Tuesday 5 June 2012

Backdoor.Bot.LameNova

When kids go into winlock business this is the result.


The malware come from a blackhole exploit kit
• dns: 1 ›› ip: 83.69.226.165 - adresse: ODOPODCPHUTGQERTS.CO.CC

Packed with VB, the original bin is also in VB...


Login:

Stats (before reset)


 Bots:

 Tasks:

 Loader:

Winlocker:

 Brute:

 Popup:

Settings:

 Options:

Files:

http://mmmoney1.com/new/
http://mmmoney1.com/panel/
• dns: 1 ›› ip: 178.73.210.237 - adresse: MMMONEY1.COM
C*\AC:\Users\iZER0x\Desktop\supern0va\france\Project1.vbp

Avast "SmokeLdr" fail

7 comments:

  1. Interesting, how did you get credentials?

    ReplyDelete
  2. Hahaha! This gave me a good laugh. Thanks. :D
    Keep up the awesome work Xylitol!

    ReplyDelete
  3. fail.
    there are alot of people using the nickname "izer0x", "zerox", "zeron", etc...

    btw this bot is from russia .....

    ReplyDelete
  4. You are right. Bot from Russia, i even saw topic with selling. All the best made in Russia and Ukraine:D

    ReplyDelete
  5. Amazing.Very low detection ratio in "Virus Total.

    ReplyDelete