Author Topic: C&C Server and .exe with it  (Read 7655 times)

0 Members and 1 Guest are viewing this topic.

March 04, 2016, 01:38:50 pm
Read 7655 times

Sicqas

  • Newbie

  • Offline
  • *

  • 3
I recently got a Direct Link of a EXE containing Malware. (C&C)

Here's the Link to the Deepviz Analysis:

Currently Scanning.

And the Link to Virustotal:

https://www.virustotal.com/en/file/e543e7e5fca52d68be705badecbab53b03ad9be6785a451066d4b5637efcbc20/analysis/1456258716/

The Domain is:

hxxp://oaspodpaskdjnghzatrffgcasetfrd.cf/
And some more.

Malwr Analysis: (currently Scanning)

https://malwr.com/analysis/MDM0YjZhYWJhMjc1NDc3NmFkOWEzMDc3ODRiYTU4MzA/

Download Link:

hxxp://nevergreen.net/6ob

Hope you will block all the Domains!

Thanks.

March 04, 2016, 01:55:15 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Thanks for submission and welcome to MDL!

Please make sure to post malicious urls in a way they can't be clicked accidentally, for example by replacing http by hxxp.
Ruining the bad guy's day

March 04, 2016, 02:42:44 pm
Reply #2

Sicqas

  • Newbie

  • Offline
  • *

  • 3
Okay, sorry didn't known it.
Oh just realised i'm in the wrong Forum, can someone move this?

Another Analyis: https://www.hybrid-analysis.com/sample/e543e7e5fca52d68be705badecbab53b03ad9be6785a451066d4b5637efcbc20?environmentId=1

+ Domain: kioioqrieuj7t451453fcgasdvgb.cf

March 04, 2016, 03:52:58 pm
Reply #3

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Wrong forum?

It fits perfectly here.
Ruining the bad guy's day

March 04, 2016, 03:54:11 pm
Reply #4

Sicqas

  • Newbie

  • Offline
  • *

  • 3
Ah okay, tought because of the Malware it would fit it another better.

How can i report these Domains that they get locked?

March 04, 2016, 04:26:56 pm
Reply #5

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
In this particular case you can report abuse at http://nevergreen.net/report_file.html

For C&C domains you can contact domain registrars. Abuse contact can usually be found in whois details.

http://whois.domaintools.com/oaspodpaskdjnghzatrffgcasetfrd.cf
Ruining the bad guy's day