(Citadel banking malware hosted by

Resolved to

Config file:  /wheelbarrow/file.php
Gate file:  /wheelbarrow/prism.php

Currently being downloaded by this betabot. This is his second attempt at a citadel net, the first one can be found here.

Hosting infos:

Related md5s (search on to download the samples):
Citadel: 5707e28e79f6b6d469874f8b87ecb3b9 

Edit: The moron forgot to remove the /install/ dir again

Categories: Uncategorized