Tuesday, July 2, 2013

Umbra Loader - Aldi Nord Clean

Found an Umbra Loader panel today and had a look inside..

hosted on:
nastytrickshotz.x10.mx

198.91.81.2 - x10hosting.com

again, shared hosting...good spot for your panel, moron.


Login:


Commands:

(see below for details on this binary)


Some pretty dope stats:
(nobody is online ??)


Lol



hxxp://nastytrickshotz.x10.mx/a/Panel/Panel/uploads/aldi-nord-clean.exe

VT 33/47 (Lol)


Aldi Bot (aldi-nord-clean.exe) 

Ran the binary through Anubis and got a .pcap file with some DNS and HTTP traffic.

DNS query
fotze-fick-bot.hj.cx: type A, class IN
fotze-fick-bot.hj.cx: type A, class IN, addr 31.170.166.180



C&C Aldi Server


Whois info:
inetnum:        31.170.166.0 - 31.170.167.255
netname:        MAIN-HOSTING-SERVERS
descr:          Main Hosting Servers
country:        US

No comments:

Post a Comment