Author Topic: New files for Zeus servers (Read 220531 times)

jackberri · March 25, 2010, 07:53:52 pm

hxxp://updateinfo22.com/bde/stb6.exemd5sum ===> 9b8d6163fcca17710b8f7d30ae51beb1 (old md5sum ===> ce2c35a269db1fd97122022223133af8)
SHA256 ===> 5e51016a6160c454258208a71281efd44b247bf8e798cf2b024a366d32decd95
http://www.virustotal.com/analisis/5e51016a6160c454258208a71281efd44b247bf8e798cf2b024a366d32decd95-1269546308
VT 4/38 (10.53%)

jackberri · March 26, 2010, 08:55:51 am

Code: [Select]

hxxp://cralertyit.net/3x/ff.exemd5sum ===> d092a9c4e9c8788dc6869398bcb85f9c
SHA256 ===> 71978587001d4e7edd9e01a8f01927bca371856592f4822374a419a0cade8171
http://www.virustotal.com/analisis/71978587001d4e7edd9e01a8f01927bca371856592f4822374a419a0cade8171-1269592426
VT 5/42 (11.91%)

related malware: Fake AV
IP Location: Netherlands Amsterdam Leaseweb B.v
IP 95.211.87.211
[hosted-by.leaseweb.com]
AS16265

Code: [Select]

hxxp://95.211.87.211/amg_dfgwhaqqr.exemd5sum ===> 975982060fdfc5fa8c6603b808bbcd2c
SHA256 ===> 51b30885c2b54452705a7efd84da689feca1ad855ba89e2e7e4ca22225f8e191
http://www.virustotal.com/analisis/51b30885c2b54452705a7efd84da689feca1ad855ba89e2e7e4ca22225f8e191-1269593174
VT 15/42 (35.72%)

other domains:

Code: [Select]

holiza.com

jackberri · March 27, 2010, 12:46:40 pm

Code: [Select]

hxxp://miraquemono.com/tienda/wp-content/themes/mqm/images/boton.jpgmd5sum ===> 0a2caff9bb0c4a6813bb8f62d5095ab6
SHA256 ===> e0505fb0fcbe3144d4ce0cb5c8c4fbaac176da4d9523adcd897fb05ffe80df90
http://www.virustotal.com/analisis/e0505fb0fcbe3144d4ce0cb5c8c4fbaac176da4d9523adcd897fb05ffe80df90-1269692084
VT 11/42 (26.19%)
related:

Code: [Select]

stvparkcomputer.info
jokersimson.net

jackberri · March 27, 2010, 08:02:44 pm

Code: [Select]

hxxp://tigerden.uppit.com/0110/ax8x40to/istealcrypt1.exemd5sum ===> cf74534a20045b99da764654eb2fa54e
SHA256 ===> e0505fb0fcbe3144d4ce0cb5c8c4fbaac176da4d9523adcd897fb05ffe80df90
http://www.virustotal.com/analisis/7a878e8dfc3f35f957740d0435afb3201922645a4eefbcd8233f0551e99a641e-1269300406

jackberri · March 28, 2010, 08:35:25 am

related zeus host

Code: [Select]

robul.net
IP Location: Netherlands - Rotterdam - Serverboost
IP 188.95.48.57
ASN49544

Code: [Select]

hxxp://pokaqr.com/ciereg.exemd5sum ===> 82c7d17f56724779ee8b3fe585624750
SHA256 ===> f0326f9a06cb1abc46691f80120d1d36a22a1229fb42312e78615a4f5fb50cf4
http://www.virustotal.com/analisis/f0326f9a06cb1abc46691f80120d1d36a22a1229fb42312e78615a4f5fb50cf4-1269664809
VT 2/42 (4.76%)

other domains:

Code: [Select]

anisore.com
madop.net
munaenet.info
pokaqr.biz
pokaqr.info
pokaqr.name
pokaqr.net
pokaqr.org
robul.net

jackberri · March 28, 2010, 07:29:04 pm

Code: [Select]

hxxp://lightobmen.ru/robo/gate.php

jackberri · March 29, 2010, 05:24:59 pm

Code: [Select]

hxxp://nudlkasnuls.com/ksa/ue.exemd5sum ===> 31f9a678693d5ca4f02ff52d0aa396f4
SHA256 ===> de0aff522c36dd8116188e311cf3c9589fa3af31bb4cda914250fe7c64211e6a
http://www.virustotal.com/analisis/de0aff522c36dd8116188e311cf3c9589fa3af31bb4cda914250fe7c64211e6a-1269882746
VT 5/42 (11.91%)
related malware

Code: [Select]

hxxp://nudlkasnuls.com/ksa/fi.exemd5sum ===> b99191e9022d1271c920a26261a4ab36
SHA256 ===> 288f3b49eb8fdae2f67de16e0bb58bf0e723c1fb097f7de52cf2c7c06199c1aa
http://www.virustotal.com/analisis/288f3b49eb8fdae2f67de16e0bb58bf0e723c1fb097f7de52cf2c7c06199c1aa-1269883135
VT 24/42 (57.15%)

jackberri · March 30, 2010, 04:17:43 pm

Code: [Select]

hxxp://66.197.237.165/g54ty/ukz.php

jackberri · April 01, 2010, 10:14:19 am

Code: [Select]

hxxp://estero89.ru/CP/banner.phprelated malware:

Code: [Select]

hxxp://estero89.ru/rapport.exemd5sum ===> 6973d7470fa960204fb0d3ac323c9c5e
SHA256 ===> cfdbb8ec000254680ea47026e78fa6626dbc9254706a59f7af55fcfddb2d3d96
http://www.virustotal.com/es/analisis/cfdbb8ec000254680ea47026e78fa6626dbc9254706a59f7af55fcfddb2d3d96-1270116459
VT 1/42 (2.39%)

jackberri · April 01, 2010, 06:49:49 pm

trojan Fake:

Code: [Select]

hxxp://agreement52.com/upd.exemd5sum ===> 90819fb12c8500f3d01403b006780f9b
SHA256 ===> b8cc2ae0f2c543ba3a0f0388274b4d6ab5cf0b475f9d9e7b67bee5fb0818c054
http://www.virustotal.com/es/analisis/b8cc2ae0f2c543ba3a0f0388274b4d6ab5cf0b475f9d9e7b67bee5fb0818c054-1270146911
VT 5/42 (11.90%)

Code: [Select]

hxxp://altchinatech.com/tea/shototo292.php

jackberri · April 04, 2010, 12:21:07 pm

Code: [Select]

hxxp://193.148.47.43/cp01/aiZ7sh.php

jackberri · April 04, 2010, 05:10:30 pm

Code: [Select]

hxxp://onlinelicensechecker.ru/check/egater.php

jackberri · April 11, 2010, 07:09:14 am

related already listed

Code: [Select]

vrabote.bizIP Location: Ukraine Odessa Llc Wnet
[grusha-92-60-177-253.hostinghutor.com]
AS15772

Code: [Select]

hxxp://92.60.177.253/4e4n/crypt_kill.exemd5sum ===> 1f202e5d915087bd9ff5058d7f0d4a1f
SHA256 ===> 9d77d87c62543484d990aa1c9f92c7ed51be698965f54e3833892a92ea188b21
http://www.virustotal.com/analisis/7065e09596c0ad4cca13f2dd4d0084940041be988c767c48366743d61d3884fb-1270826919
VT 0/39 (0.00%)

jackberri · April 12, 2010, 03:17:12 pm

Code: [Select]

hxxp://seclzzz.biz/f/load.nrgmd5sum ===> 908cc595dd2e33f007c29c5738dbb7ed
SHA256 ===> 7c85d64cf9e45c57cf82f22f86fabbb773995abd070d497ca30f878f7754d85e

jackberri · April 15, 2010, 01:01:41 pm

Code: [Select]

hxxp://outlawyoung972.org/out/gate.php

Author Topic: New files for Zeus servers (Read 220531 times)

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers