Game Password Stealer Helper

[cmg]

http://ghterwa.com/xmfx/help1.rar http://www.threatexpert.com/report.aspx?md5=74441056e4ba6f3be0b4b9cc36991960

[MysteryFCM]

Do you have a copy of the file? (getting a login requirement when trying to access it)

[philipp]

This reminds me of the followng post, one year ago:
http://www.malwaredomainlist.com/forums/index.php?topic=2017.msg4457#msg4457

Code: [Select]

ghterwa.com A 221.1.204.243
www.microsoftmg.com A 221.1.204.243
www.mgmicrosoft.com A 221.1.204.245

others:

Code: [Select]

fdvx1.com A 221.1.204.243
aabb1122.com A 221.1.204.243
www.aabb1122.com A 221.1.204.243
dfvg2.com A 221.1.204.243
hjyuw2.com A 221.1.204.243
www.qwer123.com A 221.1.204.243
35465543.com A 221.1.204.243
hhgg3.com A 221.1.204.243
hgtr3.com A 221.1.204.243
www.hgtr3.com A 221.1.204.243
hjwx3.com A 221.1.204.243
zsde4.com A 221.1.204.243
caz56.com A 221.1.204.243
ghy67.com A 221.1.204.243
cscs7.com A 221.1.204.243
xaa88.com A 221.1.204.243
cdfg8.com A 221.1.204.243
ghterwa.com A 221.1.204.243
btddcc.com A 221.1.204.243
fh98d.com A 221.1.204.243
cderd.com A 221.1.204.243
vfyte.com A 221.1.204.243
23drf.com A 221.1.204.243
microsoftmg.com A 221.1.204.243
www.microsoftmg.com A 221.1.204.243
tvtvmg.com A 221.1.204.243
www.tvtvmg.com A 221.1.204.243
fg67i.com A 221.1.204.243
djcndj.com A 221.1.204.243
vdmjl.com A 221.1.204.243
cdfko.com A 221.1.204.243
vfgtyp.com A 221.1.204.243
fcswr.com A 221.1.204.243
vbfdt.com A 221.1.204.243
qwdghu.com A 221.1.204.243
gthju.com A 221.1.204.243
35mju.com A 221.1.204.243
bfrtu.com A 221.1.204.243
mgaazz.com A 221.1.204.243
(http://www.bfk.de/bfk_dnslogger.html?query=221.1.204.243)

Code: [Select]

464fg.org A 221.1.204.245
nde11.com A 221.1.204.245
nhjuy1.com A 221.1.204.245
ere232.com A 221.1.204.245
www.ere232.com A 221.1.204.245
cdfyw3.com A 221.1.204.245
vfqa4.com A 221.1.204.245
zxs35.com A 221.1.204.245
www.gdgft76.com A 221.1.204.245
bgty7.com A 221.1.204.245
mjvd9.com A 221.1.204.245
13opd.com A 221.1.204.245
ngytrd.com A 221.1.204.245
3344g.com A 221.1.204.245
www.3344g.com A 221.1.204.245
crasg.com A 221.1.204.245
swervg.com A 221.1.204.245
hjkio.com A 221.1.204.245
yklop.com A 221.1.204.245
jjckr.com A 221.1.204.245
dc21s.com A 221.1.204.245
vfgbs.com A 221.1.204.245
d34ft.com A 221.1.204.245
www.mgmicrosoft.com A 221.1.204.245
vfbgt.com A 221.1.204.245
gygybit.com A 221.1.204.245
vdswrt.com A 221.1.204.245
16mju.com A 221.1.204.245
bhj4w.com A 221.1.204.245
www.dgdh566.net A 221.1.204.245
www.2323aaa.net A 221.1.204.245
(http://www.bfk.de/bfk_dnslogger.html?query=221.1.204.245)

Files help.rar and help1.rar are still accessible on hxxp://www.mgmicrosoft.com/xmfx/
New md5sums:
756593f07dcf86e4e8d2de293aaa8466  help.rar
fc8ddefbbbc671d367d3aee5d4c32cb0  help1.rar

I also still have the old files somewhere, if needed.

Regards,
Philipp

[MysteryFCM]

Cheers

[cmg]

Do you have a copy of the file? (getting a login requirement when trying to access it)

Sorry, I don't.  Most of my malware is fetched via IDS references. If you go the long route, figure out who did the original signature via emerging threats and you can at least get an early copy of it.

[MysteryFCM]

No worries