| |
| | Drops | Processes |
|---|
| msnmanegers.exe (100%) | msnmanegers.exe (89%) |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:1390:5 (79%)
1:2001944:3 (79%)
1:99998:2 (79%)
1:3003:4 (78%) | 1:3000006:99 (97%)
1:2001684:3 (79%) | 555:5555005:1 (100%)
1:2001569:11 (97%) |
|
| | Registry keys | Registry values |
|---|
...currentversion/runservices (100%)
...currentversion/run (100%)full list | hotefix (100%) |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
CN:hail.dns2go.com (74%)
CN:scorti1.dns2go.com (63%) | CN:211.96.97.44:7000 (57%) | 211.96.97.44:7000 (56%)
222.177.11.165:7000 (23%)
209.250.232.240:7000 (13%)
210.217.196.11:7000 (4%)
85.114.137.60:65520 (2%) |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
exec=msnmanegers.exe (100%)
user=a (100%)
pass=a (74%) | - | url=http://embers.lycos.c... (75%) full list |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
sophos (100%)
webwasher (100%)
kaspersky (96%)
ikarus (93%)
spybot (90%)
kolab (89%)full list | 5f78ff... (71%) diversity: 18.0%
full list | d4a06b... (71%) diversity: 0.8%
full list |
|
