Win32/BruteForce.WP

DrWeb released a news about this malware in August, they know it as 'Trojan.WPCracker.1'
And more recently ~ 1e8cd0f0f1702820c870302520bc0176.

This executable communicate with a C&C at dorblu99.net
Let's have a closer look.

Login:

Main:

Bot info:

Broken wordpress:

Statistics:

Add domains:

Add admin panels:

Add logins:

Add passwords:

Add module for jm(zip):

Add module for wp(zip):

Add shell jm(php):

Cron brute:

Ban list:

Logs:

Domains list (downloaded by the malware to know wich wordpress he should brute force):
36k urls.

Roman of abuse.ch have also wrote an interesting post about this threat.