Author Topic: SpyEye C&C &files  (Read 41428 times)

0 Members and 1 Guest are viewing this topic.

May 02, 2011, 11:21:02 am
Reply #75

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  United States - PEER1 Network Inc.
IP 69.194.160.223
AS13768
Name Server: ns.co.cc | ns4.co.cc
Code: [Select]
http://turaminich.co.cc/zcontent/catalog/bin/config.bin                       md5sum ===> 5949ac2f77b2f9c2c0f596356d697015
http://turaminich.co.cc/zcontent/catalog/bin/rar.exe                          md5sum ===> afaa4d808896b568f7740b81ec684a26           
http://turaminich.co.cc/zcontent/catalog/bin/upload/zip.exe                   md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7
http://turaminich.co.cc/zcontent/catalog/bin/upload/zip1.exe                  md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7
http://turaminich.co.cc/zcontent/catalog/bin/upload/zip11.exe                 md5sum ===> afaa4d808896b568f7740b81ec684a26
http://turaminich.co.cc/zcontent/catalog/
http://www.virustotal.com/file-scan/report.html?id=c05a6d1c80fe80c07b1915a57d69a82c44c93b6e01720d1e966203d3ae3283bf-1304334489
VT 21/42 (50.0%)
http://www.virustotal.com/file-scan/report.html?id=952ff332e74b9465cc8db296d4886982afee7b3ab45f80b7d49dc9b4964c3d5d-1304334538
VT 18/40 (45.0%)

May 02, 2011, 06:20:35 pm
Reply #76

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://turaminich.co.cc/zcontent/catalog/bin/upload/zip.exe                   md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7
http://turaminich.co.cc/zcontent/catalog/bin/upload/zip1.exe                  md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7

These 2 files are Zeus. Related urls are: http://www.malwaredomainlist.com/mdl.php?search=vseponovoy.cc.im&colsearch=All&quantity=50

Ruining the bad guy's day

May 04, 2011, 06:50:55 pm
Reply #77

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
These 2 files are Zeus. Related urls are: http://www.malwaredomainlist.com/mdl.php?search=vseponovoy.cc.im&colsearch=All&quantity=50

You're right ;)
I was wrong  >:(

More:
Code: [Select]
http://vseponovoy.cc.im/zcontent/catalog/bin/rar.exe                          md5sum ===> afaa4d808896b568f7740b81ec684a26   
http://www.virustotal.com/file-scan/report.html?id=c05a6d1c80fe80c07b1915a57d69a82c44c93b6e01720d1e966203d3ae3283bf-1304534303
VT 27/42 (64.3%)

May 17, 2011, 11:32:23 am
Reply #78

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  United States - MAXIM Maxim Computer Systems Corp
IP 66.40.52.59
AS11388
Name Server: dns1.freehostia.com | dns2.freehostia.com
Code: [Select]
http://school28.freehostia.com/gate3/main/bin/upload/build.exe                  md5sum ===> e3bb1168bacc67e4d85db2fc20e3f214
http://school28.freehostia.com/gate3/main/gate.php
http://www.virustotal.com/file-scan/report.html?id=9162cfa37c6852dd056fab676f3e862c7599425b251294a14e9b70f7910140ae-1305631259
VT 38/43 (88.4%)

October 15, 2011, 09:29:01 am
Reply #79

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - NOC - Network Operations Center Inc.
IP 173.212.225.24
[173-212-225-24.static.hostnoc.net]
AS21788
Name Server: PRIMARYNS.KIEV.UA | NS.SECONDARY.NET.UA
Registrant/Email Registrant: Proxy Private Registration/atlanticafilms.com@whoisprotectservice.net
Code: [Select]
hxxp://atlanticafilms.com/main/gate.php