BetaBot

idan.work(BetaBot Hosted In United States Wilmington Hostus )

Thanks to Xylitol for confirming this is Betabot.  Domain :  idan.work 162.245.216.60  Behaviours : 1 Contains Windows Firewall manipulation routine 2 Creates autorun registry key 3 Creates hook to unknown module 4 Deletes itself 5 Injects code into other processes 6 Makes DNS lookup of recently registered domain 7 Manipulates Internet Explorer settings 8 Runs

euclid.es(BetaBot hosted in Ukraine Kharkiv Infium Ltd)

This is from the anonymous guy here Resolved : [euclid.es] To [188.190.98.30] Panel: hxxp://euclid.es/147/order.php Download URLs hxxp://euclid.es/mnr1.exe hosting infos: http://whois.domaintools.com/188.190.98.30