Jump to content

Malwarebytes

mjackson.1ffli.com.mx + ogzhnsltk.com

Started by MysteryFCM, Jun 30 2009 11:29 AM

3 replies to this topic

#1
MysteryFCM
Posted 30 June 2009 - 11:29 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 4,992 posts
  • Gender:Male
  • Location:Tyneside, UK
Sunbelt tried hiding the URL, but I found it anyway ......

Init:
http://mjackson.1ffli.com.mx/x-files/

Payload:
http://mjackson.1ffli.com.mx/x-files/x-file-MJacksonsKiller.exe

Exploit:
http://ogzhnsltk.com/plugins/index.php
http://ogzhnsltk.com/plugins/getexe.php
http://ogzhnsltk.com/plugins/pdf.php

Ref:
http://sunbeltblog.blogspot.com/2009/06/mi...ot-dont-go.html
Steven Burn
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#2
Fatdcuk
Posted 30 June 2009 - 11:56 AM

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 18,872 posts
  • Gender:Male
  • Location:127.0.0.1
Thanks Steven,

Have added the URL for harvesting, will checkout the Z-bot variant to see if it has new install pattern.

Usually we hold extremely high sucess rate against the installed z-bots which mitigates chasing the millions of custom packed droppers :D
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3
Fatdcuk
Posted 30 June 2009 - 12:01 PM

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 18,872 posts
  • Gender:Male
  • Location:127.0.0.1
Is sdra64.exe variant and the cat ate it :D
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4
MysteryFCM
Posted 30 June 2009 - 12:02 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 4,992 posts
  • Gender:Male
  • Location:Tyneside, UK
hehe cool :D
Steven Burn
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Newest Malware Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Malware Threats

Products

About

Partners

Follow Us