| |
| | Drops | Processes |
|---|
hotfixs.exe (100%)
cmd.exe (34%)
csrss.exe (34%)
explorer.exe (34%)
lsass.exe (34%)
services.exe (34%)full list | hotfixs.exe (92%)
cmd.exe (61%)
csrss.exe (61%)
explorer.exe (61%)
lsass.exe (61%)
services.exe (61%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:1390:5 (78%)
1:2001944:3 (78%)
1:99998:2 (78%)
1:3003:4 (76%) | 1:5001684:99 (100%)
1:2001683:3 (99%)
1:3000006:99 (98%) | 555:5555005:1 (100%)
1:2001569:11 (96%) |
|
| | Registry keys | Registry values |
|---|
...currentversion/runservices (100%)
...currentversion/runonce (58%)
...currentversion/runonce (58%)
...currentversion/run (42%)full list | hotfixs (99%) |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
| CN:scorti1.dns2go.com (76%) | CN:211.96.97.44:7000 (46%) | 211.96.97.44:7000 (40%)
222.177.11.165:7000 (31%)
209.250.232.240:7000 (12%)
218.93.14.236:7000 (10%) |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
exec=hotfixs.exe (100%)
pass=a (100%)
user=a (100%) | - | url=http://embers.lycos.c... (100%) full list |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
webwasher (100%)
rbot (95%)
sdbot (89%)
forbot (87%)
ircbot (87%)
sheur (87%)full list | af98fe... (37%)
932824... (10%)
fd0bf4... (7%)
890fb4... (5%)
f515fc... (5%)diversity: 25.5%
full list | 480d07... (37%)
95951d... (10%)
b9c7f0... (5%)
dc7696... (5%)diversity: 16.0%
full list |
|
