idan.work(BetaBot Hosted In United States Wilmington Hostus )

Thanks to Xylitol for confirming this is Betabot.

 Domain :

 idan.work 162.245.216.60

 Behaviours :

1 Contains Windows Firewall manipulation routine
2 Creates autorun registry key
3 Creates hook to unknown module
4 Deletes itself
5 Injects code into other processes
6 Makes DNS lookup of recently registered domain
7 Manipulates Internet Explorer settings
8 Runs existing executable
9 Steals local browser data
10 Suspicious delay
11 Tries to detect whether it is being emulated

Url’s :

 http://idan.work/ here u have the panel encoded(ioncube) and betabot folders.

hxxp://idan.work/dn/blah.php alot of nazi pictures here u have to refresh your browser to see them all.

hxxp://sjc4911.com/.css/  some samples here.

Login Panel :

idan.work/local/login.php
idan.work/host/login.php
idan.work/dn/login.php

Get samples here :  hxxp://www.datafilehost.com/d/0e4d7c63

Hosting infos :
http://whois.domaintools.com/162.245.216.60

Categories: Uncategorized