dd.sult4n.net(ngrBot hosted in United States Chicago Steadfast Networks)

By Pig, October 6, 2013

Thanks to anonymous guy here for finding this botnet.

Resolved : [dd.sult4n.net] To [67.202.92.70]
Resolved : [www.8rb.su] To [67.202.92.70]
Other domains: xx.sult4n.net, x.sult4n.net Thnx to Userbased for this and for server and channel pass

Server : dd.sult4n.net:4040 PASS sulxx
Channel : #m PASS sul111

Now talking in #m
Topic On: [ #m ] [ !mod usbi on !http.inj on ]
Topic By: [ x ]

Hosting infos:
http://whois.domaintools.com/67.202.92.70

Categories: Uncategorized

Tags: ngrBot

Previous postcf-fgdgwdvbs.com (Betabot http botnet hosted by server4.pro)

Next postwww.pen-t-house.com (Smoke loader hosted by leaseweb.com)

6 Comments

Anonymous - October 7, 2013 at 11:24 am

can i get md5?

I_Post_Ur_Info - October 7, 2013 at 8:28 pm

e6d3b8d3320b91433fbb88f5498bb5f4
https://malwr.com/analysis/ZmQ4ZDE0MjRhYWFhNGU4NmE2YWQyOTNkNGQ3YTc0Y2Q/

Anonymous - October 8, 2013 at 3:57 am

thanks! 🙂

Anonymous - October 8, 2013 at 12:31 pm

http://whois.domaintools.com/112.132.215.36
i think this is hosting ngrbot

got this !dl 95.211.18.80/7611jd.exe from here

Port is 1031 i guess

Pig - October 8, 2013 at 3:52 pm

upload the sample in sendspace and post it again this url is not working .Thank You

Anonymous - October 9, 2013 at 4:56 am

I m no longer having the sample but has MD5
44607fe8474979c0f808e1d222ff69a5

178.86.23.225(ngrBot hosted in Ukraine Odessa Tehnologii Budushego Llc)

t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)

x.e1b2.org (ngrBot irc botnet hosted by namecheap.com)