anastasia.servequake.com(Insomnia 2.5.0 bot hosted in Spain Ovh Systems)

This is one report from Zazu here is the original link and all credits go to Zazu for this report

DNS: anastasia.servequake.com

DNS Provider: http://www.no-ip.com/

DNS resolved: 37.59.129.195

Port: 50111

Server Password: l33thack

Channel #choi

Bot Master’s Nickname: andrew

Hosted By: http://www.vpsdeploy.com/

Location: Spain

Sample: “https://dl.dropbox.com/u/9386997/andrew1.exe”

Sample Status: The sample seems to be encrypted and is fully undetected as of this post

IRCd: UnrealIRCd M0dded by uNkn0wn Crew

Nick Style: n{RU|W7-64a}ueyhnql

Bot Type: Insomnia 2.5.0

Amount of bots: Approximately ~200

Key Bot Functions: Chrome password stealer, Firefox password stealer, FTP password stealer, Several DDoS types, Twitter spread and USB spread

Needed To Run: .NET Framework 2.0 or higher

Image of the bot channel (bots’ point of view):

hosting infos:
http://whois.domaintools.com/37.59.129.195

Categories: Uncategorized

Tags: Insomnia 2.5.0

Previous postvnclimitedrun.in(http malware hosted in United States Los Angeles Black Lotus Communications)

Next postTrojan-Ransom.Win32.Birele.wjr

7 Comments

Anonymous - July 2, 2012 at 7:58 pm

http://adadadassssadadad.co.cc/main.php?page=b120e4602a84d979

http://adadadassssadadad.co.cc/bhstat.php?threadID=46&ruleID=0&key=701698bca5e8b0eb3c7ea955bb2e05b6

blackhole nigga

Pig - July 2, 2012 at 9:01 pm

url's are dead allready

Kundan Bhardwaj - July 4, 2012 at 5:52 am

How do you folks do this? I mean how do you get these information. Anyways you guys rock!

Zazu - July 4, 2012 at 11:17 am

Kundan Bhardwaj – Personally, I just use P2P applications and inspect executables. Not everything is how it seems. It can be quite risky if you're new to it, but I suggest you learn about decompiling, Sandboxie, VMWare, WireShark and those should get you started as a beginner. Then you can try your own methods once you know enough about that. I hope I helped you.

Anonymous - July 28, 2012 at 5:39 pm

noobs use dropbox only haha

phoenix seo company - August 1, 2012 at 12:00 pm

How do you folks do this? I mean how do you get these information. Anyways you guys rock! It can be quite risky if you're new to it, but I suggest you learn about decompiling, Sandboxie, VMWare, WireShark and those should get you started as a beginner.

wissem nouri - August 9, 2012 at 10:31 am

can you provide a sample please ^_^

lolwutirc.crabdance.com (Insomnia irc botnet hosted by rh.com.tr)

filehelp.us (Various irc bots hosted by securedservers.com)

irc.stressing.info (Multiple irc bots hosted by blacklotus.net)