Disclosure of an interesting Botnet - The Server (Part 2)

So let's try to shed light onto the C&C server. At first I want again to thank Chae Jong Bin! With his brief network analysis of this botnet, he gave me a solid background. The first thing you realize when visiting http://xlamzju-lrychj.info is directory listing was activated. This gives us the chance to explore files and folders. There are...

Share:

Read more

Disclosure of an interesting Botnet - The Executable (Part 1)

While searching for another interesting malware sample I came across a brief description from Chae Jong Bin of an yet unknown botnet. So thanks to him! I took a quick look into the executable and decided to do further analysis, because the Bot is implemented as a Windows Service and I haven't analyzed such an executable before. The first part of this analysis is about the "Static and Dynamnic...

Share:

Read more