genhagroup.com (Zeus banking malware hosted by United States Provo Unified Layer)

By I_Post_Ur_Info, December 5, 2012

Resolved genhagroup.com to 74.220.199.26

When this site first got posted I though it was hacked, but now that I’ve taken a closer look it’s actually a lame spreading attempt.

Zeus
Server: genhagroup.com
Gate file: /data/gate.php
Config file: /data/cf.bin

The zeus binary was hosted at utmeg.com, as a “resume creator”
The download page warns that it needs .NET 2.0, so the skid is obviously using a HF crypter.
The same download page is on genhagroup but it’s missing the file.

Hosting infos: http://whois.domaintools.com/74.220.199.26

EDIT: lol https://zeustracker.abuse.ch/monitor.php?host=genhagroup.com

Categories: Uncategorized

Tags: Zeus

Previous post208.98.52.179 (Multiple irc bots hosted by United States Independence Sharktech)

Next postcraftvps.com (Spyeye banking malware hosted by srsvps.com)

kdsk3afdiolpgejs.onion.to(Zeus Variant Hosted In Germany Berlin Individual Network Berlin E.v.)

indianmoneybag.in(HTTP Password Stealer Hosted In United States Provo Unified Layer)

616design.info (Pony loader and Zeus banking malware hosted by fastit.net)