demoralize.biz(Andromeda hosted in Germany Frankfurt Am Main Voxility S.r.l.)

Resolved :[demoralize.biz] To [37.221.170.194]

Panel:hxxp://37.221.170.194/panel/image.php
Module:hxxp://37.221.170.194/panel/r.pack
DirtJumper:demoralize.biz/dj/index.php
Other files:hxxp://demoralize.biz/f/

hosting infos:
http://whois.domaintools.com/37.221.170.194

Categories: Uncategorized

Tags: Andromeda Bot

Previous postandrohosting.info (Athena irc botnet hosted by voxility.net)

Next postads.pr4d.tk/teams.xsaudix.net/y.servicesql.info(ngrBot hosted in United States Scranton Network Operations Center Inc.)

3 Comments

Anonymous - January 30, 2013 at 9:41 pm

pig please see this file

http://bmc.linkpc.net/download/bmchat.exe

i think it's ngr bot

how you can fine PORT DNS info?

can you tell us the program name

how we can printe all bot info?

like this one ? http://www.exposedbotnets.com/2012/01/9521116562ngrbot-hosted-in-netherlands.html

http://bmc.linkpc.net/download/bmchat.exe

Pig - January 30, 2013 at 10:03 pm

thank you for this file:-) i m making new post with your submition now
please next time replace http with hxxp in your links

Pig - January 30, 2013 at 10:11 pm

to find infos from malwares first of all u can start by installing virtual box or vmware
then install sandboxie wireshark
execute the exe in your vmware then start snifing the traffic with wireshark to find infos
most of malwares have anti virtual machine/sandboxie/wireshark protections so u have to use other methods to find infos
but u can start by vmware+sandboxie+wireshark if u really like to sniff exe files lol

shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)

xylox.su (Betabot and Andromeda http botnets hosted by Panamaserver.com)

scum1904life.com (Andromeda http botnet hosted by 2×4.ru)

3 Comments

Anonymous - January 30, 2013 at 9:41 pm

Pig - January 30, 2013 at 10:03 pm

Pig - January 30, 2013 at 10:11 pm

Comments are closed