AsyncRAT botnet controller @144.126.129.113

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 144.126.129.113 on port 54809 TCP:
$ telnet 144.126.129.113 54809
Trying 144.126.129.113…
Connected to 144.126.129.113.
Escape character is ‘^]’

$ nslookup 144.126.129.113
vmi620305.contaboserver.net

Other malicious domain names hosted on this IP address:
aika07.duckdns.org 144.126.129.113
kzm.duckdns.org 144.126.129.113
rmlkin.duckdns.org 144.126.129.113

Referencing malware samples (MD5 hash):
099fc912a3229bd5883e620778b44648 — AV detection: 30 / 69 (43.48%)
0e61f7759a55dec4e67a62eb6ca1b9f5 — AV detection: 38 / 68 (55.88%)
644555d5282be9902a8eb655f1a3cde2 — AV detection: 56 / 70 (80.00%)
7b3c806f02fc15bd4f763ac57033bc28 — AV detection: 30 / 67 (44.78%)
a42cb628901121b9b151e204ab520831 — AV detection: 41 / 68 (60.29%)
b4774b2ffe9476341ac557a33603b5f0 — AV detection: 28 / 68 (41.18%)
e763bcf5c0d2c0ead30f8e34325673af — AV detection: 7 / 69 (10.14%)
f5862e9815c924c4c217df6b887ceb5b — AV detection: 58 / 70 (82.86%)

Опубликовано
В рубрике contabo.de

Добавить комментарий

Ваш адрес email не будет опубликован.