paydbills.ru(Pony Hosted In Macao Macau Alan Hqservers Web Studio)

Resolved : [ paydbills.ru ] To [ 163.53.247.144 ]

Behaviours

1 Attempts to brute force passwords
2 Contains FTP stealing routine
3 Deletes itself
4 Manipulates Internet Explorer settings
5 Runs existing executable
6 Searches for digital certificates
7 Steals data
8 Steals local browser data
9 Suspicious delay

URL’S :
hxxp://paydbills.ru/RF/test/gate.php
hxxp://www.facebook.com/

Sample here :
hxxp://paydbills.ru/RF/test/micro.exe

Hosting Infos :
http://whois.domaintools.com/163.53.247.144