Tuesday, 5 June 2012

Backdoor.Bot.LameNova

When kids go into winlock business this is the result.


The malware come from a blackhole exploit kit
• dns: 1 ›› ip: 83.69.226.165 - adresse: ODOPODCPHUTGQERTS.CO.CC

Packed with VB, the original bin is also in VB...


Login:

Stats (before reset)


 Bots:

 Tasks:

 Loader:

Winlocker:

 Brute:

 Popup:

Settings:

 Options:

Files:

http://mmmoney1.com/new/
http://mmmoney1.com/panel/
• dns: 1 ›› ip: 178.73.210.237 - adresse: MMMONEY1.COM
C*\AC:\Users\iZER0x\Desktop\supern0va\france\Project1.vbp

Avast "SmokeLdr" fail

Posted by at 11:16
Labels: , , , , ,

8 comments:

  1. Illu65 June 2012 at 18:38

    >.NET
    >ransomware

    ReplyDelete
  2. netf0x5 June 2012 at 20:16

    Interesting, how did you get credentials?

    ReplyDelete
  3. Steven K5 June 2012 at 22:24

    magic powder

    ReplyDelete
  4. Anonymous6 June 2012 at 00:05

    Hahaha! This gave me a good laugh. Thanks. :D
    Keep up the awesome work Xylitol!

    ReplyDelete
  5. Anonymous6 June 2012 at 05:09

    Ooops!
    http://www.facebook.com/ZeroTheDesigner
    https://twitter.com/#!/izer0x

    ReplyDelete
    Replies
    1. FAIL DOXER , Opsss u got doxet from me ,6 June 2012 at 10:34

      fail.
      there are alot of people using the nickname "izer0x", "zerox", "zeron", etc...

      btw this bot is from russia .....

      Delete
  6. Anonymous7 June 2012 at 13:13

    You are right. Bot from Russia, i even saw topic with selling. All the best made in Russia and Ukraine:D

    ReplyDelete
  7. Abdul Jabbar22 February 2016 at 18:27

    Amazing.Very low detection ratio in "Virus Total.

    ReplyDelete

Subscribe to: Post Comments (Atom)