seevu.net Waldek Trojan Hosted In (Netherlands Dronten Disk Group Ltd.)

By Pig, January 21, 2016

Behaviours

1 Attempts connections to suspicious countries
2 Automatically unpack its own code
3 Creates hook to unknown module
4 Injects code into other processes
5 Makes DNS lookup of recently registered domain
6 Runs existing executable

Dns Lookup

seevu.net 185.36.102.105
siloovoox.net 188.165.28.225

Sample here : hxxp://www.datafilehost.com/d/384b8efc

Hosting Infos :
http://whois.domaintools.com/185.36.102.105

Categories: Uncategorized

Tags: Waldek Trojan

Previous postcojun15cart.com(HTTP Malware Hosted In United States Ashburn Amazon.com Inc.)

Next posticanhazip.com(Malware Using Tor Hosted In United States Matawan Choopa Llc)