sisisu.su (Citadel banking malware hosted by he.net)

Resolved sisisu.su to 64.62.210.103

Server:  sisisu.su
Config file:  /wheelbarrow/file.php
Gate file:  /wheelbarrow/prism.php

Currently being downloaded by this betabot. This is his second attempt at a citadel net, the first one can be found here.

Hosting infos: http://whois.domaintools.com/64.62.210.103

Related md5s (search on malwr.com to download the samples):
Citadel: 5707e28e79f6b6d469874f8b87ecb3b9 

Edit: The moron forgot to remove the /install/ dir again
hxxp://sisisu.su/wheelbarrow/install/index.php

Categories: Uncategorized