RedLineStealer botnet controller @135.125.40.67

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 135.125.40.67 on port 49126 TCP:
$ telnet 135.125.40.67 49126
Trying 135.125.40.67…
Connected to 135.125.40.67.
Escape character is ‘^]’

$ nslookup 135.125.40.67
ip67.ip-135-125-40.eu

Referencing malware samples (MD5 hash):
0046bb10c631e465907f490d4e0b4cad — AV detection: 25 / 67 (37.31%)
078a720b1296d252acc73e71815b2f34 — AV detection: 29 / 68 (42.65%)
438c354ade85b0ea53c7f9682d6318e1 — AV detection: 25 / 65 (38.46%)
46845b25d2b26c8aa38c665d710ee821 — AV detection: 32 / 69 (46.38%)
4c4a096fdef27851472e0c87ea5e8c1c — AV detection: 25 / 68 (36.76%)
596a87a496a95fdaaeb4e2c699caf8b9 — AV detection: 29 / 68 (42.65%)
5afc2388ac18474bd146b0eb9eddfd64 — AV detection: 27 / 68 (39.71%)
8fba9da1bc8284341e7cee51163fa011 — AV detection: 24 / 67 (35.82%)
922baa16023e1cc53314b69096ec0324 — AV detection: 26 / 68 (38.24%)
a36ee457fd982505749976ddb2683af9 — AV detection: 28 / 67 (41.79%)
a64243b64ad96abed61e8d3151f39fe4 — AV detection: 27 / 66 (40.91%)
a8454f7099369fb1e4c9f80f4d19a1e4 — AV detection: 22 / 68 (32.35%)
a90c950ccc6586f5a202591b95dfdb18 — AV detection: 23 / 64 (35.94%)
ac364cc135ab90d53cd3105583a74c3c — AV detection: 23 / 69 (33.33%)
b51bea293772440512d9e3492c0034f0 — AV detection: 32 / 66 (48.48%)
bd4419c7be62ee0c4f807de38dd3167a — AV detection: 18 / 68 (26.47%)
c4e74637b48c8a662a28f24c2feca67f — AV detection: 51 / 69 (73.91%)
ce6875a52b1284f3d422818791504ef2 — AV detection: 15 / 68 (22.06%)
fdd516778a8a6515cf7604623c3ee263 — AV detection: 26 / 68 (38.24%)

Опубликовано
В рубрике ovh.net

Добавить комментарий

Ваш адрес email не будет опубликован.