Not sure if this is Bladabindi, but some vendors detect it as such. They appear to be coded in VisualBasic.
Found via Citadel C&C running script to download this:
There were 2 more samples on this server too.
1f6aa01a3ca401cfa6178d54a988cdd9
https://malwr.com/analysis/MjZkYTY0MWNl ... M1ZmE1MjY/
strings:
The only thing in Google is the malwr.com analysis I just submitted.
262c2bb45b5b5790b3890eb7d2e716ed
https://malwr.com/analysis/YTZhNDg2MzY1 ... I4ZWMxNjg/
Attached.
Found via Citadel C&C running script to download this:
Code: Select all
https://malwr.com/analysis/ZjYyMGJlOGE3 ... FhOWEzYTE/hxxp://cm8899.com/twe/download/black/winsys.exe
There were 2 more samples on this server too.
1f6aa01a3ca401cfa6178d54a988cdd9
https://malwr.com/analysis/MjZkYTY0MWNl ... M1ZmE1MjY/
strings:
Code: Select all
Anyone seen this "TuniLoad Botnet v.1" or a panel for it? C:\Users\DEJOUI\Desktop\TuniLoad Botnet v.1 Source\Original Stub\Stub\Stub\obj\Release\stub.pdb
The only thing in Google is the malwr.com analysis I just submitted.
262c2bb45b5b5790b3890eb7d2e716ed
https://malwr.com/analysis/YTZhNDg2MzY1 ... I4ZWMxNjg/
Attached.
Attachments
infected
(44.52 KiB) Downloaded 83 times
(44.52 KiB) Downloaded 83 times