| | Attack port | Ports |
|---|
139 (72%)
445 (28%) | 3278 (44%)
1032 (33%)
1034 (28%) |
|
| | Drops | Processes |
|---|
cpaner.com (42%)
cmd.exe (33%)
csrss.exe (33%)
explorer.exe (33%)
lsass.exe (33%)
services.exe (33%)full list | cmd.exe (86%)
csrss.exe (86%)
explorer.exe (86%)
lsass.exe (86%)
services.exe (86%)
spoolsv.exe (86%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:1390:5 (73%)
1:99998:1 (72%) | 1:5001684:99 (90%)
1:2001683:3 (87%)
1:3000005:99 (55%) | 1:52123:3 (100%) |
|
| | Registry keys | Registry values |
|---|
...currentversion/runservices (94%)
...microsoft/ole (91%)
...microsoft/ole (69%)
...internetsettings/5.0 (31%)
...internetsettings/connections (28%)full list | topiccpanr (62%)
defaultconnectionsettings (28%) |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
| US:freee.najd.us (76%) | US:69.50.209.31:51115 (79%)
US:69.50.208.3:51115 (72%) | 69.50.209.31:51115 (38%)
69.50.208.3:51115 (25%)
213.239.192.125:5001 (12%)
75.127.96.88:5001 (12%) |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
pass=1 (100%)
user=1 (100%)
exec=cpaner.com (42%) | - | - |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
sdbot (84%)
kaspersky (81%)
ikarus (76%)
_eggdrop (69%)
vipre (61%)
sdbot4 (59%)full list | 4dd704... (9%)
beb836... (9%)
382279... (8%)
8be304... (6%)
9caca0... (6%)
45d304... (5%)diversity: 46.7%
full list | f1b2b1... (22%)
665f1d... (14%)
1b8c24... (10%)
51c0a7... (6%)diversity: 30.5%
full list |
|
