Thursday, January 16, 2014

Zeus 2.9.6.1

New ZeuS build 2.9.6.1 has leaked and is starting to be seen in the field.

Same abilities as earlier versions but new "Modules Parser" (iBank)
This new feature scans bot host machines for banking related processes and banking client applications. It hooks these processes and attempts to steal credentials.

Panel found via ZeuS Tracker
hxxp://89.248.161.244/fuck/xren.php?m=home
89.248.161.244
ECATEL, Netherlands

Summary:

Modules parser:

Script running:

script:
user_execute http://eyecatchersoptique.com/images/.stnfrn/server/a.exe

a.exe
VT: (21/46)
https://malwr.com/analysis/YjdiNThhZjc3MThmNGZmYmE3NmMwYThlNzZhMzdjYmY/


List of users:

NameStatusComment
adminEnabledDefault user
r00t78Enabled-


Related:

This botnet is run by the same guys seen here:

and here:


This server is now offline.

:-)

No comments:

Post a Comment