| |
| | Drops | Processes |
|---|
msnnmaneger.exe (100%)
cmd.exe (29%)
csrss.exe (29%)
explorer.exe (29%)
lsass.exe (29%)
services.exe (29%)full list | msnnmaneger.exe (85%)
cmd.exe (58%)
csrss.exe (58%)
explorer.exe (58%)
lsass.exe (58%)
services.exe (58%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:1390:5 (70%)
1:2001944:3 (70%)
1:99998:2 (70%)
1:3003:4 (68%)
1:21390:5 (30%)
1:299998:1 (30%) | 1:3000006:99 (97%)
1:2001683:3 (53%)
1:5001684:99 (53%)
1:2001684:3 (32%) | 1:2001569:11 (100%)
555:5555005:1 (100%) |
|
| | Registry keys | Registry values |
|---|
...currentversion/runservices (100%)
...currentversion/runonce (54%)
...currentversion/runonce (54%)
...currentversion/run (46%)full list | hotfix (51%)
hotefix (48%) |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
CN:scorti1.dns2go.com (65%)
US:scorti1.dns2go.com (28%) | CN:211.96.97.44:7000 (30%)
CN:222.177.11.165:7000 (26%) | 222.177.11.165:7000 (31%)
209.250.232.240:7000 (24%)
211.96.97.44:7000 (24%)
210.217.196.11:7000 (9%)
85.114.137.60:65520 (3%) |
|
| | FTP chatter | HTTP chatter |
|---|
user=a (100%)
exec=msnnmaneger.exe (98%)
pass=a (75%) | - |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
webwasher (86%)
antivir (69%)
sdbot (69%)
sophos (62%)
forbot (57%)
ikarus (51%)full list | 8f3671... (12%)
53123f... (11%)
dc8e1c... (10%)
c1f12e... (6%)diversity: 26.6%
full list | 01a069... (12%)
e0eb86... (10%)diversity: 17.2%
full list |
|
