Saturday, December 28, 2013

Chinese Food - TrojDropper:Win32/Swisyn (etc)

TrojDropper:Win32/Swisyn (etc)
hosted on:
61.147.112.88 (China Telcom, Beijing)



This HTTPFileServer seems to be a popular choice for the Chinese to host malware on Windows servers.

I was downloading samples and the server went down for a bit.

While I waited I sent them through malwr.com to get a quick analysis.

232.exe
(21.exe)
4a92ffcb4f35ab8e7daf4215e09b58f1

330.exe
4e8a0bed5ee626f202fcdcfa28b3176c

0308.exe
88ccbe2772f4a07f0a7f5925b1a366ac

3.exe
d9443a02281d495ab3ac1eea6a97d0d5

338.exe
776166289f8bce8312b85ffd0a375c01

55555
49d206f98b44ef9c58b711cd29b6c073
ELF executable

8G.NETBOT.CC.zip
9b71e5d676d005160f9096a618d33862

3306nodeJR
938a3ceb3691ca92734dcce7547ef394


C&C
8g.netbot.cc 100.42.235.28
kk.netbot.cc 190.115.20.14
33.netbot.cc 190.115.20.14

190.115.20.18
190.115.20.14

No comments:

Post a Comment