x/xxx_porno.exe
hxxp://ad9bja.ru/c.php?f=cf0b9&e=5
hxxp://ad9bja.ru/files/5ab4a

5ab4a is fresh

Quote
Content-Length: 65536
Last-Modified: Sat, 07 Apr 2012 09:55:06 GMT

BH EK

Quote
hxxp://ad9bja.ru/indexi.php?pagexxi=7fea5412ae399699

April 10, 2012, 10:19:44 am
Reply #249

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Ransom WindowsSecurity

Quote
hxxp://rf3c73.ru/c.php?f=e5334&e=1

BH EK

Quote
hxxp://rf3c73.ru/indexi.php?pagexxi=677684c604189845

http://wepawet.iseclab.org/view.php?hash=72bfceee207052e58402fba58637d1bb&t=1334053049&type=js

April 11, 2012, 06:04:57 am
Reply #250

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Ransom WindowsSecurity
Quote
hxxp://ul0cjn.ru/c.php?f=b172c&e=1

BH EK

Quote
hxxp://ul0cjn.ru/indexi.php?pagexxi=d53eca4de41a145a

http://wepawet.iseclab.org/view.php?hash=4713755341d09d9ad22176a121913f40&t=1334124105&type=js

April 12, 2012, 12:59:11 am
Reply #251

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
BH EK

Quote
hxxp://ul4bfq.ru/indexi.php?pagexxi=2e2ffbf4b3feed3b

http://wepawet.iseclab.org/view.php?hash=ca9782540902a200bd6e7a2c96f869e3&t=1334191911&type=js

Ransom WindowsSecurity

Quote
hxxp://ul4bfq.ru/c.php?f=61b0a&e=1

April 12, 2012, 11:53:41 am
Reply #252

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Ransom WindowsSecurity

Quote
hxxp://91.202.244.89/files/a3b9f
hxxp://91.202.244.89/files/51d4d

April 25, 2012, 02:40:57 pm
Reply #253

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Redirector

Quote
hxxp://btds0.ru/in.cgi?2

BH EK

Quote
hxxp://tz6xva.ru/index.php?page=17069665fd70fe76

Ransom WindowsSecurity

Quote
hxxp://tz6xva.ru/c.php?f=1a873&e=1

April 30, 2012, 02:36:32 pm
Reply #254

EP_X0FF

  • Special Members
  • Hero Member

  • Offline
  • *

  • 254
    • KernelMode.info
Ransom WindowsSecurity redirect page

Quote
hxxp://apornojw.ru/video.htm


Ransom WindowsSecurity

Quote
hxxp://ebutotuzitube.ru/x/video.scr
hxxp://pf2vq1.ru/c.php?f=e129f


https://www.virustotal.com/file/ae9a5216bffc2f7eb92868715d11df9e7f5a224b96636d5e13678282a175665a/analysis/1335796470/

BH EK

Quote
hxxp://pf2vq1.ru/index.php?page=daf4ce940a1f00e5


Ransom LockScreen

Quote
hxxp://ryactive.com/media/video.avi.exe