When kids go into winlock business this is the result.
The malware come from a blackhole exploit kit
• dns: 1 ›› ip: 83.69.226.165 - adresse: ODOPODCPHUTGQERTS.CO.CC
Packed with VB, the original bin is also in VB...
Login:
Stats (before reset)
Bots:
Tasks:
Loader:
Winlocker:
Brute:
Popup:
Settings:
Options:
Files:
http://mmmoney1.com/new/
http://mmmoney1.com/panel/
• dns: 1 ›› ip: 178.73.210.237 - adresse: MMMONEY1.COM
C*\AC:\Users\iZER0x\Desktop\supern0va\france\Project1.vbp
Avast "SmokeLdr" fail
>.NET
ReplyDelete>ransomware
Interesting, how did you get credentials?
ReplyDeletemagic powder
ReplyDeleteHahaha! This gave me a good laugh. Thanks. :D
ReplyDeleteKeep up the awesome work Xylitol!
Ooops!
ReplyDeletehttp://www.facebook.com/ZeroTheDesigner
https://twitter.com/#!/izer0x
fail.
Deletethere are alot of people using the nickname "izer0x", "zerox", "zeron", etc...
btw this bot is from russia .....
You are right. Bot from Russia, i even saw topic with selling. All the best made in Russia and Ukraine:D
ReplyDeleteAmazing.Very low detection ratio in "Virus Total.
ReplyDelete