www.istanbulnakliyecileri.com (Andromeda http botnet hosted by ozkula.com.tr)

Resolved www.istanbulnakliyecileri.com to 37.247.108.48

Server:  www.istanbulnakliyecileri.com
Gate file:  /firmalar/and/image.php

Plugins
Rootkit:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/r.pack
Socks:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/s.pack
Formgrabber:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/f.pack
  Gate file:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/fg.php

This appears to be hosted on a hacked site.

Hosting infos: http://whois.domaintools.com/37.247.108.48

Related md5s (search on malwr.com to download the samples):
8709c21be7d72c8ec8aaaa55ccc64b84

Categories: Uncategorized