| | Attack port | Ports |
|---|
| 445 (100%) | 12045 (96%) |
|
| | Drops | Processes |
|---|
iexplorer.exe (54%)
exlorers.exe (45%) | iexplorer.exe (96%)
cmd.exe (43%)
csrss.exe (43%)
explorer.exe (43%)
lsass.exe (43%)
services.exe (43%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:22000032:6 (100%)
1:22466:7 (100%)
1:292000032:99 (100%)
1:299906:1 (70%)
1:299913:1 (30%) | 1:5001684:99 (100%) | 1:52123:3 (100%) |
|
| | Registry keys | Registry values |
|---|
...currentversion/runservices (100%)
...currentversion/run (58%)
...currentversion/runonce (42%)
...currentversion/runonce (42%)full list | syspersonalfirewall (100%) |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
US:chat-shqip.org (84%)
US:w3bs.chat-shqip.org (73%) | US:69.247.147.113:13001 (96%)
US:69.247.147.113:12351 (85%) | 69.247.147.113:13001 (75%)
69.247.147.113:12351 (14%)
72.10.172.218:7763 (5%) |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
pass=a (100%)
user=a (100%)
exec=iexplorer.exe (54%)
exec=exlorers.exe (45%) | UA=mozilla/4.0 (compatibl... (100%)
filename=/aim/win95/insta... (100%)
sourceIP=ftp.newaol.compr... (100%)
sourceport= no-cache (100%)
version=1.0 (100%)full list | - |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
ikarus (98%)
webwasher (78%)
authentium (77%)
fortinet (67%)
trendmicro (64%)
sophos (62%)full list | d2c26e... (21%)
ca15c0... (19%)diversity: 40.3%
full list | diversity: 100.0%
|
|
