jdsiwiqweiqwyreqwi.com (Kasidet aka Neutrino bot)

Thnx to Xylitol for the name of the bot.

Contacts domains

details
    “34324325kgkgfkgf.com”
    “dsffdsk323721372131.com”
    “fdshjfsh324332432.com”
    “jdsiwiqweiqwyreqwi.com”

Runs shell commands

details
    “cmd /c C:UsersPSPUBWSAppDataLocalTemp243765.bat” “C:38650f5c2beb183eaaba236d1b576c255a9be49af34db85705bed16d23ea11” on 2015-6-6.13:57:14.679

Dropped files

details
    “UserInfo.dll” has type “PE32 executable (DLL) (GUI) Intel 80386, for MS Windows”
    “17 The Notorious B.I.G. – Suicidal Thoughts.flac” has type “data”
    “subtleties.dll” has type “PE32 executable (DLL) (GUI) Intel 80386, for MS Windows”
    “243765.bat” has type “ASCII text, with CRLF, CR line terminators”

Checks on FTP client related files

details
    “” opened file “C:Program FilesCommon FilesIpswitchWS_FTP” (DesiredAccess: 1048577, OpenOptions: 16417)
    “” opened file “C:UsersPSPUBWSAppDataRoamingSmartFTP” (DesiredAccess: 1048577, OpenOptions: 16417)
    “” opened file “C:ProgramDataSmartFTP” (DesiredAccess: 1048577, OpenOptions: 16417)
    “” opened file “C:UsersPSPUBWSAppDataLocalSmartFTP” (DesiredAccess: 1048577, OpenOptions: 16417)

Hosting infos