Tuesday, July 2, 2013

Umbra Loader - Aldi Nord Clean

Found an Umbra Loader panel today and had a look inside..

hosted on:
nastytrickshotz.x10.mx - x10hosting.com

again, shared hosting...good spot for your panel, moron.



(see below for details on this binary)

Some pretty dope stats:
(nobody is online ??)



VT 33/47 (Lol)

Aldi Bot (aldi-nord-clean.exe) 

Ran the binary through Anubis and got a .pcap file with some DNS and HTTP traffic.

DNS query
fotze-fick-bot.hj.cx: type A, class IN
fotze-fick-bot.hj.cx: type A, class IN, addr

C&C Aldi Server

Whois info:
inetnum: -
netname:        MAIN-HOSTING-SERVERS
descr:          Main Hosting Servers
country:        US

No comments:

Post a Comment