planetstat2324.su (smoke loader http bot hosted by Poland Artnet Spolka Z Ograniczona Odpowiedzialnoscia)

By I_Post_Ur_Info, October 10, 2012

This is the http loader for the gold installs ppi program.

Resolved planetstat2324.su to 178.255.43.67

Server: planetstat2324.su
Gate file: /gamenew/index.php

Downloads files from ap2producoes.com/images/
minsabdedf.exe bitcoin miner
pool info: http://hernyoooo@ymail.com:Bazdmeg1@pool.50btc.com:8332
ginamdasm.exe

The file botnet owners are given installs smoke from hxxp://oroihfdbbnennm.in/update/0pdat3.exe
Install statistics are then recorded by oroihfdbbnennm.in/activation.php
Using the format
activation.php?productid=(userid)&serial=(long string)

Hosting infos: http://whois.domaintools.com/178.255.43.67

The owner had some trouble with the coder of his crypter: http://pastebin.com/M1qbs24x

Categories: Uncategorized

Tags: Bitcoin Miner Botnetsmokeloader

Previous postvenus.timeinfo.pl (ngrbot irc botnet hosted by 1&1 Internet Ag)

Next postchat.barracudasec.com (Barracuda ircbotnet hosted by Luxembourg Luxembourg Root Sa)

bookwormsbiorhythm.top(Smoke Loader + TeamViewer Rat)

illuminati.sx (Plasma http botnet hosted by worldstream.nl)

meziamussucemaqueue.su (Betabot http botnet hosted by sunnyvision.com)