Tuesday, 5 June 2012

Backdoor.Bot.LameNova

When kids go into winlock business this is the result.


The malware come from a blackhole exploit kit
• dns: 1 ›› ip: 83.69.226.165 - adresse: ODOPODCPHUTGQERTS.CO.CC

Packed with VB, the original bin is also in VB...


Login:

Stats (before reset)


 Bots:

 Tasks:

 Loader:

Winlocker:

 Brute:

 Popup:

Settings:

 Options:

Files:

http://mmmoney1.com/new/
http://mmmoney1.com/panel/
• dns: 1 ›› ip: 178.73.210.237 - adresse: MMMONEY1.COM
C*\AC:\Users\iZER0x\Desktop\supern0va\france\Project1.vbp

Avast "SmokeLdr" fail

Posted by at 11:16
Labels: , , , , ,

7 comments:

  1. Illu65 June 2012 at 18:38

    >.NET
    >ransomware

    ReplyDelete
  2. netf0x5 June 2012 at 20:16

    Interesting, how did you get credentials?

    ReplyDelete
  3. Steven K5 June 2012 at 22:24

    magic powder

    ReplyDelete
  4. Anonymous6 June 2012 at 00:05

    Hahaha! This gave me a good laugh. Thanks. :D
    Keep up the awesome work Xylitol!

    ReplyDelete
  5. FAIL DOXER , Opsss u got doxet from me ,6 June 2012 at 10:34

    fail.
    there are alot of people using the nickname "izer0x", "zerox", "zeron", etc...

    btw this bot is from russia .....

    ReplyDelete
  6. Anonymous7 June 2012 at 13:13

    You are right. Bot from Russia, i even saw topic with selling. All the best made in Russia and Ukraine:D

    ReplyDelete
  7. Abdul Jabbar22 February 2016 at 18:27

    Amazing.Very low detection ratio in "Virus Total.

    ReplyDelete

Subscribe to: Post Comments (Atom)