DrWeb released a news about this malware in August, they know it as 'Trojan.WPCracker.1'
And more recently ~ 1e8cd0f0f1702820c870302520bc0176.
This executable communicate with a C&C at dorblu99.net
Let's have a closer look.
Login:
Main:
Bot info:
Broken wordpress:
Statistics:
Add domains:
Add admin panels:
Add logins:
Add passwords:
Add module for jm(zip):
Add module for wp(zip):
Add shell jm(php):
Cron brute:
Ban list:
Logs:
Domains list (downloaded by the malware to know wich wordpress he should brute force):
36k urls.
Roman of abuse.ch have also wrote an interesting post about this threat.
And more recently ~ 1e8cd0f0f1702820c870302520bc0176.
This executable communicate with a C&C at dorblu99.net
Let's have a closer look.
Login:
Main:
Bot info:
Broken wordpress:
Statistics:
Add domains:
Add admin panels:
Add logins:
Add passwords:
Add module for jm(zip):
Add module for wp(zip):
Add shell jm(php):
Cron brute:
Ban list:
Logs:
Domains list (downloaded by the malware to know wich wordpress he should brute force):
36k urls.
Roman of abuse.ch have also wrote an interesting post about this threat.
