Friday, January 3, 2014

3x ZeuS C&C on schneider-e1ectric.com

ZeuS C&C: schneider-e1ectric.com
Malware: ZeuS
IP address: 141.101.116.62 (damn you CloudFlare)

Server:
seahorse.arvixe.com
185.21.133.162
netname: UK-ARVIXE-20130313
descr: Arvixe, Ltd
country: GB



Cant get into panel

Shell it


Ok, you have more panels.. lets see

botnet names: 
view, drane, double

Summary (drane botnet)




Summary (view botnet)
Bots:


For #3 username is Henry, MD5 password is:
24ad06279c03a9e4fcb705eb3c9ac58a
(Didn't feel like changing it to a new password, this one is small too. )


Got info on bot owner. 
k.bieder@mail.com
lastlog: 108.170.13.78



ZeuS config.php MySQL Credentials for these three:
$config['mysql_host']          = '127.0.0.1';
$config['mysql_user']          = 'iyke64';
$config['mysql_pass']          = '123abc';
$config['mysql_db']            = 'iyke64_view'; 
$config['mysql_host']          = '127.0.0.1';
$config['mysql_user']          = 'iyke64';
$config['mysql_pass']          = '123abc';
$config['mysql_db']            = 'iyke64_drane'; 
$config['mysql_host']          = '127.0.0.1';
$config['mysql_user']          = 'iyke64';
$config['mysql_pass']          = '123abc';
$config['mysql_db']            = 'iyke64_double';

No comments:

Post a Comment