updating-flash.cloudapp.net (Citadel banking malware hosted by Microsoft.com)

Resolved updating-flash.cloudapp.net to 137.116.247.7

Server:  updating-flash.cloudapp.net
Config file:  /bleh/file.php
Gate file:  /bleh/gate.php

Hosting infos: http://whois.domaintools.com/137.116.247.7

Related md5s (Search on Malwr.com to download samples)
Citadel: b8010a8cce28c36dfb0cc1bcd87a5575

Categories: Uncategorized

2 Comments

Anonymous - October 3, 2013 at 1:25 pm

this is patch
I wish to disassemble
http://67.202.92.70/system4.exe

Pig - October 3, 2013 at 3:24 pm

Next time replace http with hxxp or your links wont shoow here.
thank you

Comments are closed