more chinese food
Gh0st RAT
C&C
验证器 = Validator
(bot)
ii9900.exe
https://malwr.com/analysis/YWQ1YWNlNjhj ... IyMmVmNDY/
(console)
029bad7f8b61133f8ae86986d3c116bf 养鸡场.exe
https://malwr.com/analysis/ZGY0NTFkZWYy ... VlNWQ0NGE/
a few strings:
222.186.57.100
live.fc2.com (54.244.9.216)
This is the interesting part...
Thousands of companies, organizations, universities, Gov, DoD etc.. mainly in IN, PK, US,
These bad guys are searching for goodies.. :twisted:
Gh0st RAT
C&C
Code: Select all
(almost) FUD
cz88.net - 218.75.110.152Code: Select all
养鸡场 = Chicken farm (LOL, bot machines are chickens) 7f1bfbcc10576a23b800dbd15576aa55 ii9900.exe (bot)
c97f3c932bf6bec7cd8944a023e4f433 S667.exe (bot)
63ca90f97c4c45d3f03c701085afa52c Serve.dat (bot)
029bad7f8b61133f8ae86986d3c116bf 养鸡场.exe (admin console)验证器 = Validator
(bot)
ii9900.exe
https://malwr.com/analysis/YWQ1YWNlNjhj ... IyMmVmNDY/
(console)
029bad7f8b61133f8ae86986d3c116bf 养鸡场.exe
https://malwr.com/analysis/ZGY0NTFkZWYy ... VlNWQ0NGE/
a few strings:
222.186.57.100
live.fc2.com (54.244.9.216)
This is the interesting part...
Code: Select all
Have a look at the strings file pulled from the config.qqwry.dat - config Thousands of companies, organizations, universities, Gov, DoD etc.. mainly in IN, PK, US,
These bad guys are searching for goodies.. :twisted:
Attachments
(118.68 KiB) Downloaded 58 times
infected
(137.22 KiB) Downloaded 76 times
(137.22 KiB) Downloaded 76 times
(4.65 MiB) Downloaded 55 times
