Author Topic: New files for Zeus servers (Read 221467 times)

jackberri · March 01, 2011, 10:11:03 pm

http://token.128pro.net/cat.exe md5sum ===> 53fd3a5113e15b61383736c63cc0ccc0http://www.virustotal.com/file-scan/report.html?id=ccf40974428c4e5826c4cefb56dcfb617224afd2480522fb5f8625d5039492b7-1299017093
VT 13/43 (30.2%)

jackberri · March 07, 2011, 09:58:05 pm

Code: [Select]

http://bigupdates.ru/STo84RIUqiArouklU9/14iAcR.exe               md5sum ===> 0a769c0c73d4b13bd96c5e2f70759858
http://bigupdates.ru/STo84RIUqiArouklU9/mLacrouyo4s8lan.php

http://www.virustotal.com/file-scan/report.html?id=89e6a997ba18812f723d4c623bff2a77647bcf0d07dacf0282814928f481f711-1299534580
VT 10/43 (23.3%)

jackberri · March 09, 2011, 07:37:02 pm

IP Location: Azerbaijan - ADaNet-AS
AS15621

Code: [Select]

http://109.127.8.242/ar.exe md5sum ===> 4382c10d1c0e0566d835cc909207139dhttp://www.virustotal.com/file-scan/report.html?id=4a1b4959054005da9bc586921653094b7761e2bacd60dc2f4b9896333d7039f2-1299698709
VT 22/43 (51.2%)

jackberri · March 12, 2011, 08:09:29 pm

IP Location: Germany - NETDIRECT Leaseweb Germany GmbH
IP 188.72.230.232
AS28753
Name Server: ns1.iplatforma2020.ru. 188.72.230.232 ns2.iplatforma2020.ru. 78.159.122.22
Registrant/Email Registrant: Private Person/promo@iplatforma2020.ru

Code: [Select]

http://iplatforma2020.ru/wp-g/svo.bin               md5sum ===> a6d14a22edfa7bdc3d981c92cc412d3e
http://iplatforma2020.ru/wp-g/svo.php

IP Location: France - IKOULA Net SAS
IP 213.246.42.87
[25156hd42087.ikexpress.com]
AS21409

Code: [Select]

http://alpine-investments.com/zs/spencer1.bin md5sum ===> f89d7591a43d532852ddc7e507e349b9
IP Location: United States - PAH-INC Go Daddy Software, Inc.
IP 97.74.144.147
[p3nlh147.shr.prod.phx3.secureserver.net]
AS26496
Name Server: NS2.POWWEB.COM NS1.POWWEB.COM
Registrant/Email Registrant: Contactprivacy.com/meesheephotography.com@contactprivacy.com

Code: [Select]

meesheephotography.com/blog/wp-admin/blog-wp/config.bin               md5sum ===> 03b81cf65419ddd888359ff3eeffe9e5
http://meesheephotography.com/blog/wp-admin/blog-wp/gate.php

IP Location: Ukraine - UKRTELNET JSC UKRTELECOM
IP 195.64.184.61
[web29.ukraine.com.ua]
AS6849
Name Server: ns1.ukraine.com.ua ns2.ukraine.com.ua ns3.ukraine.com.ua

Code: [Select]

http://exp.exetsoft.org.ua/cfg2.bin               md5sum ===> 41b5f7183b5215e56137fab1202e8928
http://exp.exetsoft.org.ua/exe.exe                        md5sum ===> 4d592f466f256e32967e56e5611a309e
http://exp.exetsoft.org.ua/gate.php

http://www.virustotal.com/file-scan/report.html?id=83791e8d27edcfce84fde89e5ab163d61a8b07b1e0602a0e32f24ab66a21e18e-1299959645
VT 32/43 (74.4%)

related zeusbotnet malware:

Code: [Select]

http://195.80.151.194/jjnb4.exe md5sum ===> 7dc0c2fcbde2a1eaf7e6892ae1d4ff60http://www.virustotal.com/file-scan/report.html?id=2fdc6386754892442232f8b369e7316aca2c1d47c4ebca250efaf61c0c4dea3a-1299959768
VT 29/43 (67.4%)

Code: [Select]

http://91.212.135.158/svhost.exe md5sum ===> a91f2dc1019d2f4aac09c19025e06087http://www.virustotal.com/file-scan/report.html?id=1b7b35ee1b58f99e654a6597cf487a663a3026f030f1b540c472724331003390-1299960107
VT 18/43 (41.9%)

jackberri · March 14, 2011, 11:48:52 am

Code: [Select]

http://vdir.kz/zlu/zog.exe md5sum ===> 27ccad25e196d6c3cfd5ae0d0740969dhttp://www.virustotal.com/file-scan/report.html?id=50727b76fb9b1300ae2d0c057b143b314b96e8ffbc58b27ba228e6672e75d33c-1300090891
VT 38/43 (88.4%)

jackberri · March 27, 2011, 04:29:38 pm

zeus trojan updated

Code: [Select]

http://sorry.kz/stats/adobe.exe md5sum ===> 0614f16c93c1a0a5859161bc48ba826dhttp://www.virustotal.com/file-scan/report.html?id=2cdb66e3c609276b57b1255306769dd5c2bf72b924033301456454960e9497fe-1301243120
VT 24/43 (55.8%)

jackberri · March 31, 2011, 11:41:52 am

IP Location: Romania - RDSNET RCS & RDS S.A
AS8708

Code: [Select]

http://193.16.213.135/news/?s=27846  md5sum ===> 4777d530f76bd2070b810044a06d9f96
http://lnmslowohldorgvp.info/news/?s=27846  md5sum ===> 4777d530f76bd2070b810044a06d9f96
http://mrmdlomowlrpsxj.com/news/?s=27846  md5sum ===> 4777d530f76bd2070b810044a06d9f96
http://pliskmkoomlprvr.info/news/?s=27846  md5sum ===> 4777d530f76bd2070b810044a06d9f96
http://193.16.213.135/news/?s=6225  md5sum ===> c948d3451644c163623da2f54e2a901e
http://lnmslowohldorgvp.info/news/?s=6225  md5sum ===> c948d3451644c163623da2f54e2a901e
http://mrmdlomowlrpsxj.com/news/?s=6225  md5sum ===> c948d3451644c163623da2f54e2a901e
http://pliskmkoomlprvr.info/news/?s=6225  md5sum ===> c948d3451644c163623da2f54e2a901e

jackberri · April 03, 2011, 07:11:28 pm

IP Location: United States - THEPLANET-AS2
IP 174.120.5.94
[5e.5.78ae.static.theplanet.com]
AS21844
Name Server: NS2.CANCRIWEB.COM NS1.CANCRIWEB.COM
Registrant/Email Registrant: Cancri Technologies Private Limited/support@cancriweb.com

Code: [Select]

http://nandhotels.com/images/china.exe md5sum ===> 0663cc9f0ca65923a7acaad40ad0bf95http://www.virustotal.com/file-scan/report.html?id=e3869d9cc2f8f91632601caefc81f32f6dce44380a6d94a1ce741f06a0e27284-1301857068
VT 5/40 (12.5%)
related (already listed)

Code: [Select]

http://ellensinteriors.net/images/gallery/gallery34.jpg                 md5sum ===> 816af358367cc2b9ee90a65a1e42d632

jackberri · April 29, 2011, 10:44:32 pm

Code: [Select]

http://bloggersdays.com/1/cfg.bin           md5sum ===> 91e2a3ec688d08e03fe8814cab33fa93             
http://bloggersdays.com/1/ldr.exe           md5sum ===> 54c5bf08dee41f19d9fe0b4331c69520

http://www.virustotal.com/file-scan/report.html?id=79d83f7de39904940275a41839bcf6c8bb05c7315876b14970d9d8150ec1bc6f-1304116652
VT 33/41 (80.5%)

jackberri · April 30, 2011, 07:37:56 am

Code: [Select]

http://vastcoins.ru/iosindior.bin md5sum ===> b9e506a1bf8d98d40627a4260d4330cd

jackberri · May 01, 2011, 06:09:20 pm

IP Location: Russian Federation - RISS-AS JSC "RISS-Telecom" Network Novosibirsk
IP 80.66.67.230
[mx.sibiriada.nov.net]
AS20803
Name Server: NS1.FINANCIALPOET.COM | NS2.FINANCIALPOET.COM
Registrant/Email Registrant: Irnest Billb/admin@jetsetflysystems.asia

Code: [Select]

http://jetsetflysystems.asia/tpr11.img md5sum ===> 67f09d3a5e1b59c56a22b3e2104a42fa

Code: [Select]

http://igif.co.tv/sf/s.php

jackberri · May 04, 2011, 06:52:10 pm

Code: [Select]

http://vseponovoy.cc.im/zcontent/catalog/bin/upload/zip.exe                   md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7
http://vseponovoy.cc.im/zcontent/catalog/bin/upload/zip1.exe                  md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7

http://www.virustotal.com/file-scan/report.html?id=952ff332e74b9465cc8db296d4886982afee7b3ab45f80b7d49dc9b4964c3d5d-1304533577
VT 27/41 (65.9%)

jackberri · May 07, 2011, 02:56:19 pm

zeus trojan updated

Code: [Select]

http://tuk.kz/webpage/pdf.exe md5sum ===> ecdfecbae1bcc256fce0494f04afc974https://www.virustotal.com/file-scan/report.html?id=5859f961f95add784a76bd7eb1389fff4809287fb2ea1eb1f828e92fb79f924a-1304779390
VT 1/42 (2.4%)

jackberri · May 08, 2011, 03:26:42 pm

IP Location: United States - BIZLAND-ASN Endurance International Group, Inc.
IP 72.22.88.131
[vz17.securehostserver.com]
AS29873
Name Server: dns2.registrar-servers.com | dns1.registrar-servers.com | dns4.registrar-servers.com | dns5.registrar-servers.com | dns3.registrar-servers.com
Registrant/Email Registrant: Aurelia Michael/anunarudatewa@yahoo.com

Code: [Select]

http://72.22.88.131/news/?s=27846  md5sum ===> b7aa1f03f52a03fbaf5ad7cc4a2889cb
http://nlxpwojfyclqttu.biz/news/?s=27846  md5sum ===> b7aa1f03f52a03fbaf5ad7cc4a2889cb
http://72.22.88.131/news/?s=6225  md5sum ===> 1975d5cb42897c754e7917802ec0c2b7
http://nlxpwojfyclqttu.biz/news/?s=6225  md5sum ===> 1975d5cb42897c754e7917802ec0c2b7

IP Location: United States - BIZLAND-ASN Endurance International Group, Inc.
IP 72.22.88.132
[vz17.securehostserver.com]
AS29873
Name Server: dns2.registrar-servers.com | dns1.registrar-servers.com | dns4.registrar-servers.com | dns5.registrar-servers.com | dns3.registrar-servers.com
Registrant/Email Registrant: Rebecca Goggans/ronuxewedequluq@yahoo.com
Registrant/Email Registrant: Steven Hahn/ikinybyvetudufy@yahoo.com

Code: [Select]

http://72.22.88.132/news/?s=27846  md5sum ===> 1975d5cb42897c754e7917802ec0c2b7
http://lemeenqtmholqusj.biz/news/?s=27846  md5sum ===> 1975d5cb42897c754e7917802ec0c2b7
http://qwnjouixsft.info/news/?s=27846  md5sum ===> 1975d5cb42897c754e7917802ec0c2b7
http://72.22.88.132/news/?s=6225  md5sum ===> 58d20957b450ecc9520c315cfb604da5
http://lemeenqtmholqusj.biz/news/?s=6225  md5sum ===> 58d20957b450ecc9520c315cfb604da5
http://qwnjouixsft.info/news/?s=6225  md5sum ===> 58d20957b450ecc9520c315cfb604da5

jackberri · May 08, 2011, 07:09:54 pm

zeus trojan updated

Code: [Select]

http://obectloopotads.com/dez/dez.exe md5sum ===> 0e52f6df95a45ac6e954a349ebb78684http://www.virustotal.com/file-scan/report.html?id=892761e2dc6666827f0c1eb733375b19a1320cf6ebc65acf2b89d8d97483d26b-1304881493
VT 27/42 (45.2%)

Author Topic: New files for Zeus servers (Read 221467 times)

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers

jackberri

Re: New files for Zeus servers