Thanks to Xylitol for confirming this is Betabot. Domain : idan.work 162.245.216.60 Behaviours : 1 Contains Windows Firewall manipulation routine 2 Creates autorun registry key 3 Creates hook to unknown module 4 Deletes itself 5 Injects code into other processes 6 Makes DNS lookup of recently registered domain 7 Manipulates Internet Explorer settings 8 RunsRead more...
btctycoon.net(Betabot hosted in Canada Montreal Ovh Hosting Inc.)
Thanks to Xylitol for infos. Resolved : [btctycoon.net] To [192.99.21.12] Other : hxxp://www.btctycoon.net/info/blah.php Sample: hxxp://www.btctycoon.net/webapps/BTCclient.exe Hosting Infos : http://whois.domaintools.com/192.99.21.12
euclid.es(BetaBot hosted in Ukraine Kharkiv Infium Ltd)
This is from the anonymous guy here Resolved : [euclid.es] To [188.190.98.30] Panel: hxxp://euclid.es/147/order.php Download URLs hxxp://euclid.es/mnr1.exe hosting infos: http://whois.domaintools.com/188.190.98.30