RedLineStealer botnet controller @95.216.43.58

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 95.216.43.58 on port 40566 TCP:
$ telnet 95.216.43.58 40566
Trying 95.216.43.58…
Connected to 95.216.43.58.
Escape character is ‘^]’

$ nslookup 95.216.43.58
static.58.43.216.95.clients.your-server.de

Referencing malware samples (MD5 hash):
022e6aab7505f83d9062e0397df70918 — AV detection: 50 / 68 (73.53%)
04e5ea93a9906e820d03239625818c27 — AV detection: 22 / 68 (32.35%)
12a55a44f20bc053959921fb65ad13f7 — AV detection: 34 / 67 (50.75%)
377f11494e745c06327edfca7fda6828 — AV detection: 12 / 66 (18.18%)
77c8763ce8bd0f4ba2752fad350b8e11 — AV detection: 34 / 68 (50.00%)
84d0bd6db46de122e0c965781e38183e — AV detection: 32 / 68 (47.06%)
84fe2688553ac9cd2daa9774b524cdc9 — AV detection: 37 / 69 (53.62%)
92aa81a751d55caf9473dc019b9c929a — AV detection: 41 / 68 (60.29%)
a889d3683d5e63f80e4b956a5a5361fa — AV detection: 37 / 69 (53.62%)
bb3673950ac02b76407fc1b91d528c43 — AV detection: 26 / 68 (38.24%)
c463b07c6e61aeb24a8f3a06dae3bd1c — AV detection: 33 / 68 (48.53%)
c6e499672a4f88024f2193b22a9d999c — AV detection: 24 / 69 (34.78%)
ca47bf1acc23eb9aeeb0dbd06b2313e2 — AV detection: 33 / 67 (49.25%)
e3025d0e88398aa42973655ebffbc8ac — AV detection: 24 / 66 (36.36%)
eb15167417d7d6ccb73b316a9eeb3664 — AV detection: 36 / 68 (52.94%)
ed621684e4ff9c3787021b72f20dba75 — AV detection: 28 / 66 (42.42%)
f36aefc887a4e16ec7167b493567eb40 — AV detection: 21 / 67 (31.34%)
fb6b71da0cf35a642c14c1b2c5b96193 — AV detection: 27 / 69 (39.13%)

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *