Malware Domain List

Malware Related => Malicious Domains => Topic started by: crunchtime on December 15, 2009, 03:50:30 pm

Title: virut variant
Post by: crunchtime on December 15, 2009, 03:50:30 pm
Sample:
hxxp://giopnon.cn/10.exe

Decent detection according to this webiste:
http://mtc.sri.com/live_data/cc_servers/

Title: Re: virut variant
Post by: crunchtime on December 15, 2009, 04:01:32 pm
Upon a closer look this infection also pulled down this executable code:
hxxp://wws.mobiec.net/zzxx.exe
hxxp://204.27.57.210/p1023/2.0/d.bin?
hxxp://colopin.cn/oc/box.txt
hxxp://maxdomzhit.com/file.exe
hxxp://q.kfgrtjer.cn:88/read.txt
hxxp://www.liagand.cn/img/la.gif
Title: Re: virut variant
Post by: SysAdMini on December 15, 2009, 04:33:55 pm
Upon a closer look this infection also pulled down this executable code:
hxxp://wws.mobiec.net/zzxx.exe
hxxp://204.27.57.210/p1023/2.0/d.bin?
hxxp://colopin.cn/oc/box.txt
hxxp://maxdomzhit.com/file.exe
hxxp://q.kfgrtjer.cn:88/read.txt
hxxp://www.liagand.cn/img/la.gif


I'm interested in more details. Do you have a log file or can I reproduce the download myself.

Is hxxp://giopnon.cn/10.exe the downloader for those files ?