Malware Domain List

Malware Related => Malicious Domains => Topic started by: jackberri on July 05, 2010, 08:24:08 am

Title: SpyEye C&C &files
Post by: jackberri on July 05, 2010, 08:24:08 am
IP Location: Canada  - NETEL-ARIN-BLK04 - NETELLIGENT Hosting Services Inc.
AS10929
Code: [Select]
hxxp://68.71.51.162/admin/bin/config.binmd5sum ===> a0d20632a82f87ef296bf512843b8cf7
SHA256 ===>  299b12f5c6e9613892f7afd8c3f6429c25999b4f0aae7ffe6f1b5a7f838ef4c4
Code: [Select]
hxxp://68.71.51.162/admin/bin/limited.exemd5sum ===> 8fd47a5210d42224d1f4e177adc819a6
SHA256 ===>  fd2cac4f6fa11bd42b93eea9e5004f5fb8c6f96f5b2d42249583cb1409a8f697
http://www.virustotal.com/es/analisis/fd2cac4f6fa11bd42b93eea9e5004f5fb8c6f96f5b2d42249583cb1409a8f697-1278315236 (http://www.virustotal.com/es/analisis/fd2cac4f6fa11bd42b93eea9e5004f5fb8c6f96f5b2d42249583cb1409a8f697-1278315236)
VT 3/41 (7.32%)
Code: [Select]
hxxp://68.71.51.162/admin/gate.php
IP Location: Russian Federation  - NEVAL - TELENETSIA-AS Telenet SIA
IP 91.212.198.180
AS24589
Registrant/Registrant Email: Artem Belkin/hironakamuraeye@gmail.com
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/build.exemd5sum ===> 0d2bb2aee263ebf1d0ffed66aaf8cb8d
SHA256 ===>  4d167222d25f307fa1bf8c6f42a2daa5c833355c292d0d62187592cc19072164
http://www.virustotal.com/es/analisis/4d167222d25f307fa1bf8c6f42a2daa5c833355c292d0d62187592cc19072164-1278315442 (http://www.virustotal.com/es/analisis/4d167222d25f307fa1bf8c6f42a2daa5c833355c292d0d62187592cc19072164-1278315442)
VT 11/41 (26.83%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/outback.exemd5sum ===> 7d30619f84b00347404462729b1ba235
SHA256 ===>  0195e1aa3127f30523cd4bbed0b2b054090b78330722e95ae82bc5a40f5b3a65
http://www.virustotal.com/es/analisis/0195e1aa3127f30523cd4bbed0b2b054090b78330722e95ae82bc5a40f5b3a65-1278315625 (http://www.virustotal.com/es/analisis/0195e1aa3127f30523cd4bbed0b2b054090b78330722e95ae82bc5a40f5b3a65-1278315625)
VT 7/41 (17.08%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/outlook.exemd5sum ===> ee6f4473e3704e4e2b4564668b1edef5
SHA256 ===>  46c4740b701213c1b27fece35d02cf8a9e200ac14661d7c196c535febca7577b
http://www.virustotal.com/es/analisis/46c4740b701213c1b27fece35d02cf8a9e200ac14661d7c196c535febca7577b-1278315846 (http://www.virustotal.com/es/analisis/46c4740b701213c1b27fece35d02cf8a9e200ac14661d7c196c535febca7577b-1278315846)
VT 9/40 (22.5%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/upload/nomixed.exemd5sum ===> 75a2e24420bb92125ff32e3354ad6c46
SHA256 ===>  481cc3b344cee60924d706019deb13b432a51a31b342cf8df034a8cc91334866
http://www.virustotal.com/es/analisis/481cc3b344cee60924d706019deb13b432a51a31b342cf8df034a8cc91334866-1278316140 (http://www.virustotal.com/es/analisis/481cc3b344cee60924d706019deb13b432a51a31b342cf8df034a8cc91334866-1278316140)
VT 17/41 (41.47%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/upload/nomixed2.exemd5sum ===> 491e8f143c1f54bcb457915dabff504e
SHA256 ===>  f0df68e7c001380ec6842905b126b91908e8d7618989a53900f47abb12719fae
http://www.virustotal.com/es/analisis/f0df68e7c001380ec6842905b126b91908e8d7618989a53900f47abb12719fae-1278316383 (http://www.virustotal.com/es/analisis/f0df68e7c001380ec6842905b126b91908e8d7618989a53900f47abb12719fae-1278316383)
VT 14/41 (34.15%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/upload/mixed.exemd5sum ===> 80f24344e0424cc345a62d2ea6d7c353
SHA256 ===>  cd0d00960f3488d0fa3f04274758dd91c5869d46b888022d8ceec5c62bc59749
http://www.virustotal.com/es/analisis/cd0d00960f3488d0fa3f04274758dd91c5869d46b888022d8ceec5c62bc59749-1278316492 (http://www.virustotal.com/es/analisis/cd0d00960f3488d0fa3f04274758dd91c5869d46b888022d8ceec5c62bc59749-1278316492)
VT 23/41 (56.1%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/upload/mixed2.exemd5sum ===> d6a6432ae0ea1de2f216ad8bcfe81aa1
SHA256 ===>  3c8324705799ef0f33efd97f314fb1d61c78b6b8d1b75bdf88f701ea5a622ba7
http://www.virustotal.com/es/analisis/3c8324705799ef0f33efd97f314fb1d61c78b6b8d1b75bdf88f701ea5a622ba7-1278316622 (http://www.virustotal.com/es/analisis/3c8324705799ef0f33efd97f314fb1d61c78b6b8d1b75bdf88f701ea5a622ba7-1278316622)
VT 22/41 (53.66%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/upload/update060610.exemd5sum ===> 0e8756a7e7f1cc3e43e129f475ee89ef
SHA256 ===>  093852a0560bd2d0a0278347ed79247c929f4ce82528e2620a79f05ec5b42686
http://www.virustotal.com/es/analisis/093852a0560bd2d0a0278347ed79247c929f4ce82528e2620a79f05ec5b42686-1278316744 (http://www.virustotal.com/es/analisis/093852a0560bd2d0a0278347ed79247c929f4ce82528e2620a79f05ec5b42686-1278316744)
VT 2/41 (4.88%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/gate.php
IP Location: China  - CHINANET-BJ-METRO BeijingTelecom
IP 113.11.194.137
AS4847
Registrant/Registrant Email: Peter Pitkin/pparkst@yahoo.com
Code: [Select]
hxxp://peosoe.com/spa/mn/bin/cfg.bin
Code: [Select]
hxxp://peosoe.com/spa/mn/bin/config.binmd5sum ===> 58ecf7c87760cd2bae8ed0fb2a5cd12c
SHA256 ===>  a9caad5cb4926d88ec94c432ecbcae22770e75d11c78974b19f1bfd7df823c08
Code: [Select]
hxxp://peosoe.com/spa/mn/bin/build.exemd5sum ===> 60a72cc7992f896d4ea004b91bf400aa
SHA256 ===>  ccaf35873d614a4bb15c59ddcef582474529caddd0c1198ad76e33fda0037358
http://www.virustotal.com/es/analisis/ccaf35873d614a4bb15c59ddcef582474529caddd0c1198ad76e33fda0037358-1278316985 (http://www.virustotal.com/es/analisis/ccaf35873d614a4bb15c59ddcef582474529caddd0c1198ad76e33fda0037358-1278316985)
VT 22/41 (53.66%)
Code: [Select]
hxxp://peosoe.com/spa/mn/gate.php
IP Location: Ukraine  - Pe Volovik Elena Sergiyvna
IP 193.105.174.48
AS196954
Registrant/Registrant Email: Miroslaw Rutkowski/vikingg1981@gmail.com
Code: [Select]
hxxp://abrakodabra12345.com/sp3a/gate.php
Code: [Select]
hxxp://eu-analytics.com/sp4a/bin/config.binmd5sum ===> adc1ec5e84c0d651a3b5fe30ee1f4339
SHA256 ===>  baaf99f8cfb868dc2c15c46610d9b8f82c0583750884bfc0b266ea2186daa735
Code: [Select]
hxxp://eu-analytics.com/sp4a/bin/2_ns4.exe.crypted.exemd5sum ===> 4fa5bd5e2b1bd86e7d4d3a738527308e
SHA256 ===>  5ca47e1f7840838b172616dab7918b488a07c045790f7542e8993ca5667d711c
http://www.virustotal.com/es/analisis/5ca47e1f7840838b172616dab7918b488a07c045790f7542e8993ca5667d711c-1278317233 (http://www.virustotal.com/es/analisis/5ca47e1f7840838b172616dab7918b488a07c045790f7542e8993ca5667d711c-1278317233)
VT 14/41 (34.15%)
Code: [Select]
hxxp://eu-analytics.com/sp4a/space.php

Title: Re: SpyEye C&C &files
Post by: jackberri on July 07, 2010, 09:42:54 am
IP Location: Netherlands  - CUSTOMERPANEL-BLK-217-23-0-0 - WorldStream
IP 217.23.7.182
AS49981
Registrant/Registrant Email: Dale Fitting/dale@coundnes.com
Code: [Select]
hxxp://coundnes.com/cache/bin/config.binmd5sum ===> c1f99256947a1bde8ba1dba752304f48
SHA256 ===>  d291a7639f907ca6f3e083bc08d141f88c27d3988d749f5209886c3a570b20dc
Code: [Select]
hxxp://coundnes.com/cache/bin/build.exemd5sum ===> 929e28700c607cb71a188a1811e2de0b
SHA256 ===>  51f01c1f688d6d032dde73bbaa2169b9376e9122b9547f84da99dfed0565dd6f
http://www.virustotal.com/es/analisis/51f01c1f688d6d032dde73bbaa2169b9376e9122b9547f84da99dfed0565dd6f-1278494315 (http://www.virustotal.com/es/analisis/51f01c1f688d6d032dde73bbaa2169b9376e9122b9547f84da99dfed0565dd6f-1278494315)
VT 8/41 (19.52%)
Code: [Select]
hxxp://coundnes.com/cache/gate.php
IP Location: Netherlands  - CUSTOMERPANEL-BLK-217-23-0-0 - WorldStream
IP 217.23.7.182
AS49981
Registrant/Registrant Email: Cornelia Foster/dns@managna.com
Code: [Select]
hxxp://managna.com/cache/bin/config.binmd5sum ===> c1f99256947a1bde8ba1dba752304f48
SHA256 ===>  d291a7639f907ca6f3e083bc08d141f88c27d3988d749f5209886c3a570b20dc
Code: [Select]
hxxp://managna.com/cache/bin/build.exemd5sum ===> 929e28700c607cb71a188a1811e2de0b
SHA256 ===>  51f01c1f688d6d032dde73bbaa2169b9376e9122b9547f84da99dfed0565dd6f
http://www.virustotal.com/es/analisis/51f01c1f688d6d032dde73bbaa2169b9376e9122b9547f84da99dfed0565dd6f-1278494315 (http://www.virustotal.com/es/analisis/51f01c1f688d6d032dde73bbaa2169b9376e9122b9547f84da99dfed0565dd6f-1278494315)
VT 8/41 (19.52%)
Code: [Select]
hxxp://managna.com/cache/gate.php
Code: [Select]
hxxp://eu-analytics.com/sp4a/bin/1_sp4a_new.exe.crypted.exemd5sum ===> c92ba6ce203e4ff492c22ed6ae9044e4
SHA256 ===>  2f285d081cccd903b943d8b59ba1e0c5260dca985ed42e38078d7ee41a87c02f
http://www.virustotal.com/es/analisis/2f285d081cccd903b943d8b59ba1e0c5260dca985ed42e38078d7ee41a87c02f-1278394299 (http://www.virustotal.com/es/analisis/2f285d081cccd903b943d8b59ba1e0c5260dca985ed42e38078d7ee41a87c02f-1278394299)
VT 33/41 (80.49%)
Title: Re: SpyEye C&C &files
Post by: jackberri on July 08, 2010, 07:15:35 pm
IP Location: United States  - Comcast Cable Communications, Inc. - FDCSERVERS AS for FDC Servers
IP 76.73.100.10
AS30058
Registrant/Registrant Email: sun qiang/81285588@163.com
Code: [Select]
hxxp://silajopa.com/tpsa/swen/trais.exe
hxxp://perejopa.com/tpsa/swen/trais.exe
md5sum ===> 3e62e0307d29dae196e7d408a3ac5303
SHA256 ===>  2a513ea62f7fa990126805bfb411a3735746dd82b723ebe8cfcc2aa03ba7b1ba
http://www.virustotal.com/es/analisis/2a513ea62f7fa990126805bfb411a3735746dd82b723ebe8cfcc2aa03ba7b1ba-1278579988 (http://www.virustotal.com/es/analisis/2a513ea62f7fa990126805bfb411a3735746dd82b723ebe8cfcc2aa03ba7b1ba-1278579988)
VT 8/41 (19.52%)
Code: [Select]
hxxp://silajopa.com/tpsa/swar/f2.exe
hxxp://perejopa.com/tpsa/swar/f2.exe
md5sum ===> 812aae1e74301e557a5b6e6446b6d936
SHA256 ===>  2085422864106be1f65a9867c9b956a8e9917bb577b2f74ed9bcdd6f6b974a55
http://www.virustotal.com/es/analisis/2085422864106be1f65a9867c9b956a8e9917bb577b2f74ed9bcdd6f6b974a55-1278580254 (http://www.virustotal.com/es/analisis/2085422864106be1f65a9867c9b956a8e9917bb577b2f74ed9bcdd6f6b974a55-1278580254)
VT 6/41 (14.64%)
Code: [Select]
hxxp://silajopa.com/tpsa/gate/data.phprelated:
Code: [Select]
hxxp://76.73.100.10/
Title: Re: SpyEye C&C &files
Post by: jackberri on July 13, 2010, 03:42:15 pm
IP Location: Russian Federation  - VLine Telecom Block Moscow - VLTELECOM-AS
IP 109.196.134.49
AS39150
Registrant/Registrant Email: Denis Osipov/admin@nerukabbcompany.com
Code: [Select]
hxxp://nerukabbcompany.com/fgdhfgvcryegf/bin/config.binmd5sum ===> 7eb23f2cc64d2331704e1a3adaa4a000
SHA256 ===>  af53066e52277f8adcf310dbf74d496b9115aa9e2acf6d351e6dc18111b4f167
Code: [Select]
hxxp://nerukabbcompany.com/fgdhfgvcryegf/bin/build.exe.crypted.exemd5sum ===> 5964e3b648f805106f7d289c275e6478
SHA256 ===>  d0a9555c9fa150e5f07f0a643deff73dbf96f7219d4c18aaad7129213ffb014a
http://www.virustotal.com/es/analisis/d0a9555c9fa150e5f07f0a643deff73dbf96f7219d4c18aaad7129213ffb014a-1279034553 (http://www.virustotal.com/es/analisis/d0a9555c9fa150e5f07f0a643deff73dbf96f7219d4c18aaad7129213ffb014a-1279034553)
VT 18/42 (42.86%)
Code: [Select]
hxxp://nerukabbcompany.com/fgdhfgvcryegf/bin/build_cry.exemd5sum ===> adf5f0c510260c48f05b2f85874821c2
SHA256 ===>  b8fdb71ad797b39529853527058b9e83150bb92f04775851fca039414a61c00c
http://www.virustotal.com/es/analisis/b8fdb71ad797b39529853527058b9e83150bb92f04775851fca039414a61c00c-1279034926 (http://www.virustotal.com/es/analisis/b8fdb71ad797b39529853527058b9e83150bb92f04775851fca039414a61c00c-1279034926)
VT 19/42 (45.24%)
Code: [Select]
hxxp://nerukabbcompany.comfgdhfgvcryegf/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on July 13, 2010, 08:23:09 pm
Code: [Select]
[code]hxxp://peosoe.com/spa/mn/bin/tess.exemd5sum ===> 42df0e42a8269f513d8fb7f25d9eabe7
SHA256 ===>  efd7ceaa3da72defc647d5631a359db01a9172b91f8022532cf4ab629f2a7e33
http://www.virustotal.com/es/analisis/efd7ceaa3da72defc647d5631a359db01a9172b91f8022532cf4ab629f2a7e33-1279050731
VT 7/41 (16.67%)

Code: [Select]
hxxp://217.23.7.21/cache/bin/config.binmd5sum ===> 91a8eb4939c5afcb5ca878e9a65bf650
SHA256 ===>  29a053b6090705419ffa5c9d90701ae06efa10193c3515daca27914ce80fdb0d
Code: [Select]
hxxp://217.23.7.21/cache/bin/build.exemd5sum ===> 622f8d6d65aa9dd019070c247cdebb6e
SHA256 ===>  cd31a4d636e5ced7d93bea2a484cfa788738a20896a57050f4003f729374154c
http://www.virustotal.com/es/analisis/cd31a4d636e5ced7d93bea2a484cfa788738a20896a57050f4003f729374154c-1279052050
VT 16/42 (38.1%)
[url]http://217.23.7.21/cache/gate.php[/code]
Title: Re: SpyEye C&C &files
Post by: jackberri on July 16, 2010, 07:29:12 am
IP Location: Russian Federation  - ISPsystem-RU - ISPSYSTEM-AS ISPsystem Autonomous System
IP 82.146.60.19
[ritarkon.fvds.ru]
AS29182
Code: [Select]
hxxp://spys.fvds.ru/admink/bin/config.binmd5sum ===> dd8151c211a39ea8668266baeb720bad
SHA256 ===>  4ba0ae91e7cb397e2865651313fcaff1f4686288f9ee52a1b0869491a9803cbb
Code: [Select]
hxxp://spys.fvds.ru/admink/bin/build.exemd5sum ===> 9aa97f0b7ea203dcddad5e4015d2ecfe
SHA256 ===>  5a405d9b531df198ca10243629cfca0286795a786bb15a2ed3ce9ea9ae15d574
http://www.virustotal.com/es/analisis/5a405d9b531df198ca10243629cfca0286795a786bb15a2ed3ce9ea9ae15d574-1279263125 (http://www.virustotal.com/es/analisis/5a405d9b531df198ca10243629cfca0286795a786bb15a2ed3ce9ea9ae15d574-1279263125)
VT 22/42 (52.39%)
Code: [Select]
hxxp://spys.fvds.ru/admink/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on July 24, 2010, 07:11:09 pm
IP Location:  Russian Federation - NEVAL - NEVAL PE Nevedomskiy Alexey Alexeevich
IP 91.212.198.60
AS49314
Registrant/Registrant Email: Artem Belkin/hironakamuraeye@gmail.com
Code: [Select]
hxxp://wardefer.com/warrior/bin/mih.exemd5sum ===> e19a3ee2f2dd73993265f45037876475
http://www.virustotal.com/es/analisis/75ef2cb14efacf51b0fb45f55778c4c9e3e92cab7bce5dd393a5eee1873ff073-1279994111 (http://www.virustotal.com/es/analisis/75ef2cb14efacf51b0fb45f55778c4c9e3e92cab7bce5dd393a5eee1873ff073-1279994111)
VT 2/42 (4.77%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/outcast.exemd5sum ===> 42dbf8a268334936a6297eb638e175de
http://www.virustotal.com/es/analisis/cdeca9222733e6c90f758146da88c66ce25bf94c168ead4cd5e9c53b9dd04c67-1279994264 (http://www.virustotal.com/es/analisis/cdeca9222733e6c90f758146da88c66ce25bf94c168ead4cd5e9c53b9dd04c67-1279994264)
VT 15/42 (35.72%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/outpost.exemd5sum ===> bb720867a1800e6f9cb5f8f0cd10c746
http://www.virustotal.com/es/analisis/d3b91745a9a053cc00115133fb438133fc12913d5b12b837017ce80cdd7c70f0-1279994335 (http://www.virustotal.com/es/analisis/d3b91745a9a053cc00115133fb438133fc12913d5b12b837017ce80cdd7c70f0-1279994335)
VT 3/42 (7.15%)

Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/Hiro.exemd5sum ===> 63368d609c1e62f1e4deeade5eb0140b
http://www.virustotal.com/es/analisis/4848a0d94f427f2c2dac8c24f30f7bfeffc8e20f1dda6a55642959f89b562453-1279994510 (http://www.virustotal.com/es/analisis/4848a0d94f427f2c2dac8c24f30f7bfeffc8e20f1dda6a55642959f89b562453-1279994510)
VT 18/42 (42.86%)

Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/Hiro1.exemd5sum ===> 4097fcd673779aa65a41c12ba1495a88
http://www.virustotal.com/es/analisis/a218fec270b65d7966eaa0414c48846019e391d57a32c9627d7359290fca0549-1279994624 (http://www.virustotal.com/es/analisis/a218fec270b65d7966eaa0414c48846019e391d57a32c9627d7359290fca0549-1279994624)
VT 21/42 (50%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/Hiro12.exemd5sum ===> adea4413512a5015f2f1fc77ddfc55ab
http://www.virustotal.com/es/analisis/d6a5951768f43e74303a4fbbb2da50a160521bf954d3b7b99bfec46044e99e35-1279994844 (http://www.virustotal.com/es/analisis/d6a5951768f43e74303a4fbbb2da50a160521bf954d3b7b99bfec46044e99e35-1279994844)
VT 20/42 (47.62%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/setup2201.exe
hxxp://wardefer.com/warrior/bin/upload/setup22012.exe
hxxp://wardefer.com/warrior/bin/upload/setup2201234.exe
md5sum ===> 30d6e1d6746eb1877dbbf1ff7c5343b1
http://www.virustotal.com/analisis/fc498af2a519e56d1968bcd5490fa290f17038a366d147e8afce591437e2ad35-1279994884 (http://www.virustotal.com/analisis/fc498af2a519e56d1968bcd5490fa290f17038a366d147e8afce591437e2ad35-1279994884)
VT 19/42 (45.24%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/setup2211.exe
hxxp://wardefer.com/warrior/bin/upload/setup221123.exe
md5sum ===> 9f8d2f870b0f35cc3400a95d188b624b
http://www.virustotal.com/es/analisis/cd430edc072bc83267ecb94973480f741fa8ad92be1848f3ef93839694ec8a6d-1279995458 (http://www.virustotal.com/es/analisis/cd430edc072bc83267ecb94973480f741fa8ad92be1848f3ef93839694ec8a6d-1279995458)
VT 19/42 (45.24%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/setup22112.exemd5sum ===> 543bfab41657e7d724ab37f51b13c5dc
http://www.virustotal.com/es/analisis/1eae7cade29ee08f6ca5ffecf3ca03ebb3edacabf24d17f1793ac21d9234bc8c-1279995657 (http://www.virustotal.com/es/analisis/1eae7cade29ee08f6ca5ffecf3ca03ebb3edacabf24d17f1793ac21d9234bc8c-1279995657)
VT 25/42 (59.53%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/setup220123.exemd5sum ===> dfa43b1200bc911e854e5977506b9d6d
http://www.virustotal.com/es/analisis/fe0b048b73bbf13e54490b13ebf1af6d9a3f5b010ada14c8aee0ba0edf62b179-1279995720 (http://www.virustotal.com/es/analisis/fe0b048b73bbf13e54490b13ebf1af6d9a3f5b010ada14c8aee0ba0edf62b179-1279995720)
VT 26/42 (61.91%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/rp.php




IP Location: Colombia - NEWWORLDNETWORK
IP 190.242.65.134
AS23520
Registrant/Registrant Email: Whoisprotection.cc/reg_883388@whoisprotection.cc
Code: [Select]
hxxp://secure-checking.com/admmm/bin/config.binmd5sum ===> fdda11475bdbcf80f57d22e46045f34c
Code: [Select]
hxxp://secure-checking.com/admmm/bin/build.exemd5sum ===> 556a74b813ffdfb9a3c0db849d1dbdb6
http://www.virustotal.com/es/analisis/25676e68dd3a3579e850a95421a0609b6f81e5863cbba5defbed4bb0ff32110f-1279283850 (http://www.virustotal.com/es/analisis/25676e68dd3a3579e850a95421a0609b6f81e5863cbba5defbed4bb0ff32110f-1279283850)
VT 15/42 (35.72%)



IP Location: Ukraine  - Pe Volovik Elena Sergiyvna
IP 193.105.174.29
AS196954
Registrant Email: admin@acidsource.com
Code: [Select]
hxxp://acidsource.com/cp/bin/config.binmd5sum ===> ec272ecb2448f6855826a6c3fa98d4d5
Code: [Select]
hxxp://acidsource.com/cp/gate.php

Code: [Select]
hxxp://peosoe.com/spa/mn/big/upss.binmd5sum ===> 7910eff0b47c4e4368e40ab4682f81d2
Title: Re: SpyEye C&C &files
Post by: jackberri on July 27, 2010, 07:55:52 pm
IP Location: Moldova - Najada route - INTERACTIVE3D-AS
IP 91.216.122.102
AS49544
Registrant/Registrant Email: John Smith/transfers-auth@wnames.co.uk
Code: [Select]
hxxp://googlemaps3.com/google/bin/config.binmd5sum ===> cd349a12e942edf8a1092ef9c6f1e2c6
Code: [Select]
hxxp://googlemaps3.com/google/bin/build.exemd5sum ===> bb0b0042f0fa212354f1b147e2d3bbce
http://www.virustotal.com/es/analisis/fd5b1ab7d76871245a4e11f86da9cc58daac91701062b18a37fa0deb42c3f4c7-1280259859 (http://www.virustotal.com/es/analisis/fd5b1ab7d76871245a4e11f86da9cc58daac91701062b18a37fa0deb42c3f4c7-1280259859)
VT 2/42 (4.77%)
Code: [Select]
hxxp://googlemaps3.com/google/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on July 27, 2010, 08:51:30 pm
IP Location: Germany - HETZNER-RZ-NBG-BLK5 - HETZNER-AS
IP 78.46.104.41
[www18.subdomain.com]
AS24940
Code: [Select]
hxxp://kaspersky.server.tl/wp-content/plugins/download-monitor/download.php?id=1downloads ====> Patch.exe
md5sum ===> 1aadc8f2820e4fe6c5e66a10c9eac1ee
http://www.virustotal.com/es/analisis/51f57f6aa0f784230374aed00fc5a0fc9f8180d40ae5451fd3be8ab0171c575b-1280262799 (http://www.virustotal.com/es/analisis/51f57f6aa0f784230374aed00fc5a0fc9f8180d40ae5451fd3be8ab0171c575b-1280262799)
VT 33/42 (78.58%)
related:
Code: [Select]
hxxp://project.kilu.info/content/
Title: Re: SpyEye C&C &files
Post by: jackberri on July 28, 2010, 07:39:13 am
IP Location: Germany - HETZNER-RZ-NBG-BLK5 - HETZNER-AS Hetzner Online AG RZ
IP 78.46.49.34
AS24940
Registrant/Registrant Email: Katrin Koenig/info@katrinkoenig.com
Code: [Select]
hxxp://katrinkoenig.com/awstats/awstat.exemd5sum ===> d83d99c01040f7d05f46f0365df163ba
http://www.virustotal.com/es/analisis/bfea9cfae12c37b36bafb315499d00ac6a4293eaa689a08438d81e0426aac957-1280300420 (http://www.virustotal.com/es/analisis/bfea9cfae12c37b36bafb315499d00ac6a4293eaa689a08438d81e0426aac957-1280300420)
VT 2/42 (4.77%)
related:
Code: [Select]
hxxp://113.11.194.173/eye/main/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on July 28, 2010, 07:50:36 pm
IP Location: Germany - HETZNER-RZ-NBG-BLK5 - HETZNER-AS Hetzner Online AG RZ
IP 78.46.49.34
AS24940
Registrant/Registrant Email: Katrin Koenig/info@katrinkoenig.com
Code: [Select]
hxxp://katrinkoenig.com/awstats/awstat.exemd5sum ===> d83d99c01040f7d05f46f0365df163ba
http://www.virustotal.com/es/analisis/bfea9cfae12c37b36bafb315499d00ac6a4293eaa689a08438d81e0426aac957-1280300420 (http://www.virustotal.com/es/analisis/bfea9cfae12c37b36bafb315499d00ac6a4293eaa689a08438d81e0426aac957-1280300420)
VT 2/42 (4.77%)

Sorry: is a false positive:
Die Datei 'awstat.exe' wurde als 'FALSE POSITIVE' eingestuft. In particular this means that this file is not malicious but a false alarm. Das Erkennungsmuster wird mit einem der nächsten Updates der Virendefinitionsdatei (VDF) entfernt werden. (From Avira Lab Response)
Title: Re: SpyEye C&C &files
Post by: jackberri on July 29, 2010, 08:36:07 am
Code: [Select]
hxxp://acidsource.com/cp/bin/_mon.exemd5sum ===> 54d199ccdca78d4d45bd1e82bf524888
http://www.virustotal.com/es/analisis/0d0be58c65922a232f017ace7a2fe31422629a079953f1ee5d4a933cc96d7906-1280391690 (http://www.virustotal.com/es/analisis/0d0be58c65922a232f017ace7a2fe31422629a079953f1ee5d4a933cc96d7906-1280391690)
VT 2/42 (16.67%)
Title: Re: SpyEye C&C &files
Post by: jackberri on July 29, 2010, 02:34:25 pm
IP Location: Russian Federation - NEVAL - NEVAL PE Nevedomskiy Alexey Alexeevich
IP 91.212.198.61
AS49314
Registrant/Registrant Email: Artem Belkin/hironakamuraeye@gmail.com
Code: [Select]
hxxp://countfrom1970.com/warrior/bin/upload/setup2201234.exe
hxxp://countfrom1970.com/warrior/bin/upload/Hiro.exe
hxxp://countfrom1970.com/warrior/bin/upload/Hiro1.exe
hxxp://countfrom1970.com/warrior/bin/upload/Hiro12.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup220.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup221.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2201.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2211.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22012.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22112.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup220123.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup221123.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2201234.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2211234.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22012345.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22112345.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup220123456.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup221123456.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2201234567.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2211234567.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22012345678.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22112345678.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2211234567891011.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup220123456789101112.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22012345678910111213.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2201234567891011121314.exe
hxxp://countfrom1970.com/warrior/bin/ieupdate.exe
hxxp://countfrom1970.com/warrior/bin/mih.exe
hxxp://countfrom1970.com/warrior/bin/msnworks.exe
hxxp://countfrom1970.com/warrior/bin/newarc.exe
hxxp://countfrom1970.com/warrior/bin/outcast.exe
hxxp://countfrom1970.com/warrior/bin/outpost.exe
hxxp://countfrom1970.com/warrior/bin/outv.exe
hxxp://countfrom1970.com/warrior/bin/psp1204b.exe
Title: Re: SpyEye C&C &files
Post by: jackberri on July 29, 2010, 06:49:08 pm
IP Location: Germany - NETDIRECT AS NETDIRECT
IP 89.149.202.109
AS28753
Registrant/Registrant Email: Derrick Grimes/ddgrimes@earthlink.net
Code: [Select]
hxxp://worlddatahouse.com/eyjedai123/bin/config.binmd5sum ===> 53effacca661a9de98a0922517951edb
Code: [Select]
hxxp://worlddatahouse.com/eyjedai123/bin/build.exemd5sum ===> 4241f18c62261544d50ad8b1855d2caf
http://www.virustotal.com/es/analisis/7685c380f7385f638355d0a79228f9e84e222be4c49e62888b38813a01a2b8fd-1280428357 (http://www.virustotal.com/es/analisis/7685c380f7385f638355d0a79228f9e84e222be4c49e62888b38813a01a2b8fd-1280428357)
VT 8/42 (19.05%)
Code: [Select]
hxxp://worlddatahouse.com/eyjedai123/gate.php
Code: [Select]
hxxp://worlddatahouse.com/eyjedai123/bin/upload/rapport.exemd5sum ===> ae20e2a9d83628c6e5107537c6e37955
http://www.virustotal.com/es/analisis/6533408a8ed01b07d61a4e41e1aafc2056d92a64ec591fcb37f335e1b4b17eb2-1280428605 (http://www.virustotal.com/es/analisis/6533408a8ed01b07d61a4e41e1aafc2056d92a64ec591fcb37f335e1b4b17eb2-1280428605)
VT 9/42 (21.43%)

Code: [Select]
hxxp://77.78.240.162/spye/bin/config.binmd5sum ===> 71f597e50fc623aa4d4a74714ecec073
Title: Re: SpyEye C&C &files
Post by: jackberri on July 30, 2010, 04:22:41 pm
IP Location: United States - WHOLESALEINTERNET-3
AS32097
Code: [Select]
hxxp://204.12.243.187/main/bin/config.binmd5sum ===> e5fb5166ff2cf8caae6adfe795baaecf
Code: [Select]
hxxp://204.12.243.187/main/gate.phprelated:
Code: [Select]
hxxp://sockslist.fraudcrew.com/proxy/proxy2005.dllmd5sum ===> fbf1e72706b40552e0405356d6ee425a
http://www.virustotal.com/es/analisis/eb9080e963ac55b388fe3b3de6d2af8eb07b2d3f8804a56c575ecefa66a39a6a-1280505728 (http://www.virustotal.com/es/analisis/eb9080e963ac55b388fe3b3de6d2af8eb07b2d3f8804a56c575ecefa66a39a6a-1280505728)
VT 20/42 (47.62%)
Title: Re: SpyEye C&C &files
Post by: jackberri on July 31, 2010, 08:08:25 am
IP Location: China - CHINANET-BJ-METRO BeijingTelecom
IP 121.101.216.208
AS4847
Registrant ID:orgte72810921924
Registrant/Registrant Email: Todd Echols/moonbeam@konocti.net
Code: [Select]
hxxp://planita.org/glavniy/bin/config.binmd5sum ===> 5b9a920ed14888764139006dc8f3638e
Code: [Select]
hxxp://planita.org/glavniy/gate.php
IP Location: Moldova - Najada route - INTERACTIVE3D-AS Interactive3D
IP 91.216.122.102
AS49544
Registrant/Registrant Email: John Iles/jhn_iles@yahoo.co.uk
Code: [Select]
hxxp://seotraffbuss.com/main/bin/config.binmd5sum ===> 49cbc1f5a1eaddb7f0ae4f2763982ff2
Code: [Select]
hxxp://seotraffbuss.com/main/bin/build.exemd5sum ===> c382468075e560f631a96f3794ed2d93
http://www.virustotal.com/es/analisis/89fec3dfca37c60ba4f8813b521cc77721a7c19c8765e83bb74669acdc15bc85-1280530607 (http://www.virustotal.com/es/analisis/89fec3dfca37c60ba4f8813b521cc77721a7c19c8765e83bb74669acdc15bc85-1280530607)
VT 15/42 (35.72%)
Code: [Select]
hxxp://seotraffbuss.com/main/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on July 31, 2010, 06:33:50 pm
IP Location: China - CHINANET-BJ-METRO BeijingTelecom
IP 121.101.216.234
AS4847
Registrant/Registrant Email: Chang So/changso@yahoo.com
Code: [Select]
hxxp://festivaloffire.net/ninja/mainp/bin/config.binmd5sum ===> a9d3d33ac38b1ab6211c6e3a16894f74
Code: [Select]
hxxp://festivaloffire.net/ninja/mainp/bin/build.exemd5sum ===> 31eceeb5c09e80ba777351293546e4ac
http://www.virustotal.com/es/analisis/350a09e31a9d3bd90271f252adde96a75ef1b591595d87eb17cc3b2978aee5a7-1280600287 (http://www.virustotal.com/es/analisis/350a09e31a9d3bd90271f252adde96a75ef1b591595d87eb17cc3b2978aee5a7-1280600287)
VT 0/41 (0%)

sigcheck:
publisher....: SOFTWIN S.R.L.
copyright....: 5430-8590
product......: ________
description..: BitDefender Management Console
original name: ybca.exe
internal name: _______
file version.: 117.107.24.51
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Code: [Select]
hxxp://festivaloffire.net/ninja/mainp/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on August 01, 2010, 05:09:10 pm
IP Location: Latvia - BKCNET Autonomous System - BKCNET "SIA" IZZI
IP 91.188.59.205
AS6851
Registrant/Registrant Email: PrivacyProtect.org/contact@privacyprotect.org
Code: [Select]
hxxp://macromediasetup.com/zombie/load.php?f=1&e=5downloads ===> exe_1.exe
md5sum ===> cceac57adbdd88aa62f961c1820db6a1
http://www.virustotal.com/es/analisis/d317d01e8b781fc061189c9b81167936177949011a9ecde845a919cabd402f0c-1280681610 (http://www.virustotal.com/es/analisis/d317d01e8b781fc061189c9b81167936177949011a9ecde845a919cabd402f0c-1280681610)
VT 3/41 (7.32%)
sigcheck:
publisher....: Macromedia, Inc.
copyright....: Copyright (c) 1996-2003 Macromedia, Inc.
product......: Shockwave Flash
description..: Macromedia Flash Player 7.0 r19
original name: SAFlashPlayer.exe
internal name: Macromedia Flash Player 7.0
file version.: 7,0,19,0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Code: [Select]
hxxp://macromediasetup.com/zombie/related:
IP Location: Russian Federation - NEVAL - NEVAL PE Nevedomskiy Alexey Alexeevich
IP 91.212.198.63
AS49314
Registrant/Registrant Email: Charles Anderson/charlesanderson@hotmailbox.com
Code: [Select]
hxxp://clickxfinder.com/warrior/bin/big.exemd5sum ===> 4f6451fb2a24d10692a42f51e87c87b0
http://www.virustotal.com/es/analisis/162ad0a285e0a6748266d1cb67473df7cb802b6f27579c127545c1aa0d9d9a62-1280681720 (http://www.virustotal.com/es/analisis/162ad0a285e0a6748266d1cb67473df7cb802b6f27579c127545c1aa0d9d9a62-1280681720)
VT 0/42 (0%)
sigcheck:
publisher....: Hewlett-Packard
copyright....: (c) Hewlett-Packard. All rights reserved.
product......: HpqPhUnl
description..: QHouston
original name: HpqPhUnl.EXE
internal name: HpqPhUnl.exe
file version.: 7.0.0.229
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Code: [Select]
hxxp://clickxfinder.com/warrior/bin/corban.exemd5sum ===> 47f100ef490b28e14452a4eb4d3f5964
http://www.virustotal.com/es/analisis/305fb0dc66b176664bf74d0d4c5cc3440c3e6af7dc8a686ca6f23a83971b9a62-1280682008 (http://www.virustotal.com/es/analisis/305fb0dc66b176664bf74d0d4c5cc3440c3e6af7dc8a686ca6f23a83971b9a62-1280682008)
VT 7/42 (16.67%)
Code: [Select]
hxxp://clickxfinder.com/warrior/bin/movie.exe/md5sum ===> cceac57adbdd88aa62f961c1820db6a1
Code: [Select]
hxxp://clickxfinder.com/warrior/bin/small.exe/md5sum ===> 7b2fa09191276db49b55d7cb6c34961c
http://www.virustotal.com/es/analisis/918468ae8d330d2e0bcfa1c74f91e786bad9d27b4eec60af3cd8f77356c35af5-1280682139 (http://www.virustotal.com/es/analisis/918468ae8d330d2e0bcfa1c74f91e786bad9d27b4eec60af3cd8f77356c35af5-1280682139)
VT 14/42 (33.34%)


Code: [Select]
hxxp://77.78.240.162/spye/bin/build.exe.crypted.exemd5sum ===> 84a9aedb378c3ec297a775c1f7fc573a
http://www.virustotal.com/es/analisis/f5294af280e68229590d2061abe80c1f94d13c5a7e5dd1fdd2a7acaa229bc7e2-1280675032 (http://www.virustotal.com/es/analisis/f5294af280e68229590d2061abe80c1f94d13c5a7e5dd1fdd2a7acaa229bc7e2-1280675032)
VT 29/42 (69.05%)

Title: Re: SpyEye C&C &files
Post by: jackberri on August 01, 2010, 07:34:42 pm
IP Location: Germany - netdirect Frankfurt - NETDIRECT AS
IP 89.149.202.109
[worlddatahouse.com]
AS28753
Registrant ID: CR44633124
Registrant Email: Jack Sparrow/rapidwaysoft@yahoo.com
Code: [Select]
hxxp://bassjungle.info/eyjedai123/bin/config.bin
hxxp://detailmaster.info/eyjedai123/bin/config.bin
hxxp://mymusicbrowser.com/eyjedai123/bin/config.bin
md5sum ===> 21a8e27e53fbf757feb8f6d687c92697
Code: [Select]
hxxp://bassjungle.info/eyjedai123/bin/build.exe
hxxp://detailmaster.info/eyjedai123/bin/build.exe
hxxp://mymusicbrowser.com/eyjedai123/bin/build.exe
md5sum ===> 70bedc4e6b4c5c46cc085d34b57f50b6
http://www.virustotal.com/es/analisis/27641d8e9d0e9d0811dda24968fe76978b25c235d7f8b1c0ee104e308c76041f-1280689635 (http://www.virustotal.com/es/analisis/27641d8e9d0e9d0811dda24968fe76978b25c235d7f8b1c0ee104e308c76041f-1280689635)
VT 13/42 (30.96%)
publisher....: SOFTWIN S.R.L.
copyright....: 8258-3305
product......: ________
description..: BitDefender Management Console
original name: ybmnvxv.exe
internal name: _________
file version.: 93.118.108.22
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Code: [Select]
hxxp://bassjungle.info/eyjedai123/bin/upload/rapport.exe
hxxp://detailmaster.info/eyjedai123/bin/upload/rapport.exe
hxxp://mymusicbrowser.com/eyjedai123/bin/upload/rapport.exe
md5sum ===> ae20e2a9d83628c6e5107537c6e37955
http://www.virustotal.com/es/analisis/6533408a8ed01b07d61a4e41e1aafc2056d92a64ec591fcb37f335e1b4b17eb2-1280690016 (http://www.virustotal.com/es/analisis/6533408a8ed01b07d61a4e41e1aafc2056d92a64ec591fcb37f335e1b4b17eb2-1280690016)
VT 23/42 (54.77%)
Code: [Select]
hxxp://bassjungle.info/eyjedai123/bin/upload/rapport1.exe
hxxp://detailmaster.info/eyjedai123/bin/upload/rapport1.exe
hxxp://mymusicbrowser.com/eyjedai123/bin/upload/rapport1.exe
md5sum ===> 7c0d41a2195091bd45a36edf17b06bb8
http://www.virustotal.com/es/analisis/0ac12d867d5c56f8b982a58c968e24badc90875f5a6a3bcca8492d18fe00c0f8-1280689879 (http://www.virustotal.com/es/analisis/0ac12d867d5c56f8b982a58c968e24badc90875f5a6a3bcca8492d18fe00c0f8-1280689879)
VT 4/42 (9.53%)
Title: Re: SpyEye C&C &files
Post by: jackberri on September 02, 2010, 10:17:53 am
IP Location: Moldova - GlobalNET Bosnia - BA-GLOBALNET-AS
IP 77.78.240.172
AS42560
Registrant ID: orgbb80483769715
Registrant Email: qbhzruezwt@whoisservices.cn
Code: [Select]
hxxp://www.connectionsupport.org/f/bin/Test.exemd5sum ===> 8725c2a8be3958d04e32dafea21e0929
https://www.virustotal.com/file-scan/report.html?id=9e52cec6a2820780e2a9db45356d9914e4a0434aa9ca366027c2fbb89733a452-1283420725 (https://www.virustotal.com/file-scan/report.html?id=9e52cec6a2820780e2a9db45356d9914e4a0434aa9ca366027c2fbb89733a452-1283420725)
VT 9/43 (20.9%)
Code: [Select]
hxxp://www.connectionsupport.org/f/bin/sp.exemd5sum ===> de47aedc4e2803477c5e6e900c998bfd
https://www.virustotal.com/file-scan/report.html?id=aeb0caf1ccd74577d76a70bae60d3046770c08fcc88477fa10bea1304c45cff7-1283420984 (https://www.virustotal.com/file-scan/report.html?id=aeb0caf1ccd74577d76a70bae60d3046770c08fcc88477fa10bea1304c45cff7-1283420984)
VT 9/43 (20.9%)
Code: [Select]
hxxp://www.connectionsupport.org/f/bin/config.binmd5sum ===> 0b5b6811d0fc161b05836ea22e9296d2
Code: [Select]
hxxp://www.connectionsupport.org/waDWd1aqw/cfg.binmd5sum ===> 2f18a05db00c78fdcc80d5752aa1eea9
Code: [Select]
hxxp://www.connectionsupport.org/f/bin/upload/c4te.exemd5sum ===> 15dac7d9f71724981b7906787260f790
https://www.virustotal.com/file-scan/report.html?id=bd418e230dd2115885034041e7e5b7a11f9aadd29ab154dbc56569c21698948b-1283421379 (https://www.virustotal.com/file-scan/report.html?id=bd418e230dd2115885034041e7e5b7a11f9aadd29ab154dbc56569c21698948b-1283421379)
VT 13/43 (30.2%)
Code: [Select]
hxxp://www.connectionsupport.org/f/bin/upload/you.exe.crypted.exemd5sum ===> 4de5435d5cfd354051177d146a182992
http://www.virustotal.com/file-scan/report.html?id=4134beb3feb7518453d614446383f9ae9297b602a79715bd9d14c307dbb64edd-1283421675 (http://www.virustotal.com/file-scan/report.html?id=4134beb3feb7518453d614446383f9ae9297b602a79715bd9d14c307dbb64edd-1283421675)
VT 11/42 (26.2%)
Code: [Select]
hxxp://www.connectionsupport.org/waDWd1aqw/Jfu3876HaWf.php
Title: Re: SpyEye C&C &files
Post by: jackberri on September 07, 2010, 02:50:56 pm
Code: [Select]
hxxp://xableupper.com/cp/bin/build.exe  (corrupted?)md5sum ===> 66b0905377507cd27b599390e2fe13db
http://www.virustotal.com/file-scan/report.html?id=5ad1c1890a2e7398c65f5667f92a7ef6acd79e17a47770df7875156b662a471a-1283870564 (http://www.virustotal.com/file-scan/report.html?id=5ad1c1890a2e7398c65f5667f92a7ef6acd79e17a47770df7875156b662a471a-1283870564)
VT 1/43 (2.3%)

Code: [Select]
hxxp://xableupper.com/cp/bin/build_me.exe.crypted.exemd5sum ===> 8783d18b331e5846307cc2baa22128d7
http://www.virustotal.com/file-scan/report.html?id=c301ad806f68adb6769be3dce99875c87e3a9d843a7bf0e9dc9f24a194055945-1283870319 (http://www.virustotal.com/file-scan/report.html?id=c301ad806f68adb6769be3dce99875c87e3a9d843a7bf0e9dc9f24a194055945-1283870319)
VT 8/43 (18.6%)
related:
Code: [Select]
hxxp://193.105.174.22:10006
Title: Re: SpyEye C&C &files
Post by: jackberri on September 09, 2010, 07:07:47 pm
Code: [Select]
hxxp://91.211.117.25/sp/admin/bin/config.binmd5sum ===> 90452f2e87bd173664916c67c4ed9b5a
Code: [Select]
hxxp://91.211.117.25/sp/admin/bin/build.exemd5sum ===> 8904d483008d6284a8f76fb5b9a7cb39
http://www.virustotal.com/file-scan/report.html?id=844f77d6371f5cd62d7d77a0a78173bd6bc6524fadebbc32befd9f21dc839792-1284057600 (http://www.virustotal.com/file-scan/report.html?id=844f77d6371f5cd62d7d77a0a78173bd6bc6524fadebbc32befd9f21dc839792-1284057600)
VT 5/41 (12.2%)
Code: [Select]
hxxp://91.211.117.25/sp/admin/bin/upload/gbotout.exemd5sum ===> 87a5f7c496975c778d8c866195c9a7a5
http://www.virustotal.com/file-scan/report.html?id=8fa5d6d9c10b2dea88e72f87f201b62f9b60d480fd06599a554c0f50bae9c80c-1284057895 (http://www.virustotal.com/file-scan/report.html?id=8fa5d6d9c10b2dea88e72f87f201b62f9b60d480fd06599a554c0f50bae9c80c-1284057895)
VT 8/43 (18.6%)
Code: [Select]
hxxp://91.211.117.25/sp/admin/bin/upload/out.exe
hxxp://91.211.117.25/sp/admin/bin/upload/out1.exe
md5sum ===> 143fdd161c7360060d30f540d7a86b27
http://www.virustotal.com/file-scan/report.html?id=30ab22ffbeec892f1055aab5b54ac4ec345404c8d53a17220a00a44263dc0b56-1284058359 (http://www.virustotal.com/file-scan/report.html?id=30ab22ffbeec892f1055aab5b54ac4ec345404c8d53a17220a00a44263dc0b56-1284058359)
VT 31/43 (72.1%)
Code: [Select]
hxxp://91.211.117.25/sp/admin/bin/upload/pedoout.exemd5sum ===> c35e406871df034041d5a92bcb01c85b
http://www.virustotal.com/file-scan/report.html?id=19b01311129a3fe8022e7bf2f56ba9ed8c958e68174ad942b53fad141857936e-1284058781 (http://www.virustotal.com/file-scan/report.html?id=19b01311129a3fe8022e7bf2f56ba9ed8c958e68174ad942b53fad141857936e-1284058781)
VT 10/43 (23.3%)
Code: [Select]
hxxp://91.211.117.25/spy/bin/621430spyeyecrypted.exemd5sum ===> 179d5d6c506a785d0f700468bf8ac97c
http://www.virustotal.com/file-scan/report.html?id=921863783b39c356745f6bbdce881148c2d7252e56c1a68036c6579ceddcd317-1284058618 (http://www.virustotal.com/file-scan/report.html?id=921863783b39c356745f6bbdce881148c2d7252e56c1a68036c6579ceddcd317-1284058618)
VT 29/43 (67.4%)
Code: [Select]
hxxp://91.211.117.25/spy/bin/spyeye.exemd5sum ===> d69b970afe781b385b9c4856dd1690ea
http://www.virustotal.com/file-scan/report.html?id=21f95da39e87ac1c984ed45a7437b996fdcaf0591dc06cd508333463963184e1-1284058939 (http://www.virustotal.com/file-scan/report.html?id=21f95da39e87ac1c984ed45a7437b996fdcaf0591dc06cd508333463963184e1-1284058939)
VT 35/43 (81.4%)
Title: Re: SpyEye C&C &files
Post by: jackberri on September 15, 2010, 09:06:17 am
Code: [Select]
hxxp://xableupper.com/cp/bin/ddd.exemd5sum ===> 8706f85d9e518a6044b7cd8c64acd594
http://www.virustotal.com/file-scan/report.html?id=8bbf650eb7f426054eb6353e75f46412c43a28140cebcfda59dfeb385b58d8bb-1284541125 (http://www.virustotal.com/file-scan/report.html?id=8bbf650eb7f426054eb6353e75f46412c43a28140cebcfda59dfeb385b58d8bb-1284541125)
VT 23/43 (45.2%)
Title: Re: SpyEye C&C &files
Post by: jackberri on September 17, 2010, 04:34:44 pm
IP Location: Netherlands - ECATEL-AS
IP 89.248.168.121
[hosted-by.ecatel.net]
AS29073
Registrant/Registrant Email: Renate M. Stanley/RenateMStanley@gmail.com
Code: [Select]
hxxp://spysyst.com/main/bin/config.binmd5sum ===> c3d241a02c524535f8c4520477df1d06
Code: [Select]
hxxp://spysyst.com/main/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on September 18, 2010, 02:38:47 pm
Code: [Select]
hxxp://ipchecker911.com/us2/bin/1228.exemd5sum ===> 0c158cceb3f6442ce91071105f1cca33
http://www.virustotal.com/file-scan/report.html?id=f9cd91d3e13d4e31292d250fd5b9825a3f984685e87916c0c40bfac787bdbb4d-1284818868 (http://www.virustotal.com/file-scan/report.html?id=f9cd91d3e13d4e31292d250fd5b9825a3f984685e87916c0c40bfac787bdbb4d-1284818868)
VT 32/43 (74.4%)
Code: [Select]
hxxp://froot.nl/statistieken/us1.exemd5sum ===> 1e7c50eace3df1fe70cb8f388a769676
http://www.virustotal.com/file-scan/report.html?id=755321dc05871f483bede4e1c62ce7c2fe04fb380bac976fc9f5b88aa89be61b-1284818865 (http://www.virustotal.com/file-scan/report.html?id=755321dc05871f483bede4e1c62ce7c2fe04fb380bac976fc9f5b88aa89be61b-1284818865)
VT 34/43 (79.1%)
related malware:
Code: [Select]
hxxp://rapidshare.com/files/419309857/mir.exemd5sum ===> 94863eb254c5c4dc9736ead9b94d1972
http://www.virustotal.com/file-scan/report.html?id=c0c8839699a06e2a90cce2d3abae012e81fcc29002d32445bd2f4049d721edb4-1284818862 (http://www.virustotal.com/file-scan/report.html?id=c0c8839699a06e2a90cce2d3abae012e81fcc29002d32445bd2f4049d721edb4-1284818862)
VT 24/42 (57.1%)
Code: [Select]
hxxp://91.211.117.76/d.exemd5sum ===> b0aea64d3b9a420e6623c9523e08d54d
http://www.virustotal.com/file-scan/report.html?id=35a16e95015ce0a6defd99e078ccf510abd3f72d988c7362f4e24d92036f43f4-1284818857 (http://www.virustotal.com/file-scan/report.html?id=35a16e95015ce0a6defd99e078ccf510abd3f72d988c7362f4e24d92036f43f4-1284818857)
VT 25/43 (58.1%)
Code: [Select]
hxxp://froot.nl/wp-content/uploads/rich.exemd5sum ===> 117d9c3d827c8a50d033c9c30c5e3fff
http://www.virustotal.com/file-scan/report.html?id=5ea3a63ebae13f25b1255cd48f9b62ca3d369eb3092f186ca35fa1d59d73d993-1284819404 (http://www.virustotal.com/file-scan/report.html?id=5ea3a63ebae13f25b1255cd48f9b62ca3d369eb3092f186ca35fa1d59d73d993-1284819404)
VT 14/42 (33.3%)
Code: [Select]
hxxp://193.104.186.88:51625/feelpl.exemd5sum ===> f77a2586ffc8838ff4a8e03dc084da29
http://www.virustotal.com/file-scan/report.html?id=7903d8fffd7f82e65ce90f99a4079825666a82bebafab7cd85b4ff0cf5f383f9-1284819797 (http://www.virustotal.com/file-scan/report.html?id=7903d8fffd7f82e65ce90f99a4079825666a82bebafab7cd85b4ff0cf5f383f9-1284819797)
VT 37/43 (86.0%)
Code: [Select]
hxxp://193.104.186.88:51625/fefmeo.exemd5sum ===> ac0258fb96a1cb2f1cdf5be2e260e177
http://www.virustotal.com/file-scan/report.html?id=bf5bce924f00c232bb1b498e1969dbae571a2251d87e701ad335ffd6997b384a-1284820121 (http://www.virustotal.com/file-scan/report.html?id=bf5bce924f00c232bb1b498e1969dbae571a2251d87e701ad335ffd6997b384a-1284820121)
VT 36/43 (83.7%)
Code: [Select]
hxxp://76.76.99.186:53651/vgrgfe.exemd5sum ===> 028494420c516417cd82be8eca360c27
http://www.virustotal.com/file-scan/report.html?id=efb7ff77b45ebfcf16f76d3c6f79185428ff7e540e685652e208f91f62d683c0-1284820166 (http://www.virustotal.com/file-scan/report.html?id=efb7ff77b45ebfcf16f76d3c6f79185428ff7e540e685652e208f91f62d683c0-1284820166)
VT 40/43 (93.0%)
Title: Re: SpyEye C&C &files
Post by: jackberri on September 22, 2010, 03:21:51 pm
Code: [Select]
hxxp://imagenabotam.com/n/bin/a.exe md5sum ===> f408d1920f873c80b2a8d8b91daa9986
http://www.virustotal.com/file-scan/report.html?id=32f57b48f064fd51b516bc4bc3df6a194dd9c3708b351bedb0f99754c143f87e-1285097936 (http://www.virustotal.com/file-scan/report.html?id=32f57b48f064fd51b516bc4bc3df6a194dd9c3708b351bedb0f99754c143f87e-1285097936)
VT 14/41 (34.1%)
Title: Re: SpyEye C&C &files
Post by: jackberri on October 07, 2010, 03:32:30 am
IP Location: United States - FASTSERVERS, Inc
IP 209.16.111.241
AS16805
Name Server: dns010.d.register.com           
Name Server: dns049.c.register.com
Registrant/Registrant Email: Domain Discreet/5ef2a9880a141150009555f0a9837e03@domaindiscreet.com
Code: [Select]
hxxp://humirajustice.com/us1.exemd5sum ===> a9f4cb15dc59d1c580e4f48f6374af30
http://www.virustotal.com/file-scan/report.html?id=5cbedadd1942480cc62c7dde39da17fd386436d89c8445e2a927c5f27ce34c92-1286421861 (http://www.virustotal.com/file-scan/report.html?id=5cbedadd1942480cc62c7dde39da17fd386436d89c8445e2a927c5f27ce34c92-1286421861)
VT 33/42 (78.6%)
related:
Code: [Select]
hxxp://91.211.117.76/dimark.exemd5sum ===> 237703f7d3eefb37ddfd76f3d15ba8d1
http://www.virustotal.com/file-scan/report.html?id=1be27aeadb3b7937740c241e1b1a4f3473cc91a3f7a1b9e1fa5db02be5523a29-1286421976 (http://www.virustotal.com/file-scan/report.html?id=1be27aeadb3b7937740c241e1b1a4f3473cc91a3f7a1b9e1fa5db02be5523a29-1286421976)
VT 34/42 (81.0%)

Title: Re: SpyEye C&C &files
Post by: jackberri on October 08, 2010, 10:13:35 pm
IP Location: Kazakhstan - ALFAHOSTNET Alfa-Host LLP
IP  193.105.207.120
AS50793
Name Server: ns1.stolimonov.ru
Name Server: ns2.stolimonov.ru
Registrant/Registrant Email: Private Person/dns@stolimonov.ru
Code: [Select]
hxxp://appppa1.ru/exe.exemd5sum ===> 7f1509001d2670787a52a95c6d87cb99
http://www.virustotal.com/file-scan/report.html?id=4a8cfca9e280f5586c69bd9948099936a3824b0221bb571680f121d1342b4fc3-1286574940 (http://www.virustotal.com/file-scan/report.html?id=4a8cfca9e280f5586c69bd9948099936a3824b0221bb571680f121d1342b4fc3-1286574940)
VT 0/41 (0.0%)
Code: [Select]
hxxp://appppa1.ru/lex/bin/exe.exemd5sum ===> bdb68d281dc94a0cb30a04ac82c45be8
http://www.virustotal.com/file-scan/report.html?id=fc61746dbb15d8fe27307e693becbbfe9a931369744f96155bfd297a1274af01-1286575755 (http://www.virustotal.com/file-scan/report.html?id=fc61746dbb15d8fe27307e693becbbfe9a931369744f96155bfd297a1274af01-1286575755)
VT 4/43 (9.3%)
Title: Re: SpyEye C&C &files
Post by: jackberri on October 10, 2010, 04:08:03 pm
IP Location: Russian Federation - RTCOMM-AS OJSC RTComm.RU
IP  81.177.32.182
AS8342
Code: [Select]
hxxp://www.4587avvv.1gb.ru/adminka/bin/bofa.exemd5sum ===> f62f0ea09dbce2004479913b32627c09
http://www.virustotal.com/file-scan/report.html?id=9e85108aad359dcf78b710219ac793ce8ec6f11c2b45d8752be0311918f5478e-1286725655 (http://www.virustotal.com/file-scan/report.html?id=9e85108aad359dcf78b710219ac793ce8ec6f11c2b45d8752be0311918f5478e-1286725655)
VT 12/42 (28.6%)
Code: [Select]
hxxp://www.4587avvv.1gb.ru/adminka/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on October 16, 2010, 11:30:55 am
IP Location: Ukraine - GORBY-AS Route Object - GORBY-AS Alexandr Gorbunov
IP  195.226.197.43
AS51303
Name Server: ns1.nsnoc.com
Name Server: ns2.nsnoc.com
Registrant/Registrant Email: Sylwester Markevitsh/Sylwester_84@hotmail.com
Code: [Select]
hxxp://xableupperxx3.com/cp/bin/build_crypted.exemd5sum ===> 5478b750f2e967af29b45c5ae8e1f572
http://www.virustotal.com/file-scan/report.html?id=25e8e0efb7086997f8a01c6c497a222be9bb0fe387cef307d16cceb09522d738-1287227114 (http://www.virustotal.com/file-scan/report.html?id=25e8e0efb7086997f8a01c6c497a222be9bb0fe387cef307d16cceb09522d738-1287227114)
VT 17/43 (39.5%)
Code: [Select]
hxxp://xableupperxx3.com/cp/bin/ddd.exemd5sum ===> 8706f85d9e518a6044b7cd8c64acd594
http://www.virustotal.com/file-scan/report.html?id=8bbf650eb7f426054eb6353e75f46412c43a28140cebcfda59dfeb385b58d8bb-1287227483 (http://www.virustotal.com/file-scan/report.html?id=8bbf650eb7f426054eb6353e75f46412c43a28140cebcfda59dfeb385b58d8bb-1287227483)
VT 37/43 (86.0%)
Code: [Select]
hxxp://xableupperxx3.com/cp/bin/build_me.exe.crypted.exemd5sum ===> 8783d18b331e5846307cc2baa22128d7
http://www.virustotal.com/file-scan/report.html?id=c301ad806f68adb6769be3dce99875c87e3a9d843a7bf0e9dc9f24a194055945-1287227667 (http://www.virustotal.com/file-scan/report.html?id=c301ad806f68adb6769be3dce99875c87e3a9d843a7bf0e9dc9f24a194055945-1287227667)
VT 41/43 (95.3%)
Code: [Select]
hxxp://xableupperxx3.com/cp/gate.phpdata:
Code: [Select]
hxxp://xableupperxx3.com/cp/bin/build.exemd5sum ===> 66b0905377507cd27b599390e2fe13db
Title: Re: SpyEye C&C &files
Post by: jackberri on October 20, 2010, 01:11:50 pm
IP Location: United States - RR-RC-Enet-Columbus - RoadRunner RR-RC-Enet-Columbus
IP  209.51.196.254
[fe.c4.33.static.xlhost.com]
AS10297
Name Server: ns2.vistapanel.net
Name Server: ns1.vistapanel.net
Code: [Select]
hxxp://virus.vistapanel.net/Main/
Title: Re: SpyEye C&C &files
Post by: jackberri on October 20, 2010, 03:23:02 pm
IP Location: Germany - ORG-nA8-RIPE - NETDIRECT AS
IP  188.72.205.79
AS28753
Name Server: ns1.kriminal-news.ru
Name Server: ns2.kriminal-news.ru
Registrant/Registrant Email: Private Person/betmarket4me@yahoo.com
Code: [Select]
hxxp://kriminal-news.ru/myeye/
Title: Re: SpyEye C&C &files
Post by: jackberri on October 27, 2010, 05:00:24 pm
SpyEye C&C
IP Location: Ukraine - Datacenter Hosting.UA - HOSTING-AS
IP 213.155.31.32
AS41665
ns1.interglobe.am
ns2.interglobe.am
Registrant ID: IVB514I-RU
Registrant/Email Registrant: PrivateRegContact/contact@myprivateregistration.com
Code: [Select]
hxxp://update-soft.com/spy/main/main/
Title: Re: SpyEye C&C &files
Post by: jackberri on November 04, 2010, 11:06:15 am
IP Location: United States - Proxy-registered route object
IP 74.118.193.156
AS46664
ns1.gfxsetup.com
ns2.gfxsetup.com
Registrant ID:4a6de5fb5ff0a647
Registrant/Email Registrant: WhoisGuard  Protected/92dcc271f34a4c0998b9b0772638b890.protect@whoisguard.com
Code: [Select]
hxxp://cashforsignup.info/secures/bin/config.binmd5sum ===> 38cdf0f66252340b18eb1a59a3f1bb0e
Code: [Select]
hxxp://www.cashforsignup.info/secures/
Title: Re: SpyEye C&C &files
Post by: jackberri on November 04, 2010, 03:33:10 pm
Code: [Select]
hxxp://black-hosting.ru/spice/spotonmain/bin/config.binmd5sum ===> a9584d2efabf964b5a35ce9634e22877
Code: [Select]
hxxp://black-hosting.ru/spice/spotonmain/bin/build______capo_dei_capi___.exemd5sum ===> 74bdae8c4e2057c1137bb8f3b1a93cf7
http://www.virustotal.com/file-scan/report.html?id=05e60e0a4410f3991caec6aa4687f2b87897cd91d969f7c1acc585cce86ffb29-1288884518 (http://www.virustotal.com/file-scan/report.html?id=05e60e0a4410f3991caec6aa4687f2b87897cd91d969f7c1acc585cce86ffb29-1288884518)
VT 26/43 (60.5%)
Code: [Select]
hxxp://black-hosting.ru/spice/spotonmain/
Title: Re: SpyEye C&C &files
Post by: jackberri on November 12, 2010, 10:37:29 am
Code: [Select]
hxxp://galichina.zaporizhzhe.ua/maincp/bin/bot.exemd5sum ===> 4503cc71af7215505dacf6841fae1d34
http://www.virustotal.com/file-scan/report.html?id=b7689c6c10d9887a0fdff2379fae8acc73403e3a68a4236bbb5112d41994d3d7-1289556938 (http://www.virustotal.com/file-scan/report.html?id=b7689c6c10d9887a0fdff2379fae8acc73403e3a68a4236bbb5112d41994d3d7-1289556938)
VT 5/43 (11.6%)
related:
Code: [Select]
hxxp://injection-crew.biz/asdfg/gate.php?hwid=dfd71cb9551a20262c516b1a31369baf&version=1.00&os=1&response=& 
hxxp://injection-crew.biz/asdfg/gate.php?&hwid=dfd71cb9551a20262c516b1a31369baf&os=1&response=Undefined%20Comand...&
Title: Re: SpyEye C&C &files
Post by: jackberri on November 13, 2010, 03:52:48 pm
Code: [Select]
hxxp://gmajem.x10.mx/Main/bin/config.binmd5sum ===> fc4da184dc796366df5b227380f213d8
Title: Re: SpyEye C&C &files
Post by: jackberri on November 15, 2010, 05:22:52 am
Code: [Select]
hxxp://damptime.com/music/bin/upload/setup7281234.exemd5sum ===> e1cfb3a583da7bb2f8bd13afd4961f94
http://www.virustotal.com/file-scan/report.html?id=28f07cfec8140ef7d4a45a4abe2f316ac4c1b8e39962c3f65cc53e07b3c7a2f9-1289797746 (http://www.virustotal.com/file-scan/report.html?id=28f07cfec8140ef7d4a45a4abe2f316ac4c1b8e39962c3f65cc53e07b3c7a2f9-1289797746)
VT 16/43 (37.2%)
Code: [Select]
hxxp://damptime.com/music/bin/upload/setup72812345.exemd5sum ===> 68bcfff8fe5bae3716aa4311b7e51dc4
http://www.virustotal.com/file-scan/report.html?id=2c396f20d45d9174d0620fcebef600f6e205ffede5dbf765990c4d33250892f1-1289798222 (http://www.virustotal.com/file-scan/report.html?id=2c396f20d45d9174d0620fcebef600f6e205ffede5dbf765990c4d33250892f1-1289798222)
VT 13/43 (30.2%)
Title: Re: SpyEye C&C &files
Post by: jackberri on November 19, 2010, 09:30:46 am
IP Location: Ukraine - Datacenter Hosting.UA - HOSTING-AS
AS41665
Code: [Select]
hxxp://213.155.12.144/sec/bin/config.binmd5sum ===> 84b105947d8f8db4460b3cc7f4fdac4a
Code: [Select]
hxxp://213.155.12.144/sec/bin/k.exemd5sum ===> 380eba232fb0126c7518c17ffc28ff1b
http://www.virustotal.com/file-scan/report.html?id=a3b78f0486c5ff0fee993e42e561d9b129ff13c1b0cccf7419cd5e514873a18f-1290157914 (http://www.virustotal.com/file-scan/report.html?id=a3b78f0486c5ff0fee993e42e561d9b129ff13c1b0cccf7419cd5e514873a18f-1290157914)
VT 28/43 (65.1%)
Code: [Select]
hxxp://213.155.12.144/sec/bin/load.exemd5sum ===> 71ad4c13d9bcb1e8ef3296281d504a5f
http://www.virustotal.com/file-scan/report.html?id=ab890d528bc9e22897308da2056438efcc7c5da9dc52357c1e2175ef7ce6af1d-1290154619 (http://www.virustotal.com/file-scan/report.html?id=ab890d528bc9e22897308da2056438efcc7c5da9dc52357c1e2175ef7ce6af1d-1290154619)
VT 19/43 (44.2%)
Code: [Select]
hxxp://213.155.12.144/sec/bin/upload/45.exemd5sum ===> c7e12137d6212d17f4bf6e9a285282ae
http://www.virustotal.com/file-scan/report.html?id=f352936d6fedba7823b9eaf940bb325700b89c17d390542e45a1e533a4c2f888-1290158372 (http://www.virustotal.com/file-scan/report.html?id=f352936d6fedba7823b9eaf940bb325700b89c17d390542e45a1e533a4c2f888-1290158372)
VT 7/41 (17.1%)
Code: [Select]
hxxp://213.155.12.144/sec/bin/upload/baby.exemd5sum ===> 6bc0d62518f47360b6f7dfba90022a38
http://www.virustotal.com/file-scan/report.html?id=43d77c8e53169e4c0785004ecab25130d670bf65151b7d047d5d3689927ad685-1290158458 (http://www.virustotal.com/file-scan/report.html?id=43d77c8e53169e4c0785004ecab25130d670bf65151b7d047d5d3689927ad685-1290158458)
VT 7/43 (16.3%)
Code: [Select]
hxxp://213.155.12.144/sec/bin/upload/v1crypted.exe
hxxp://213.155.12.144/sec/bin/upload/v1crypted1.exe
md5sum ===> 0d56e7391793c429a760992ab088658a
http://www.virustotal.com/file-scan/report.html?id=a2b4f0e1b82e8ddab05b4eb6e41dabfccf46ca67d9ddc66924b72afdd780731d-1290158586 (http://www.virustotal.com/file-scan/report.html?id=a2b4f0e1b82e8ddab05b4eb6e41dabfccf46ca67d9ddc66924b72afdd780731d-1290158586)
VT 7/43 (16.3%)
Code: [Select]
hxxp://213.155.12.144/sec/bin/upload/v2crypted.exe
hxxp://213.155.12.144/sec/bin/upload/v2crypted1.exe
md5sum ===> 8cab6300b7e39ed026eb0a187972d95c
http://www.virustotal.com/file-scan/report.html?id=26cffb41db2160e6ece55d2f4439f5ab73cc5d9e442de0387c5da095199bb251-1290158668 (http://www.virustotal.com/file-scan/report.html?id=26cffb41db2160e6ece55d2f4439f5ab73cc5d9e442de0387c5da095199bb251-1290158668)
VT 20/40 (50.0%)
Title: Re: SpyEye C&C &files
Post by: jackberri on November 19, 2010, 08:01:35 pm
IP Location: United States - Proxy-registered route object
IP 74.118.192.120
AS46664
ns1.playtenniseveryday.mobi
ns2.playtenniseveryday.mobi
Registrant/Email Registrant: Private Whois Service/aa2bmjj4cbedaebd2e31@qc8iazv4cbecce2a1df1.privatewhois.net
Code: [Select]
hxxp://98up.com/newman/mainstats/bin/config.binmd5sum ===> 76c7b5d26226b64f96e84b17fb61c516
Code: [Select]
hxxp://98up.com/newman/mainstats/bin/upload/1.md5sum ===> b344d91cb0e9815217af83a59fa91b69
Code: [Select]
hxxp://98up.com/newman/mainstats/bin/build.exe
hxxp://98up.com/newman/mainstats/bin/upload/build.exe
hxxp://98up.com/newman/mainstats/bin/upload/build1.exe
md5sum ===> 814b99f8bf59846f27e9cedc7b79ff65
http://www.virustotal.com/file-scan/report.html?id=703a554fd4677693011d1b20db98875377f5b8c2665445d42b17bb569a292f42-1290195556 (http://www.virustotal.com/file-scan/report.html?id=703a554fd4677693011d1b20db98875377f5b8c2665445d42b17bb569a292f42-1290195556)
VT 23/42 (54.8%)
related:
IP Location: Portugal - Clara.net Portugal - CLARANET-AS
IP 195.22.11.158
[web6.esoterica.pt]
AS8426
dnserver7.esoterica.pt
dnserver3.esoterica.pt
Registrant/Email Registrant: Babo & Brochado Lda/babo.brochado.lda@hotmail.com
Code: [Select]
hxxp://enerclima.pt/32.exemd5sum ===> 189469ac1c0b636fad499b0055e1e3b1
http://www.virustotal.com/file-scan/report.html?id=84a433019d5915c354de333a7ef74b0d33190dcb100732982ac207cde575b138-1290194928 (http://www.virustotal.com/file-scan/report.html?id=84a433019d5915c354de333a7ef74b0d33190dcb100732982ac207cde575b138-1290194928)
VT 16/41 (39.0%)
Title: Re: SpyEye C&C &files
Post by: jackberri on November 20, 2010, 10:22:32 am
IP Location: Netherlands - ASN-PROSERVE B.V.
IP  188.93.150.25
AS21155
ns1.metaregistrar.nl 81.4.97.217
ns2.metaregistrar.nl 81.4.96.65
Code: [Select]
hxxp://my-panel.nl/SpyEye/main/
Title: Re: SpyEye C&C &files
Post by: jackberri on November 22, 2010, 09:06:03 pm
IP Location: United States - SharkTECH Internet Services
IP  70.39.93.57
AS46844
ns1.eu.editdns.net   AS33517
ns2.eu.editdns.net   AS46475
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org
Code: [Select]
hxxp://kokainpawer.com/fakinyea/se/build.exemd5sum ===> 9be5a75036c586f237a7dae57e79c21a
http://www.virustotal.com/file-scan/report.html?id=6f6de21dd255e9b14a0a64ef29c9e2f0cddd0a988cec6c27381ea1f1ccf59fed-1290458929 (http://www.virustotal.com/file-scan/report.html?id=6f6de21dd255e9b14a0a64ef29c9e2f0cddd0a988cec6c27381ea1f1ccf59fed-1290458929)
VT 24/43 (55.8%)
Code: [Select]
hxxp://kokainpawer.com/fakinyea/se/
Title: Re: SpyEye C&C &files
Post by: jackberri on November 23, 2010, 03:56:38 pm
Code: [Select]
hxxp://kokainpawer.com/asp.exemd5sum ===> 9be5a75036c586f237a7dae57e79c21a
http://www.virustotal.com/file-scan/report.html?id=6f6de21dd255e9b14a0a64ef29c9e2f0cddd0a988cec6c27381ea1f1ccf59fed-1290527447 (http://www.virustotal.com/file-scan/report.html?id=6f6de21dd255e9b14a0a64ef29c9e2f0cddd0a988cec6c27381ea1f1ccf59fed-1290527447)
VT 25/41 (61.0%)
Code: [Select]
hxxp://kokainpawer.com/asp2.exemd5sum ===> fec69370e57c85380422d3b4aa4748d2
http://www.virustotal.com/file-scan/report.html?id=eac5445fc19e9d45f4bad4b39a4d842033e9b819d5f1fa12cd50c682b197c54b-1290526791 (http://www.virustotal.com/file-scan/report.html?id=eac5445fc19e9d45f4bad4b39a4d842033e9b819d5f1fa12cd50c682b197c54b-1290526791)
VT 19/43 (44.2%)
Code: [Select]
hxxp://kokainpawer.com/asp3.exemd5sum ===> bb9bfe00e153d6b717ca3fa288839303
http://www.virustotal.com/file-scan/report.html?id=4ac2d812b1abccc8b7c592adeb6d5489e040902b688964766b9cf03e7e69f664-1290527107 (http://www.virustotal.com/file-scan/report.html?id=4ac2d812b1abccc8b7c592adeb6d5489e040902b688964766b9cf03e7e69f664-1290527107)
VT 22/43 (51.2%)
Title: Re: SpyEye C&C &files
Post by: jackberri on December 02, 2010, 07:45:56 pm
IP Location: Ukraine - DATAGROUP
IP  93.183.203.14
AS21219
ns1.everydns.net
ns2.everydns.net
Registrant: Stanislav V Rybakov
Code: [Select]
hxxp://eclada.co.uk/400/401/403/404/500/index/logo/v10541-v10563/bin/config.binmd5sum ===> 1ac33d926d494bfd83be6ac1cfb9daeb
Code: [Select]
hxxp://eclada.co.uk/400/401/403/404/500/index/logo/v10541-v10563/bin/IE7-WindowsXP-x86-enu.exemd5sum ===> 7163f4c4f4e8677ad2ef3ab3e6fa8e98
http://www.virustotal.com/file-scan/report.html?id=102df5d73c7dc80f1d0d7d87f55f8d2dccb5a2b4fc090d3a3fbaed834a73688f-1291318658 (http://www.virustotal.com/file-scan/report.html?id=102df5d73c7dc80f1d0d7d87f55f8d2dccb5a2b4fc090d3a3fbaed834a73688f-1291318658)
VT 1/41 (2.4%)
Code: [Select]
hxxp://eclada.co.uk/400/401/403/404/500/index/logo/v10541-v10563/
Title: Re: SpyEye C&C &files
Post by: jackberri on December 03, 2010, 03:42:55 pm
IP Location: Russian Federation - Wahome IP's  - WEBALTA-AS
IP 92.241.190.116
[heihachi.net]
AS41947
dns1.name-services.com
dns2.name-services.com
Registrant ID:a44bd91ebc72c285
Registrant/Email Registrant: Heihachi Ltd/abuse@heihachi.net
Code: [Select]
hxxp://underground-infosource.info/main/bin/1.exemd5sum ===> c6237f2f75ed0d7c60adea926fa9dc7c
http://www.virustotal.com/file-scan/report.html?id=ee0932894f40c4d6b4366a26acb72f5baf07864b78464ccfa12321cc624ae8d8-1291389494 (http://www.virustotal.com/file-scan/report.html?id=ee0932894f40c4d6b4366a26acb72f5baf07864b78464ccfa12321cc624ae8d8-1291389494)
VT 37/43 (86.0%)
Code: [Select]
hxxp://underground-infosource.info/main/bin/vpd6F53.exemd5sum ===> 60569a1f61b9bd334d91fbab6a18975a
http://www.virustotal.com/file-scan/report.html?id=2a27ba97e301e377d7577dfc9837a36703ca0f4934a2a7db2aa91c3c6a4943fc-1291389824 (http://www.virustotal.com/file-scan/report.html?id=2a27ba97e301e377d7577dfc9837a36703ca0f4934a2a7db2aa91c3c6a4943fc-1291389824)
VT 34/43 (79.1%)
Title: Re: SpyEye C&C &files
Post by: jackberri on December 09, 2010, 10:56:51 am
IP Location: France - OVH
IP 178.33.24.108
[morpheus.dialadns.com]
AS16276
ns1.qs-hosting.me
ns2.qs-hosting.me
Registrant/Email Registrant: Milan Mirovic/signjatovich@gmail.com
Code: [Select]
netcaffe.info/admin/main/
Code: [Select]
hxxp://netcaffe.info/DEL PESCARA.zipmd5sum ===> f459eae9e9baea08d75f8bb7706fcefa
Title: Re: SpyEye C&C &files
Post by: Yossarian on December 09, 2010, 05:10:06 pm
A couple of new C&C URL's...

http://klasterof1.ru/1/qweb.php?guid=<snip>
IP: 208.110.68.189
domain:     KLASTEROF1.RU
nserver:    ns1.nameself.com.
nserver:    ns2.nameself.com.
state:      REGISTERED, DELEGATED, UNVERIFIED
person:     Private Person
phone:      +7 8412 558503
e-mail:     avv20053@rambler.ru
registrar:  REGTIME-REG-RIPN
created:    2010.12.04


http://bp.olofyj.ru/derf/gate.php?guid=<snip>
IP: 91.211.119.167
domain:     OLOFYJ.RU
nserver:    ns1.r01.ru.
nserver:    ns2.r01.ru.
state:      REGISTERED, DELEGATED, VERIFIED
person:     R01 Personal Data Operator protected
phone:      +7 495 7950139 670310
e-mail:     olofyj.ru@r01-service.ru
registrar:  R01-REG-RIPN
created:    2010.12.06


Title: Re: SpyEye C&C &files
Post by: jackberri on December 12, 2010, 01:57:32 pm
IP Location: United States - RR-RC-Wholesale Internet -  RoadRunner RR-RC-Wholesale Internet
IP 69.197.135.92
AS32097
Registrant/Email Registrant: Private Person/slava2008@lenta.ru
Code: [Select]
hxxp://cravityaz.ru/1/bin/inline.jpgmd5sum ===> 58c86a9027727973a3549ddeb434feab
Code: [Select]
hxxp://cravityaz.ru/1/
Title: Re: SpyEye C&C &files
Post by: jackberri on December 17, 2010, 12:34:14 pm
IP Location: United States - RoadRunner RR-RC-Wholesale Internet
IP  204.12.208.106
AS32097
ns3.cnmsn.com
ns4.cnmsn.com
Email Registrant: Emanuel Baneyro/info@findtoup.com
Code: [Select]
hxxp://findtoup.com/find/bin/config.binmd5sum ===> ccac7bc63ee4a751f5a2e012e607bd22
Code: [Select]
hxxp://findtoup.com/find/bin/update.exemd5sum ===> a56e9d6a5ac4f298cbd108ad247fceed
http://www.virustotal.com/file-scan/report.html?id=b15efadf419bfca05f394f7325c866a88d7ad8b0dfffd8e7eeb3ecb11cfbf4fd-1292588947 (http://www.virustotal.com/file-scan/report.html?id=b15efadf419bfca05f394f7325c866a88d7ad8b0dfffd8e7eeb3ecb11cfbf4fd-1292588947)
VT 26/42 (61.9%)
Code: [Select]
hxxp://findtoup.com/find/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on December 18, 2010, 09:15:10 am
IP Location: Italy - Aruba S.p.a
IP  62.149.128.154
[mxd7.aruba.it]
AS31034
DNS2.TECHNORAIL.COM
DNS.TECHNORAIL.COM
Email Registrant: Gianluca Panchetti/panko@email.it
Code: [Select]
hxxp://senzafreni.com/vip/pornTV.exemd5sum ===> 68f5b706dcad101c4b6a3301826f5a63
http://www.virustotal.com/file-scan/report.html?id=cebe98162e410e1e407bc72894b2023f90c589123bb4f57a7620e52b16f59388-1292663210 (http://www.virustotal.com/file-scan/report.html?id=cebe98162e410e1e407bc72894b2023f90c589123bb4f57a7620e52b16f59388-1292663210)
VT 28/42 (66.7%)
Code: [Select]
hxxp://senzafreni.com/vip/
Title: Re: SpyEye C&C &files
Post by: jackberri on December 23, 2010, 10:50:29 pm
IP Location: Ukraine - Datagroup PRIVATE JOINT STOCK COMPANY
IP  77.222.142.51
AS21219
ns29.domaincontrol.com
ns30.domaincontrol.com
Registrant ID:CR64075198
Registrant/Email Registrant: Registration Private/BROWSECAT.ORG@domainsbyproxy.com
Code: [Select]
hxxp://browsecat.org/images/clients/bin/ougrfsdvt.exe
hxxp://kanyx.org/images/clients/bin/ougrfsdvt.exe
hxxp://trimba.org/images/clients/bin/ougrfsdvt.exe
md5sum ===> 330e21be0e12bb30da71a3969433980f
http://www.virustotal.com/file-scan/report.html?id=2e98732dd62b71fe3b4605cd7acad59cef014ce6d84c772b3f500ddfd629c6c2-1293143926 (http://www.virustotal.com/file-scan/report.html?id=2e98732dd62b71fe3b4605cd7acad59cef014ce6d84c772b3f500ddfd629c6c2-1293143926)
VT 35/43 (81.4%)
Code: [Select]
hxxp://browsecat.org/images/clients/bin/ftygkht.exe
hxxp://kanyx.org/images/clients/bin/ftygkht.exe
hxxp://trimba.org/images/clients/bin/ftygkht.exe
md5sum ===> aaa301368a8ffd2c463cfa1473436afc
http://www.virustotal.com/file-scan/report.html?id=c0dec0a55b9270a331ac2dfc633c86175fd69b921a98d0d963a1397cbf15b5be-1293144125 (http://www.virustotal.com/file-scan/report.html?id=c0dec0a55b9270a331ac2dfc633c86175fd69b921a98d0d963a1397cbf15b5be-1293144125)
VT 20/43 (46.5%)
Title: Re: SpyEye C&C &files
Post by: jackberri on December 29, 2010, 08:23:15 pm
IP Location: Russian Federation - PIN-AS Petersburg Internet Network LLC
IP  95.215.1.248
[master1.nx0.ru]
AS44050
ns1.nx0.ru
ns2.nx0.ru
Code: [Select]
hxxp://sweyes.co.cc/main/bin/config.binmd5sum ===> 206d140551a94e452cf2a93473a6c0a9
Code: [Select]
hxxp://sweyes.co.cc/main/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on January 06, 2011, 07:38:07 pm
IP Location: Russian Federation  - DELFANET-AS Delfa Network AS
IP  194.0.245.77
AS42533
ns1.dns-diy.net
ns2.dns-diy.net
Registrant/Email Registrant: Idila Gomi/admin@derts3563d.net
Code: [Select]
hxxp://derts3563d.net/old_files/root/bin/config.binmd5sum ===> 159c9d350325bbe92b972bb0e838f97d
Code: [Select]
hxxp://derts3563d.net/old_files/root/bin/setup.exemd5sum ===> d8cb7feac86f0844a45f7c8d3ff94630
http://www.virustotal.com/file-scan/report.html?id=7d1742c17570ede202d3f2afea1f37cb32991758bfb915f12a1619d5e0f70e44-1293711935 (http://www.virustotal.com/file-scan/report.html?id=7d1742c17570ede202d3f2afea1f37cb32991758bfb915f12a1619d5e0f70e44-1293711935)
VT 36/43 (83.7%)
Code: [Select]
hxxp://derts3563d.net/old_files/root/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on January 07, 2011, 07:43:11 am
IP Location: Ukraine  - it-outsource-as LLC
IP  91.207.182.31
AS48280
NS3.CNMSN.COM
NS4.CNMSN.COM
Registrant ID:orgss91724002656
Registrant/Email Registrant: Whois Privacy Protection Service/kceccpusuc@whoisservices.cn
Code: [Select]
hxxp://domain291.org/vppa1/bin/rt.exemd5sum ===> d58a02ab8a9a9b2b6bc2a98937471b16
http://www.virustotal.com/file-scan/report.html?id=75a8a8ca07a4ed599b3b94f73f647ee4246df57f93fca661f761293150285dfb-1294380844 (http://www.virustotal.com/file-scan/report.html?id=75a8a8ca07a4ed599b3b94f73f647ee4246df57f93fca661f761293150285dfb-1294380844)
VT 28/42 (66.7%)
Code: [Select]
hxxp://domain291.org/vppa1/bin/sssss.exemd5sum ===> 87d34819a04cda5ade2e0f460433c234
http://www.virustotal.com/file-scan/report.html?id=b1fde54d830df676673e6b7fb206e22e4cb711c77a524167cb499945b426b364-1294384367 (http://www.virustotal.com/file-scan/report.html?id=b1fde54d830df676673e6b7fb206e22e4cb711c77a524167cb499945b426b364-1294384367)
VT 1/42 (2.4%)
Code: [Select]
hxxp://domain291.org/vppa1/bin/ddd.exemd5sum ===> 748f5bbed99bb9d1235396fe88d288c2
http://www.virustotal.com/file-scan/report.html?id=7f219225f93a8e6d6ba23756750cd47fffa5aee109a70867bea56823b31d02d4-1294384732 (http://www.virustotal.com/file-scan/report.html?id=7f219225f93a8e6d6ba23756750cd47fffa5aee109a70867bea56823b31d02d4-1294384732)
VT 26/41 (63.4%)
Code: [Select]
hxxp://domain291.org/vppa1/bin/hh.exemd5sum ===> 26ef9c0ac1cf945bb1a49c831eefe7dd
http://www.virustotal.com/file-scan/report.html?id=037c7ba5f8068de81ddc4b0b1f83ad5aeec70aeccae37b7bfcb64c7c047c3833-1294384839 (http://www.virustotal.com/file-scan/report.html?id=037c7ba5f8068de81ddc4b0b1f83ad5aeec70aeccae37b7bfcb64c7c047c3833-1294384839)
VT 40/43 (93.0%)
Code: [Select]
hxxp://domain291.org/vppa1/bin/vp_24_12_2010.exemd5sum ===> 636c1a74a0a7e285afbd29ada3ea941f
http://www.virustotal.com/file-scan/report.html?id=a4e4f06d009363dd964e8d7c179ebd9967bff32fda80f5775ad9653ba0ae05ab-1294385003 (http://www.virustotal.com/file-scan/report.html?id=a4e4f06d009363dd964e8d7c179ebd9967bff32fda80f5775ad9653ba0ae05ab-1294385003)
VT 35/41 (85.4%)
Code: [Select]
hxxp://domain291.org/vppa1/bin/gfd.exemd5sum ===> 31cdb88439d363b970c03d5a4c6f86aa
http://www.virustotal.com/file-scan/report.html?id=c930f22feaed93c24e8d2dad3c37567a6ef9562e226c81a8e0e241e379d4bd85-1294385190 (http://www.virustotal.com/file-scan/report.html?id=c930f22feaed93c24e8d2dad3c37567a6ef9562e226c81a8e0e241e379d4bd85-1294385190)
VT 33/41 (80.5%)
Code: [Select]
hxxp://domain291.org/vppa1/bin/44.exemd5sum ===> c98aa1796a242491d9a85e0c9bd62ff7
http://www.virustotal.com/file-scan/report.html?id=9d8a1b9822c551c978aef5c51ebef5449166324bed4e9384b534670e6944d81a-1294385378 (http://www.virustotal.com/file-scan/report.html?id=9d8a1b9822c551c978aef5c51ebef5449166324bed4e9384b534670e6944d81a-1294385378)
VT 38/43 (88.4%)
Code: [Select]
hxxp://domain291.org/vppa1/bin/234.exemd5sum ===> 479c784213770a6fa16c8e8bb735b622
http://www.virustotal.com/file-scan/report.html?id=6c47d74d8f14009d466243059fc652e8ac77a2f3fed90b39d4e97a02f31f3b65-1294385644 (http://www.virustotal.com/file-scan/report.html?id=6c47d74d8f14009d466243059fc652e8ac77a2f3fed90b39d4e97a02f31f3b65-1294385644)
VT 35/43 (81.4%)
Code: [Select]
hxxp://domain291.org/vppa1/bin/jhg.exemd5sum ===> a795dec6e0eb23505bebb0e4841edf61
http://www.virustotal.com/file-scan/report.html?id=6c47d74d8f14009d466243059fc652e8ac77a2f3fed90b39d4e97a02f31f3b65-1294385644 (http://www.virustotal.com/file-scan/report.html?id=6c47d74d8f14009d466243059fc652e8ac77a2f3fed90b39d4e97a02f31f3b65-1294385644)
VT 37/42 (88.1%)
Code: [Select]
hxxp://domain291.org/vppb1/zkapida234.php
Title: Re: SpyEye C&C &files
Post by: jackberri on January 14, 2011, 01:06:54 pm
IP Location: China - DXTNET
IP 61.4.82.131
AS17964
ns1.vps-server.ru
ns2.vps-server.ru
Registrant/Email Registrant: Sergey K Frodin/sergeifrodin@list.ru
Code: [Select]
hxxp://pornourl.tv/main/bin/config.binmd5sum ===> 883c947269ee252634186e53713fd46c
Code: [Select]
hxxp://pornourl.tv/spicing/notaporn/hook.jpg
Title: Re: SpyEye C&C &files
Post by: jackberri on January 30, 2011, 04:37:12 pm
IP Location:  China - Chinanet Jiangsu Province Network
IP 61.147.67.237
AS23650
lovingname.earth.orderbox-dns.com
lovingname.mars.orderbox-dns.com
lovingname.mercury.orderbox-dns.com
lovingname.venus.orderbox-dns.com
Registrant/Email Registrant: ramunas ltd/jamalek39@hotmail.co.uk
Code: [Select]
hxxp://mailservicenail.com/8956mainadmin/rxtdcfyvgubhinj.php
IP Location: Latvia - GENERALSERVICE-AS
IP 91.193.194.168
AS42872
ns1.fhfhfe880.com
ns2.fhfhfe880.com
Registrant/Email Registrant: Georg Nichalski/r1singmoon@gmail.com
Code: [Select]
hxxp://fhfhfe880.com/mains/bin/config.binmd5sum ===> 55ebc79acc5581cc2f36c77006518e9c
Code: [Select]
hxxp://fhfhfe880.com/mains/bin/200.exemd5sum ===> b845ae293007a49f1a104c561bd35733
http://www.virustotal.com/file-scan/report.html?id=2a48afac05b6cede55772a53b8af331db0e094eec5b7a1daf0dd03fcf5f0eb16-1296404398 (http://www.virustotal.com/file-scan/report.html?id=2a48afac05b6cede55772a53b8af331db0e094eec5b7a1daf0dd03fcf5f0eb16-1296404398)
VT 33/ 43 (76.7%)
Code: [Select]
hxxp://fhfhfe880.com/mains/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on February 05, 2011, 05:21:08 pm
IP Location:  United Kingdom - Didjief Internation Kulinari Koncept Llc - XISOFT-AS XISOFT SRL
AS48709
Code: [Select]
hxxp://91.200.240.7/Yh89RfaPh7bBss1zOFn7saOaOOa/bin/config.binmd5sum ===> 1c9da99c89b06e0b5b111ea102498709
Code: [Select]
hxxp://91.200.240.7/Yh89RfaPh7bBss1zOFn7saOaOOa/bin/build___who.exemd5sum ===> d7578e550c0a4d4aca0cfd01ae19a331
http://www.virustotal.com/file-scan/report.html?id=3d509341107a9577899918ef3b2b63ceda0fcbcd09976e79e94610a3cf674b8a-1296919687 (http://www.virustotal.com/file-scan/report.html?id=3d509341107a9577899918ef3b2b63ceda0fcbcd09976e79e94610a3cf674b8a-1296919687)
VT 24/43 (55.8%)
Code: [Select]
hxxp://91.200.240.7/Yh89RfaPh7bBss1zOFn7saOaOOa/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on February 16, 2011, 03:21:17 pm
IP  Location: United States - THEPLANET-AS2
IP  174.123.144.11
[ns1.siteground307.com]
AS21844
NS3.AFRAID.ORG
NS2.AFRAID.ORG
NS4.AFRAID.ORG
NS1.AFRAID.ORG
Registrant/Email Registrant: Mirzik Zaris/newdomains@siteground.com
Code: [Select]
hxxp://uzimtasnikas.com/main/bin/config.binmd5sum ===> ec009e2efb14e6c93ed7f5a670e349e3
Code: [Select]
hxxp://uzimtasnikas.com/main/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on February 18, 2011, 10:47:06 am
IP Location:  Ukraine - Didjief Internation Kulinari Koncept Llc - XISOFT-AS XISOFT SRL
IP 91.200.241.251
AS48709
Name Server: yns2.yahoo.com yns1.yahoo.com
Registrant/Email Registrant: Andrew Hett/hett.andrew@yahoo.com
Code: [Select]
http://mansoitars.com/T6yRslk8JrR5sOpskHs51L/bin/config.binmd5sum ===> 7fbfaac9702922a887dd826e58733fa8
Code: [Select]
http://mansoitars.com/T6yRslk8JrR5sOpskHs51L/bin/program.exemd5sum ===> 49b9ea0cf3c0677b92f2db6a6ae63c39
http://www.virustotal.com/file-scan/report.html?id=280474b73ed5c32244b301164df4ebdf844e87fd0ea415e9b56744fd318ce83b-1298025305 (http://www.virustotal.com/file-scan/report.html?id=280474b73ed5c32244b301164df4ebdf844e87fd0ea415e9b56744fd318ce83b-1298025305)
VT 5/43 (11.6%)
Code: [Select]
http://mansoitars.com/T6yRslk8JrR5sOpskHs51L/bin/signed.exemd5sum ===> 69e5af1c398f70e4f61c7c642cefc328
http://www.virustotal.com/file-scan/report.html?id=3d509341107a9577899918ef3b2b63ceda0fcbcd09976e79e94610a3cf674b8a-1296919687 (http://www.virustotal.com/file-scan/report.html?id=3d509341107a9577899918ef3b2b63ceda0fcbcd09976e79e94610a3cf674b8a-1296919687)
VT 15/42 (35.7%)
Code: [Select]
http://mansoitars.com/T6yRslk8JrR5sOpskHs51L/bin/spy_upx_signed.exemd5sum ===> 1d7f516c08833d543ca2feae45ef81a2
http://www.virustotal.com/file-scan/report.html?id=fc12bede445315a39c079f8fa4afefbf1238a14e8add536171ec58de6b606a67-1298025244 (http://www.virustotal.com/file-scan/report.html?id=fc12bede445315a39c079f8fa4afefbf1238a14e8add536171ec58de6b606a67-1298025244)
VT 10/43 (23.3%)
Code: [Select]
http://mansoitars.com/T6yRslk8JrR5sOpskHs51L/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on February 18, 2011, 05:20:43 pm
IP Location: Russian Federation  - 2x4.ru Network
[heihachi.net]
AS41947
Code: [Select]
http://92.241.164.67/account/bin/config.binmd5sum ===> 54f6ba404980ab4246b0ee6b5d391c65
Code: [Select]
http://92.241.164.67/account/bin/2.exemd5sum ===> 33a577ec6415719819b5814eabd24eb0
http://www.virustotal.com/file-scan/report.html?id=0fb5fa1f5d4a9595e0aa109a41788de73e796d91eed84810db91c3388703bf21-1298048742 (http://www.virustotal.com/file-scan/report.html?id=0fb5fa1f5d4a9595e0aa109a41788de73e796d91eed84810db91c3388703bf21-1298048742)
VT 5/43 (11.6%)
Code: [Select]
http://92.241.164.67/account/bin/msdll.exemd5sum ===> 5e3aaf667437148ff8afdb1ed2ef46ec
http://www.virustotal.com/file-scan/report.html?id=12e50095bacfb7db930ee1c0f9e8d5ad86a0e7ef5f87ec8078f5f3be88732d7f-1298048516 (http://www.virustotal.com/file-scan/report.html?id=12e50095bacfb7db930ee1c0f9e8d5ad86a0e7ef5f87ec8078f5f3be88732d7f-1298048516)
VT 6/43 (14.0%)
Code: [Select]
http://92.241.164.67/account/bin/rtsshare.exemd5sum ===> f097f811dd94df3d642deb5f3e6fe547
http://www.virustotal.com/file-scan/report.html?id=837bc7e1a21e484a1ab0fe4582d8feb2dc3eb5b2ac7feaf8772347ff69766b1d-1298049013 (http://www.virustotal.com/file-scan/report.html?id=837bc7e1a21e484a1ab0fe4582d8feb2dc3eb5b2ac7feaf8772347ff69766b1d-1298049013)
VT 3/43 (7.0%)
Code: [Select]
http://92.241.164.67/account/bin/sysdfd.exemd5sum ===> 3500bfb90db9d500b9e73929e0ebde27
http://www.virustotal.com/file-scan/report.html?id=837bc7e1a21e484a1ab0fe4582d8feb2dc3eb5b2ac7feaf8772347ff69766b1d-1298049013 (http://www.virustotal.com/file-scan/report.html?id=837bc7e1a21e484a1ab0fe4582d8feb2dc3eb5b2ac7feaf8772347ff69766b1d-1298049013)
VT 6/43 (14.0%)
Code: [Select]
http://92.241.164.67/account/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on February 18, 2011, 08:22:05 pm
Code: [Select]
hxxp://91.200.240.7/T6yRslk8JrR5sOpskHs51L/bin/config.binmd5sum ===> 7fbfaac9702922a887dd826e58733fa8
Code: [Select]
http://91.200.240.7/T6yRslk8JrR5sOpskHs51L/bin/spy_upx_signed.exemd5sum ===> 1d7f516c08833d543ca2feae45ef81a2
http://www.virustotal.com/file-scan/report.html?id=fc12bede445315a39c079f8fa4afefbf1238a14e8add536171ec58de6b606a67-1298059818 (http://www.virustotal.com/file-scan/report.html?id=fc12bede445315a39c079f8fa4afefbf1238a14e8add536171ec58de6b606a67-1298059818)
VT 18/43 (41.9%)
Code: [Select]
http://91.200.240.7/T6yRslk8JrR5sOpskHs51L/bin/signed.exemd5sum ===> 69e5af1c398f70e4f61c7c642cefc328
http://www.virustotal.com/file-scan/report.html?id=c5e07640599982c35aea5fdfcdc31022231b6a75291f280749c775a09115d0b6-1298059884 (http://www.virustotal.com/file-scan/report.html?id=c5e07640599982c35aea5fdfcdc31022231b6a75291f280749c775a09115d0b6-1298059884)
VT 20/41 (48.8%)
Code: [Select]
http://91.200.240.7/T6yRslk8JrR5sOpskHs51L/bin/program.exemd5sum ===> 49b9ea0cf3c0677b92f2db6a6ae63c39
http://www.virustotal.com/file-scan/report.html?id=280474b73ed5c32244b301164df4ebdf844e87fd0ea415e9b56744fd318ce83b-1298060139 (http://www.virustotal.com/file-scan/report.html?id=280474b73ed5c32244b301164df4ebdf844e87fd0ea415e9b56744fd318ce83b-1298060139)
VT 17/43 (39.5%)
Code: [Select]
http://91.200.240.7/T6yRslk8JrR5sOpskHs51L/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on February 21, 2011, 06:44:10 am
Code: [Select]
http://mansoitars.com/T6yRslk8JrR5sOpskHs51L/bin/song18_signed.exe
http://91.200.240.7/T6yRslk8JrR5sOpskHs51L/bin/song18_signed.exe
md5sum ===> 55494d984400d4ede235bd8106199120
http://www.virustotal.com/file-scan/report.html?id=3db2b7c2f7d3daaf9fe1607e1439c3303c286bf35abbb01d18c1307c8f6bb77d-1298269744 (http://www.virustotal.com/file-scan/report.html?id=3db2b7c2f7d3daaf9fe1607e1439c3303c286bf35abbb01d18c1307c8f6bb77d-1298269744)
VT 17/43 (39.5%)
Code: [Select]
http://mansoitars.com/T6yRslk8JrR5sOpskHs51L/bin/song20_upx_signed.exe
http://91.200.240.7/T6yRslk8JrR5sOpskHs51L/bin/song20_upx_signed.exe
md5sum ===> f5f2b1bc7b17636b6f733863efc7127d
http://www.virustotal.com/file-scan/report.html?id=c838f54e1a29a5ff6d7a690a4dc83f8269b9df2de5e9d69c2d4562368898e8a7-1298269874 (http://www.virustotal.com/file-scan/report.html?id=c838f54e1a29a5ff6d7a690a4dc83f8269b9df2de5e9d69c2d4562368898e8a7-1298269874)
VT 1/43 (2.3%)
config file updated:
Code: [Select]
http://mansoitars.com/T6yRslk8JrR5sOpskHs51L/bin/config.bin
http://91.200.240.7/T6yRslk8JrR5sOpskHs51L/bin/config.bin
md5sum ===> bed6a0d0282da512675a486db9d543af
Title: Re: SpyEye C&C &files
Post by: jackberri on February 21, 2011, 07:35:19 am
IP Location:  Ukraine - Didjief Internation Kulinari Koncept Llc - XISOFT-AS XISOFT SRL
IP 91.200.241.251
AS48709
Name Server: yns2.yahoo.com yns1.yahoo.com
Registrant/Email Registrant: Willie Vanhoy/vanhoywillie@yahoo.com
Code: [Select]
http://bavolpatam.com/T6yRslk8JrR5sOpskHs51L/bin/config.binmd5sum ===> bed6a0d0282da512675a486db9d543af
Code: [Select]
http://bavolpatam.com/T6yRslk8JrR5sOpskHs51L/bin/program.exemd5sum ===> 49b9ea0cf3c0677b92f2db6a6ae63c39
Code: [Select]
http://bavolpatam.com/T6yRslk8JrR5sOpskHs51L/bin/signed.exemd5sum ===> 69e5af1c398f70e4f61c7c642cefc328
Code: [Select]
http://bavolpatam.com/T6yRslk8JrR5sOpskHs51L/bin/spy_upx_signed.exemd5sum ===> 1d7f516c08833d543ca2feae45ef81a2
Code: [Select]
http://bavolpatam.com/T6yRslk8JrR5sOpskHs51L/bin/song18_signed.exemd5sum ===> 55494d984400d4ede235bd8106199120
Code: [Select]
http://bavolpatam.com/T6yRslk8JrR5sOpskHs51L/bin/song20_upx_signed.exemd5sum ===> f5f2b1bc7b17636b6f733863efc7127d
Code: [Select]
http://bavolpatam.com/T6yRslk8JrR5sOpskHs51L/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on February 23, 2011, 08:58:13 am
IP Location:  Ukraine - FINACTIVE-AS
IP 193.186.9.97
AS44209
Name Server: NS1.EVERYDNS.NET  NS2.EVERYDNS.NET
Registrant/Email Registrant: Anton Unosov/admin@contentserver.ru
Code: [Select]
http://bigbadaboomboom.in/images/bin/upload/killcookies.exe                   
http://bigbadaboomboom.in/images/bin/upload/killcookies1.exe
md5sum ===> 140aba32a1057502e4898fb920657519
http://www.virustotal.com/file-scan/report.html?id=f63f85e92f9650719c39e3bf3d87235b4469c77b42f6f8547f9705c57f560053-1298450796 (http://www.virustotal.com/file-scan/report.html?id=f63f85e92f9650719c39e3bf3d87235b4469c77b42f6f8547f9705c57f560053-1298450796)
VT 2/43 (4.7%)
Code: [Select]
http://bigbadaboomboom.in/images/
Title: Re: SpyEye C&C &files
Post by: jackberri on February 24, 2011, 10:20:31 am
IP Location:  Romania - CH-NET-AS CH-NET SRL
IP 188.240.32.164
AS41011
Name Server: ns-usa.topdns.com  ns-uk.topdns.com ns-canada.topdns.com             
Code: [Select]
http://milinewo.be/_cp/bin/config.bin                 md5sum ===> cd87da6b8d80b1197a567c3b8e9d5763
Code: [Select]
http://milinewo.be/_cp/bin/calc.exe                   md5sum ===> bdeecd7aa2ccbf3dbfce9ccc325e1c16http://www.virustotal.com/file-scan/report.html?id=834a410a2d42bff29febb7fdc4ef3a2b6d804fa13852571061bf5f7138f2cab9-1298541085 (http://www.virustotal.com/file-scan/report.html?id=834a410a2d42bff29febb7fdc4ef3a2b6d804fa13852571061bf5f7138f2cab9-1298541085)
VT 3/43 (7.0%)
Code: [Select]
http://milinewo.be/_cp/bin/b2.exe                     md5sum ===> 93545d66e2288e4a6fcb2fdb92dbb157http://www.virustotal.com/file-scan/report.html?id=dd99992541a2254ede9f9b4907f3830d0ca38264ce6661b4e6985d1552a0afdd-1298541038 (http://www.virustotal.com/file-scan/report.html?id=dd99992541a2254ede9f9b4907f3830d0ca38264ce6661b4e6985d1552a0afdd-1298541038)
VT 26/43 (60.5%)
Code: [Select]
http://milinewo.be/_cp/bin/build.exe                  md5sum ===> 255d1750aafc6705c992648f2f461db5http://www.virustotal.com/file-scan/report.html?id=d77c78e2072153e437f854aa3d677d8b985680d1b58fa48089a93889befac0c2-1298541693 (http://www.virustotal.com/file-scan/report.html?id=d77c78e2072153e437f854aa3d677d8b985680d1b58fa48089a93889befac0c2-1298541693)
VT 34/43 (79.1%)
Code: [Select]
http://milinewo.be/_cp/gate.php
IP Location:  Romania - Titan Net - Enter-Net-Team-AS
IP 94.63.246.102
AS38913
Name Server: ns1.dns-diy.net  ns2.dns-diy.net
Registrant/Email Registrant: Andre Mazen/admin@porohh.net                       
Code: [Select]
http://porohh.net/ponelko/bin/config.bin               md5sum ===> 3d320e51a88aef8f97309f7ec0e0fa4d
http://porohh.net/ponelko/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on February 25, 2011, 04:03:20 pm
IP Location: Germany  - NETDIRECT AS
IP 84.16.243.232
[84-16-243-232.local]
AS28753
Name Server: ns1.ipchecker006.com 84.16.243.232  ns2.ipchecker006.com 78.159.96.95
Registrant/Email Registrant: Nikolay A Alukov/checkip4u@yahoo.com 
Code: [Select]
http://ipchecker006.com/us5/bin/config.bin             md5sum ===> ec221241aabd28d7832d29df48706579
http://ipchecker006.com/us/bin/config.bin              md5sum ===> 32c8f3a474fcb1617f1164ebee20cf61
http://ipchecker006.com/us5/bin/1305.exe               md5sum ===> 7353d64c74c2fcaee4a2c87717611997
http://www.virustotal.com/file-scan/report.html?id=090f05562b089e8e4b94c4872be71acfcb6c415ec5fddc460352a132a43db7b5-1298649077 (http://www.virustotal.com/file-scan/report.html?id=090f05562b089e8e4b94c4872be71acfcb6c415ec5fddc460352a132a43db7b5-1298649077)
VT 23/43 (53.5%)
Code: [Select]
http://ipchecker006.com/us/bin/1305.exe                md5sum ===> cde940861d204406157169db98a3193ehttp://www.virustotal.com/file-scan/report.html?id=fe38963e010d80b1861aa9469a9fe8fa77dec345924f35493c0b26023aa3dfa8-1298649237 (http://www.virustotal.com/file-scan/report.html?id=fe38963e010d80b1861aa9469a9fe8fa77dec345924f35493c0b26023aa3dfa8-1298649237)
VT 25/42 (59.5%)
Code: [Select]
http://ipchecker006.com/us/bin/1280.exe                md5sum ===> f7ce22047736a258dba27bf06f809d6chttp://www.virustotal.com/file-scan/report.html?id=1cb902c34060da1b57e83e0af8548ccea5dc9db983fe912027146187c096ba27-1298640605 (http://www.virustotal.com/file-scan/report.html?id=1cb902c34060da1b57e83e0af8548ccea5dc9db983fe912027146187c096ba27-1298640605)
VT 39/43 (90.7%)
Code: [Select]
http://ipchecker006.com/us5/gate.php
http://ipchecker006.com/us/gate.php
Title: Re: SpyEye C&C &files
Post by: jackberri on March 02, 2011, 08:44:30 am
IP Location:  Romania - UPC Broadband
IP 78.97.34.195
AS6830
Name Server: ns1.securitylabok1.com  ns2.securitylabok1.com
Registrant/Email Registrant: Johanna A. Quillen/johannaaquillen1171@gmail.com  
Code: [Select]
http://securitylabok1.com/mypanel/bin/config.bin                 md5sum ===> cf5d2357c08ff31b6bad7528924f65a5
http://securitylabok1.com/mypanel/
Title: Re: SpyEye C&C &files
Post by: jackberri on March 08, 2011, 02:37:23 pm
IP Location:  Romania - CH-NET-AS CH-NET SRL
AS41011           
Code: [Select]
http://188.240.32.164/1/config.bin                             md5sum ===> 1c16ecb152e08350b1a29b63570e39a3
http://188.240.32.164/nfjgA/bin/spy.exe                        md5sum ===> 3a32de8e3a55a1368309e6507b9a28b1
http://188.240.32.164/nfjgA/bin/calc.exe                       md5sum ===> bdeecd7aa2ccbf3dbfce9ccc325e1c16
http://188.240.32.164/nfjgA/
http://www.virustotal.com/file-scan/report.html?id=ecc523216ceeb72f8fe892a11d7025b54f844bf36687e8f6e2b9837044458129-1299591491 (http://www.virustotal.com/file-scan/report.html?id=ecc523216ceeb72f8fe892a11d7025b54f844bf36687e8f6e2b9837044458129-1299591491)
VT 23/43 (53.5%)
http://www.virustotal.com/file-scan/report.html?id=834a410a2d42bff29febb7fdc4ef3a2b6d804fa13852571061bf5f7138f2cab9-1299594382 (http://www.virustotal.com/file-scan/report.html?id=834a410a2d42bff29febb7fdc4ef3a2b6d804fa13852571061bf5f7138f2cab9-1299594382)
VT 35/43 (81.4%)
Title: Re: SpyEye C&C &files
Post by: jackberri on March 09, 2011, 05:10:23 pm
IP Location:  Russian Federation - DINET-AS
IP 92.38.233.192
AS12695
Name Server: NS3.CNMSN.COM. NS4.CNMSN.COM
Registrant/Email Registrant: Tas Lodon/admin@rantigalta-industrellio.net         
Code: [Select]
http://rantigalta-industrellio.net/main/bin/54hj45j3.exe                        md5sum ===> 4e2d6a23618f15c2e49059686d94ada3
http://rantigalta-industrellio.net/main/
http://rantigalta-industrellio.net/main/gate.php?guid=User!SANDBOX2!D06F0742&ver=10299&stat=ONLINE&ie=6.0.2900.2180&os=5.1.2600&ut=Admin&cpu=100&ccrc=2C684F2A&md5=4e2d6a23618f15c2e49059686d94ada3
http://www.virustotal.com/file-scan/report.html?id=401bc1f200cb535074bb6fd6a8fb1ecf59dbe4e650dbae12043eab4b63f344ee-1299690213 (http://www.virustotal.com/file-scan/report.html?id=401bc1f200cb535074bb6fd6a8fb1ecf59dbe4e650dbae12043eab4b63f344ee-1299690213)
VT 8/40 (20.0%)
Title: Re: SpyEye C&C &files
Post by: APACHE on March 10, 2011, 01:55:27 am
IP Location:  Russian Federation - DINET-AS
IP 92.38.233.192
AS12695
Name Server: NS3.CNMSN.COM. NS4.CNMSN.COM
Registrant/Email Registrant: Tas Lodon/admin@rantigalta-industrellio.net        

Code: [Select]
http://rantigalta-industrellio.net/main/bin/dd99.exeVT 18/ 43 MD5: 2c29360fe503cecd7a4ef1648eba7e83
http://www.virustotal.com/file-scan/report.html?id=92b7ba0bcbb24c5c0224210890493e270b5288b4c67249f74e8aed72fe959c4d-1299721595
Code: [Select]
http://rantigalta-industrellio.net/main/bin/ghk6g3.exeVT 21/ 42 MD5: f01c2beff8fb41ba560fe39b690f935b
http://www.virustotal.com/file-scan/report.html?id=01f3a5836f8553aac7fd0175d7051c67f3637d09910f4fb64f3f973966fb4644-1299721628
Code: [Select]
http://rantigalta-industrellio.net/main/bin/hhf64f3.exeVT 29/ 42  MD5: 87994045cabb730e0d66d73e3fc219e1
http://www.virustotal.com/file-scan/report.html?id=4f0d9b316b60d38d1e49e451bfbf628fd4b8eb4f8ae7fd4fcb1129d999bbb1d9-1299721463
Title: Re: SpyEye C&C &files
Post by: jackberri on March 13, 2011, 08:40:04 am
Code: [Select]
http://ipchecker006.com/us6/bin/config.bin       md5sum ===> 4afdc09dc9c03d1fd4cda7c2c95d23d5
http://ipchecker006.com/us6/bin/1310.exe         md5sum ===> 47e2200886fcf34bd8b835fd01353034
http://ipchecker006.com/us6/gate.php
http://www.virustotal.com/file-scan/report.html?id=4f0d54620592be8cc0418fed8e3385a9c0f3f2bb453e3f073fc18caed937c424-1300005054 (http://www.virustotal.com/file-scan/report.html?id=4f0d54620592be8cc0418fed8e3385a9c0f3f2bb453e3f073fc18caed937c424-1300005054)
VT 3/43 (7.0%)
Title: Re: SpyEye C&C &files
Post by: jackberri on March 13, 2011, 06:22:41 pm
IP Location:  Russian Federation - PINROUTE - PIN-AS Petersburg Internet Network LLC
IP 46.161.29.68
AS44050
Name Server: ns1.sslverisign.ru. 46.161.29.67   ns2.sslverisign.ru. 46.161.29.68
Registrant/Email Registrant: Private Person/dns@sslverisign.ru
Code: [Select]
http://sslverisign.ru/neo/bin/config.bin               md5sum ===> 7a46b693de83066896acbf23ba0f546a
http://sslverisign.ru/neo/bin/update.exe               md5sum ===> 483894e94253b866bc498d7c2c84cfd0
http://sslverisign.ru/neo/gate.php
http://www.virustotal.com/file-scan/report.html?id=65bdc7f7ddc4c080b4ddd8b29416c1aaffd86039b7201df9e5b6fc5d1c682b15-1300040077 (http://www.virustotal.com/file-scan/report.html?id=65bdc7f7ddc4c080b4ddd8b29416c1aaffd86039b7201df9e5b6fc5d1c682b15-1300040077)
VT 6/43 (14.0%)
Title: Re: SpyEye C&C &files
Post by: jackberri on March 26, 2011, 05:40:13 pm
related SpyEye malware:

IP Location:  United Kingdom - CTIHK CITY TELECOM (HK) LTD
IP 91.207.192.37
AS9269
Name Server: ns1.hostecon.com  ns2.hostecon.com
Code: [Select]
http://madsmac.com/tish/cb.exe                    md5sum ===> 85007e984d79c952f465e207afda6e59http://www.virustotal.com/file-scan/report.html?id=142d736d933aa0ed120b2a38aa6aec8e6252a17e92a2fcc8104b161da5a40afe-1301152163 (http://www.virustotal.com/file-scan/report.html?id=142d736d933aa0ed120b2a38aa6aec8e6252a17e92a2fcc8104b161da5a40afe-1301152163)
VT 23/41 (56.1%)
Title: Re: SpyEye C&C &files
Post by: jackberri on March 27, 2011, 05:54:57 pm
IP Location: Lithuania  - SPLIUS-AS SPLIUS, UAB
IP  77.79.4.200
[hst-4-200.duomenucentras.lt]
AS25406
Name Server: ns1.freedns.ws  ns2.freedns.ws
Registrant/Email Registrant: Private Person - UOL/gaze@bigmailbox.ru
Code: [Select]
http://newnut.ru/media/bin/config.bin                    md5sum ===> 8acd3f5413f93f471dcf6f31d2f6785f
http://newnut.ru/media/bin/support.exe                    md5sum ===> 6af3b246548f9d8c5f7374b4edbfbaf5
http://www.virustotal.com/file-scan/report.html?id=0099f35760198f5d51273b068ae0ea29078fd6c57132da3cc1914ba3648f3355-1301247818 (http://www.virustotal.com/file-scan/report.html?id=0099f35760198f5d51273b068ae0ea29078fd6c57132da3cc1914ba3648f3355-1301247818)
VT 6/43 (14.0%)
sigcheck:
publisher....: BitDefender S.R.L.
copyright....: Copyright (C) 2010
product......: BitDefender 2010
description..: BitDefender Agent
original name: bdagent.exe
internal name: BDAgent
file version.: 13,0,20,4
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

related:
Code: [Select]
http://rapidshare.com/files/453988800/manga.jpg                    md5sum ===> 5ee7467964f38c7c27a14aad726526dahttp://www.virustotal.com/file-scan/report.html?id=ceadf583be647a1c6451d7dd48a03d4859d3f5d35aed38c42fa48613bd341804-1301246484 (http://www.virustotal.com/file-scan/report.html?id=ceadf583be647a1c6451d7dd48a03d4859d3f5d35aed38c42fa48613bd341804-1301246484)
VT 3/41 (7.3%)
sigcheck:
publisher....: BitDefender S.R.L.
copyright....: Copyright (C) 2010
product......: BitDefender 2010
description..: BitDefender Agent
original name: bdagent.exe
internal name: BDAgent
file version.: 13,0,20,4
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Code: [Select]
http://easy-upload.nl/f/V6R7CkeW                    md5sum ===> ac1332094ab44fbaa2168392805ed5d7http://www.virustotal.com/file-scan/report.html?id=cecd3cac99d4771bd1501fea72662a81d1ff63f877c0b717aafde66bb58dc19e-1301245790 (http://www.virustotal.com/file-scan/report.html?id=cecd3cac99d4771bd1501fea72662a81d1ff63f877c0b717aafde66bb58dc19e-1301245790)
VT 6/42 (14.3%)
sigcheck:
publisher....: BitDefender S.R.L.
copyright....: Copyright (C) 2010
product......: BitDefender 2010
description..: BitDefender Agent
original name: bdagent.exe
internal name: BDAgent
file version.: 13,0,20,4
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Title: Re: SpyEye C&C &files
Post by: jackberri on March 29, 2011, 06:37:42 am
IP Location:  Ukraine - KOSMOTEL-AS
IP 195.234.125.206
AS20489
Name Server: NS1.DNS-DIY.NET  NS2.DNS-DIY.NET
Registrant/Email Registrant: Kurban Shaid/admin@cossmar-goiano.asia                         
Code: [Select]
http://cossmar-goiano.asia/gdr/bin/config.bin                 md5sum ===> 28db6c042bfdba7d6be80114f0f0d623
http://cossmar-goiano.asia/gdr/bin/upload/msm.exe             md5sum ===> 610dea0c5fc27ee3e8dfb5afe5e7a1bf
http://cossmar-goiano.asia/gdr/gate.php
http://www.virustotal.com/file-scan/report.html?id=a15f27cc99f182ae9ffba8cb7c0653dccfb5cec6ef93ed0a282771ca185a89bb-1301380329 (http://www.virustotal.com/file-scan/report.html?id=a15f27cc99f182ae9ffba8cb7c0653dccfb5cec6ef93ed0a282771ca185a89bb-1301380329)
VT 14/41 (34.1%)
Title: Re: SpyEye C&C &files
Post by: jackberri on May 02, 2011, 11:21:02 am
IP Location:  United States - PEER1 Network Inc.
IP 69.194.160.223
AS13768
Name Server: ns.co.cc | ns4.co.cc
Code: [Select]
http://turaminich.co.cc/zcontent/catalog/bin/config.bin                       md5sum ===> 5949ac2f77b2f9c2c0f596356d697015
http://turaminich.co.cc/zcontent/catalog/bin/rar.exe                          md5sum ===> afaa4d808896b568f7740b81ec684a26           
http://turaminich.co.cc/zcontent/catalog/bin/upload/zip.exe                   md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7
http://turaminich.co.cc/zcontent/catalog/bin/upload/zip1.exe                  md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7
http://turaminich.co.cc/zcontent/catalog/bin/upload/zip11.exe                 md5sum ===> afaa4d808896b568f7740b81ec684a26
http://turaminich.co.cc/zcontent/catalog/
http://www.virustotal.com/file-scan/report.html?id=c05a6d1c80fe80c07b1915a57d69a82c44c93b6e01720d1e966203d3ae3283bf-1304334489 (http://www.virustotal.com/file-scan/report.html?id=c05a6d1c80fe80c07b1915a57d69a82c44c93b6e01720d1e966203d3ae3283bf-1304334489)
VT 21/42 (50.0%)
http://www.virustotal.com/file-scan/report.html?id=952ff332e74b9465cc8db296d4886982afee7b3ab45f80b7d49dc9b4964c3d5d-1304334538 (http://www.virustotal.com/file-scan/report.html?id=952ff332e74b9465cc8db296d4886982afee7b3ab45f80b7d49dc9b4964c3d5d-1304334538)
VT 18/40 (45.0%)
Title: Re: SpyEye C&C &files
Post by: SysAdMini on May 02, 2011, 06:20:35 pm
Code: [Select]
http://turaminich.co.cc/zcontent/catalog/bin/upload/zip.exe                   md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7
http://turaminich.co.cc/zcontent/catalog/bin/upload/zip1.exe                  md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7

These 2 files are Zeus. Related urls are: http://www.malwaredomainlist.com/mdl.php?search=vseponovoy.cc.im&colsearch=All&quantity=50

Title: Re: SpyEye C&C &files
Post by: jackberri on May 04, 2011, 06:50:55 pm
These 2 files are Zeus. Related urls are: http://www.malwaredomainlist.com/mdl.php?search=vseponovoy.cc.im&colsearch=All&quantity=50

You're right ;)
I was wrong  >:(

More:
Code: [Select]
http://vseponovoy.cc.im/zcontent/catalog/bin/rar.exe                          md5sum ===> afaa4d808896b568f7740b81ec684a26   
http://www.virustotal.com/file-scan/report.html?id=c05a6d1c80fe80c07b1915a57d69a82c44c93b6e01720d1e966203d3ae3283bf-1304534303 (http://www.virustotal.com/file-scan/report.html?id=c05a6d1c80fe80c07b1915a57d69a82c44c93b6e01720d1e966203d3ae3283bf-1304534303)
VT 27/42 (64.3%)
Title: Re: SpyEye C&C &files
Post by: jackberri on May 17, 2011, 11:32:23 am
IP Location:  United States - MAXIM Maxim Computer Systems Corp
IP 66.40.52.59
AS11388
Name Server: dns1.freehostia.com | dns2.freehostia.com
Code: [Select]
http://school28.freehostia.com/gate3/main/bin/upload/build.exe                  md5sum ===> e3bb1168bacc67e4d85db2fc20e3f214
http://school28.freehostia.com/gate3/main/gate.php
http://www.virustotal.com/file-scan/report.html?id=9162cfa37c6852dd056fab676f3e862c7599425b251294a14e9b70f7910140ae-1305631259 (http://www.virustotal.com/file-scan/report.html?id=9162cfa37c6852dd056fab676f3e862c7599425b251294a14e9b70f7910140ae-1305631259)
VT 38/43 (88.4%)
Title: Re: SpyEye C&C &files
Post by: jackberri on October 15, 2011, 09:29:01 am
IP Location: United States - NOC - Network Operations Center Inc.
IP 173.212.225.24
[173-212-225-24.static.hostnoc.net]
AS21788
Name Server: PRIMARYNS.KIEV.UA | NS.SECONDARY.NET.UA
Registrant/Email Registrant: Proxy Private Registration/atlanticafilms.com@whoisprotectservice.net
Code: [Select]
hxxp://atlanticafilms.com/main/gate.php