btcguild.com(Bitcoin Miner botnet hosted in United States Dallas Ebl Global Networks Inc.)

By Pig, April 29, 2013

URL:
hxxp://btcguild.com:8332/
hxxp://btcguild.com:8332 -u chakan_1 -p 123
hxxp://btcguild.com:8332 -u graskla_1 -p 123

DATA:
POST / HTTP/1.1
Authorization: Basic Y2hha2FuXzE6MTIz
Content-Length: 43
User-Agent: Ufasoft bitcoin-miner/0.20 (Windows NT XP 5.1.2600 Service Pack 3)
Host: btcguild.com:8332
Cache-Control: no-cache

{“method”: “getwork”, “params”: [], “id”:0}

Actions Detected:
Creates autorun records
Injects code into other processes
Patches system files

Samples:
hxxp://193.107.18.123/1.exe
hxxp://193.107.18.123/2.exe

Hosting infos:
http://whois.domaintools.com/198.154.98.210

Categories: Uncategorized

Tags: Bitcoin Miner Botnet

Previous posthardstunt.com (Andromeda http botnet proxied by cloudflare.com)

Next postPower Loader(http malware hosted in Luxembourg Steinsel Root Sa)

illuminati.sx (Plasma http botnet hosted by worldstream.nl)

meziamussucemaqueue.su (Betabot http botnet hosted by sunnyvision.com)

www.paloshke.org (Solar http botnet hosted by ghandi.net)