| | Attack port | Ports |
|---|
| 445 (100%) | 1041 (29%) |
|
| | Drops | Processes |
|---|
| hotefixs.exe (100%) | hotefixs.exe (100%)
cmd.exe (41%)
csrss.exe (41%)
explorer.exe (41%)
lsass.exe (41%)
services.exe (41%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:21390:5 (100%)
1:299998:1 (100%)
1:23003:4 (33%) | 1:3000006:99 (100%)
1:2000427:9 (99%) | - |
|
| | Registry keys | Registry values |
|---|
...currentversion/runservices (100%)
...currentversion/run (57%)
...currentversion/runonce (43%)
...currentversion/runonce (43%)full list | hotefixs (100%) |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
| CN:hail2.dns2go.com (99%) | CN:222.177.11.165:8885 (82%) | 222.177.11.165:8885 (75%) |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
exec=hotefixs.exe (100%)
user=a (100%)
pass=a (54%)
pass=saad (37%) | - | - |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
sophos (99%)
webwasher (99%)
kaspersky (97%)
symantec (97%)
antivir (90%)
bitdefender (89%)full list | 5ee412... (74%)
6c4c32... (13%)diversity: 12.4%
full list | 51c152... (65%)
47300e... (12%)diversity: 2.9%
full list |
|
