Author Topic: New Zeus server (Read 386542 times)

jackberri · March 21, 2010, 10:31:12 am

IP Location: Taiwan - Taipei - Kgex.com
IP 61.61.20.133
AS9918

hxxp://napiwis54353.com/zs/cofag56.binmd5sum ===> beff28cd3ebf4a0081804ffc583f0837
SHA256 ===> 940652e134b7fd876bc014aa3f1197994559f54d37491712f60946ea6f3d6036

Code: [Select]

hxxp://napiwis54353.com/zs/gates5.php

jackberri · March 23, 2010, 07:24:44 am

IP 61.4.82.170
AS17964

Code: [Select]

hxxp://technotrucks.net/daily/help.txtmd5sum ===> ee553cf385356331ed00f16791c41f17
SHA256 ===> a767c79fc5cb55253eec212987ddaa1403091622e18b5c7553aee4eea1de43d5

Code: [Select]

hxxp://technotrucks.net/daily/game.exemd5sum ===> dc62deb9554931c5ab07080fe86394e7
SHA256 ===> dd633282cbdf129be9769f59ee28b094a3e203c2d4b57598e658316e45b5c9d7
http://www.virustotal.com/analisis/dd633282cbdf129be9769f59ee28b094a3e203c2d4b57598e658316e45b5c9d7-1269328821
VT 21/42 (50%)

Code: [Select]

hxxp://technotrucks.net/daily/lucky.php

SysAdMini · March 23, 2010, 07:28:19 am

Quote from: jackberri on March 23, 2010, 07:24:44 am

Code: [Select]
hxxp://technotrucks.net/daily/game.exe

One more :

Code: [Select]

hxxp://technotrucks.net/daily/host.exe
config file is

Code: [Select]

hxxp://technotrucks.net/daily/manual.txt
drop zone is also lucky.php.

jackberri · March 23, 2010, 08:36:19 am

IP Location: Panama - Cable & Wireless Panama
190.34.188.117
AS27990

Code: [Select]

hxxp://www.your-updates.net/microsoft/IE8.binmd5sum ===> 7bab716ff87bb7d232fd6097c775e30c
SHA256 ===> bdee4b98a62a85513c526aa12b9ee484bb4bd35a67d568db31039c46a1b0208a

Code: [Select]

hxxp://www.your-updates.net/microsoft/IE8.exemd5sum ===> aaf388576f74bd35d23b3ebff0266a54
SHA256 ===> 7929304b3ac9bb123050f9fb948d0ceae16e21693b37a5f30c2508854b3d5d37
http://www.virustotal.com/analisis/7929304b3ac9bb123050f9fb948d0ceae16e21693b37a5f30c2508854b3d5d37-1269332948
VT 8/40 (20%)

SysAdMini · March 23, 2010, 08:41:39 am

Quote from: jackberri on March 23, 2010, 08:36:19 am

Code: [Select]
hxxp://www.your-updates.net/microsoft/IE8.exe

drop zone:

Code: [Select]

www.win-uploads.net/win/111xjhjewhkjhdkjhkjdshkjhdkj_z01_cp.php

jackberri · March 23, 2010, 08:46:17 am

Quote from: SysAdMini on March 23, 2010, 08:41:39 am

drop zone:
Code: [Select]
www.win-uploads.net/win/111xjhjewhkjhdkjhkjdshkjhdkj_z01_cp.php

Coming of the day when that which is hidden shall be revealed

jackberri · March 23, 2010, 09:45:06 am

IP Location: Ukraine Pe Anton Kasminin
IP 193.104.253.33
AS29557

Code: [Select]

hxxp://anatolo.com/overdrives.binmd5sum ===> 21fd3182f55552efb28765db90640314
SHA256 ===> 807fb9f4d6aaeb2d850a6771cd55f243f577e50a096f29e8275ff2d1a78af4d4

Code: [Select]

hxxp://anatolo.com/yukmhg654g.exemd5sum ===> 1fcfab6b5d4ec2035313360cd7cac5bb
SHA256 ===> 69c968697eec0f78ec212b082483a1e76b57cc2761375d281c5f631b3338f115
http://www.virustotal.com/analisis/69c968697eec0f78ec212b082483a1e76b57cc2761375d281c5f631b3338f115-1269336477
VT 5/41 (12.20%)

IP Location: Ukraine Pe Anton Kasminin
IP 193.104.253.32
AS29557

Code: [Select]

hxxp://onlinewebcenter.com/voderuber.binmd5sum ===> acd7f31f16e8bb05b1f9199ed079f523
SHA256 ===> 8b45113ce27cd4326a567aee306b61d2dcd5ee7ab2361b92e4e2f457b0cff95f

Code: [Select]

hxxp://onlinewebcenter.com/myn5f7jhg.exemd5sum ===> 6e3fe354a7ee5adfccb8d04db83e6eb8
SHA256 ===> 0ac346cabdb2fa578f745369048961726520bfc1dbced6fce7f74a1418fa6278
http://www.virustotal.com/analisis/0ac346cabdb2fa578f745369048961726520bfc1dbced6fce7f74a1418fa6278-1269337284
VT 3/42 (7.15%)

jackberri · March 23, 2010, 10:23:33 am

IP Location: Ukraine Pe Anton Kasminin
IP 193.104.253.32
AS29557

Code: [Select]

hxxp://bumfin.com/megusta.binmd5sum ===> 9179cad5fcd54c91abd2e24c8faf9ec6
SHA256 ===> 62d327ab8d8d5d0341d800705a2170da5f7c90b4521f04570bfe5afadfdd0c65

Code: [Select]

hxxp://bumfin.com/7uh48ug.exemd5sum ===> cbcdb8bb5b0cd5341a1d8775eb945f02
SHA256 ===> 6fd7b578d14321b376d263bf897c4faeadeda36ef32c38683a8c932899bd6eb3
http://www.virustotal.com/analisis/6fd7b578d14321b376d263bf897c4faeadeda36ef32c38683a8c932899bd6eb3-1269339454
VT 5/42 (11.91%)

Code: [Select]

hxxp://bumfin.com/o7ggh63.php
IP Location: Ukraine Pe Anton Kasminin
IP 193.104.253.32
AS29557

Code: [Select]

hxxp://whipsto.com/webcam.binmd5sum ===> 46394698798eb14ed173376fb25a4098
SHA256 ===> 9eaa6475bec484b18ca3ae4d4140861e909a56acc929e78e890ad4ae0e0fb8c4

Code: [Select]

hxxp://whipsto.com/gh6j54.exemd5sum ===> a878ea87634d804fbe7d38e81cb13e78
SHA256 ===> 1e25bfb15f230d74b65ac1e8a139d8d4c003667d44a469c96962c0e7618a2341
http://www.virustotal.com/analisis/1e25bfb15f230d74b65ac1e8a139d8d4c003667d44a469c96962c0e7618a2341-1269338747
VT 3/41 (7.32%)

Code: [Select]

hxxp://whipsto.com/ny4544.php

jackberri · March 23, 2010, 05:35:58 pm

IP Location United States - Pennsylvania - Scranton - Network Operations Center Inc
IP 66.197.238.154
[serv1.configdns.net]
AS21788

Code: [Select]

hxxp://linksonline.in/milo/config.binmd5sum ===> fc3f44ccc4b709eec6a56151e4121654
SHA256 ===> 10401245ead9698aa817f3ebe93d6905b70e678042e07b62d3a905ac5346f852

Code: [Select]

hxxp://linksonline.in/milo/bot.exemd5sum ===> 1e97a98dbc1a8b8d3008653fdefc7466
SHA256 ===> 7846708907273e4599a73d5923036b84b6b6b05f077936e02ee84bf263ba8515
http://www.virustotal.com/analisis/7846708907273e4599a73d5923036b84b6b6b05f077936e02ee84bf263ba8515-1269364975
VT 32/42 (76.2%)

Code: [Select]

hxxp://linksonline.in/milo/gate.php

jackberri · March 23, 2010, 08:10:35 pm

IP 188.124.5.111
[static.vitalhosting.com.tr]
ASN44565

Code: [Select]

hxxp://sitebuildera.com/m550933n/stat1.php
related malware:

Code: [Select]

hxxp://solaruploader.com/55ttr.exemd5sum ===> 769c38d76e3e99a0fbf4ea58b071b371
SHA256 ===> b6472da2cc868ec09c472acec226d95ac04e0a322db4b9b3ea61c38e5768435b
http://www.virustotal.com/analisis/b6472da2cc868ec09c472acec226d95ac04e0a322db4b9b3ea61c38e5768435b-1269296009
VT 5/42 (11.90%)

jackberri · March 24, 2010, 06:36:22 am

IP Location: Turkey - Vital Teknoloji - Vps Pool
IP 188.124.3.225
[static.vitalhosting.com.tr]
ASN44565

Code: [Select]

hxxp://seemyballs1.in/urla/c1.binmd5sum ===> 7edcd2bbd0da11290a026658963cbf0d
SHA256 ===> d416d024dfa6e1708d92b00fbbc698d447d0432f91da72dca0fde7034324196c

Code: [Select]

hxxp://seemyballs1.in/lol/lol.exemd5sum ===> fe4ee689d1e4acbe3cee39ad0cceb084
SHA256 ===> 74dc9ddcbce5239ab9738aa027908d453f4ae0313ea4fd18dfe3be0905b21853
http://www.virustotal.com/analisis/74dc9ddcbce5239ab9738aa027908d453f4ae0313ea4fd18dfe3be0905b21853-1269412335
VT 7/42 (16.67%)

Code: [Select]

hxxp://seemyballs1.in/urla/huh.php

jackberri · March 26, 2010, 11:02:28 am

IP Location: Taiwan - Feng Chia University
IP 140.134.32.136
AS1659

Code: [Select]

hxxp://www.stvparkcomputer.info/edu/trash3.binmd5sum ===> 0ce1d6d2983870930d0be45401d763fb
SHA256 ===> 4116bbb49e562fa3188dfed2a18387776f8e7e62c9b9e46441130ae2e679793a

IP Location: France - Amen France Network
IP 62.193.204.77
[vds-796511.amen-pro.com]
AS28677

Code: [Select]

hxxp://serraniasuroeste.org/images/abajo_f1.jpgmd5sum ===> f0447fd257bbd978710ac328bf3b957f
SHA256 ===> e4b4b60b98f0a94a21ab83dee18b4ca9c4c6d44f8ceba7689c3296dabd112204
http://www.virustotal.com/analisis/e4b4b60b98f0a94a21ab83dee18b4ca9c4c6d44f8ceba7689c3296dabd112204-1269596485
VT 19/42 (45.24%)

jackberri · March 26, 2010, 12:39:53 pm

Quote from: jackberri on March 26, 2010, 11:02:28 am

Code: [Select]
hxxp://serraniasuroeste.org/images/abajo_f1.jpg

dropzone (already listed):

Code: [Select]

hxxp://www.jokersimson.net/imagenes/index.php

jackberri · March 26, 2010, 07:41:32 pm

IP Location: Spain - Galicia - Redcoruna
IP 92.43.17.2
[hosting01.redcoruna.org]
AS44497

Code: [Select]

hxxp://miraquemono.com/tienda/wp-content/themes/default/images/kubricktop.jpgmd5sum ===> 3e471d6bad771c5f14c16d25272b5c86
SHA256 ===> bc85c4fe139f352c8ae5ce0909ce923dd39a89f8a0be9f6266f39b75acac33a4
http://www.virustotal.com/analisis/bc85c4fe139f352c8ae5ce0909ce923dd39a89f8a0be9f6266f39b75acac33a4-1269632296
VT 14/41 (34.15%)

jackberri · March 27, 2010, 07:41:49 am

IP Location: United States - Illinois - Chicago - Hostforweb Inc
IP 216.246.124.51
[hfw3.mdjunction.com]
AS23352

Code: [Select]

hxxp://bighappy.ru/bom/config.binmd5sum ===> 7030c2ae1938da1ae2cd7519ae39a863
SHA256 ===> 6db8507735c33c80520b00d67769b91b67fda649c740a2ef408c157848102eaa

Code: [Select]

hxxp://bighappy.ru/bom/bot.exemd5sum ===> a2dc97c4456a88b329eb96c4ded4da0a
SHA256 ===> 6fadab789bdc2d6ece787139725efb7e603c91acf6785882cd97ae1460d271e2
http://www.virustotal.com/analisis/6fadab789bdc2d6ece787139725efb7e603c91acf6785882cd97ae1460d271e2-1269674867
VT 28/42 (66.67%)

Code: [Select]

hxxp://bighappy.ru/bom/gate.php

Author Topic: New Zeus server (Read 386542 times)

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

SysAdMini

Re: New Zeus server

jackberri

Re: New Zeus server

SysAdMini

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server