client.vpn8.info(chinese malware hosted in China Guangdong Chinanet Guangdong Province Network)

By Pig, April 1, 2011

client.vpn8.info DNS_TYPE_A 119.145.115.77 YES udp

– HTTP Conversations:

From ANUBIS:1029 to 119.145.115.77:8000 – [client.vpn8.info:8000]
Request: GET /vpnclient/vpnlist.txt
Response: 200 “OK”
From ANUBIS:1030 to 119.145.115.77:8000 – [client.vpn8.info:8000]
Request: GET /vpnclient/top.htm
Response: 200 “OK”
From ANUBIS:1031 to 119.145.115.77:8000 – [client.vpn8.info:8000]
Request: GET /vpnclient/gonggao.htm
Response: 200 “OK”
From ANUBIS:1032 to 119.145.115.77:8000 – [client.vpn8.info:8000]
Request: GET /vpnclient/vpn.jpg
Response: 200 “OK”
From ANUBIS:1033 to 119.145.115.77:8000 – [client.vpn8.info:8000]
Request: GET /vpnclient/images/gonggao.gif
Response: 200 “OK”

exe file:
http://www.vpn8.cn/lcvpn.exe

infos about hosting:
http://whois.domaintools.com/119.145.115.77

Categories: Uncategorized

Previous postAround 14mb malware samples

Next postkhant14.sytes.net(rat user from United States Warrensburg Charter Communications)