malware hosted in United States Los Angeles Black Lotus Communications)

Resolved : [] To []

remote server: TCP port 443

get sample here

what this sample does:
Creates and executes scripts
Creates files in windows system directory
Deletes self
Injects code into other processes
Registers dynamic link libraries

hosting infos:

Categories: Uncategorized


Zazu - July 1, 2012 at 4:16 pm

Here's an exposed botnet, Pig.


DNS Provider:

DNS resolved:

Port: 50111

Server Password: l33thack

Channel #choi

Bot Master's Nickname: andrew

Hosted By:

Location: Spain


Sample Status: The sample seems to be encrypted and is fully undetected as of this post

IRCd: UnrealIRCd M0dded by uNkn0wn Crew

Nick Style: n{RU|W7-64a}ueyhnql

Bot Type: Insomnia 2.5.0

Amount of bots: Approximately ~200

Key Bot Functions: Chrome password stealer, Firefox password stealer, FTP password stealer, Several DDoS types, Twitter spread and USB spread

Needed To Run: .NET Framework 2.0 or higher

Image of the bot channel (bots' point of view):

Found and reported by Zazu

Pig - July 1, 2012 at 6:39 pm

thank you Zazu for this report i opened new thread with your post here
have fun and feel free to report botnets everytime

Comments are closed