AveMariaRAT botnet controller @52.146.42.226

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 52.146.42.226 on port 5600 TCP:
$ telnet 52.146.42.226 5600
Trying 52.146.42.226…
Connected to 52.146.42.226.
Escape character is ‘^]’

Referencing malware samples (MD5 hash):
025a418ef54dc9582a26f8fb2284cba7 — AV detection: 51 / 72 (70.83%)
2118a0ffeefd00f96fa754f8ccacb685 — AV detection: 46 / 72 (63.89%)
2a4ebf0ca91042d1171dfbb7db6e00bb — AV detection: 22 / 71 (30.99%)
34f8dfba21590481a398d7c119ef6c2b — AV detection: 10 / 60 (16.67%)
376f6c649b7da40049ebbf20f62cca3b — AV detection: 16 / 72 (22.22%)
42898fad8190d3e8a0d912b03053c60f — AV detection: 23 / 72 (31.94%)
457515f65c55e3e6951ef3cdcf57bb6a — AV detection: 33 / 72 (45.83%)
551bed6ff54630878a481a2ff65e501d — AV detection: 21 / 72 (29.17%)
69e793219f70cf02f126348bbec6aa9d — AV detection: 27 / 70 (38.57%)
8e2ea83d64245486d05432f7ce825a27 — AV detection: 23 / 71 (32.39%)
8eb469006144df1f25c341076c58fb75 — AV detection: 20 / 71 (28.17%)
99bda3d098444c8bde3823ab9e06beb1 — AV detection: 18 / 71 (25.35%)
b5238cfc2d6c8f7d8d46c414750df535 — AV detection: 20 / 72 (27.78%)
c210a681061f6c1b91edccf4be0f5e68 — AV detection: 17 / 69 (24.64%)
c639688a2a485626e11b5bce59a59b26 — AV detection: 50 / 72 (69.44%)
c7e419a2e2f411d001e8f0a04080b995 — AV detection: 45 / 69 (65.22%)
e5353dcc0ae773da27705b1c98c4ae62 — AV detection: 45 / 70 (64.29%)
ebcb13aace18e562beee5fa828d88c16 — AV detection: 21 / 71 (29.58%)
ee8f8a6e3a0b160fa006b67eea9aba9c — AV detection: 19 / 68 (27.94%)
f410df25f9ecb422b14e587d94473446 — AV detection: 15 / 72 (20.83%)
f7fa409e599ce71bc6715619fdfdf778 — AV detection: 45 / 70 (64.29%)
fabca8016306e19336b60932a28e8794 — AV detection: 9 / 71 (12.68%)

Добавить комментарий

Ваш адрес email не будет опубликован.