Cluster V

Ports	Attack port Ports 445 (97%) 1027 (100%) 445 (74%) 1031 (42%)
Files	Drops Processes mdm.exe (61%) mumie.exe (32%) mixit.exe (29%) rundll32.exe (29%) mdm.exe (84%)
Snort	Snort IDs Snort Egg IDs Snort Outbound IDs 1:299913:1 (66%) 1:22466:7 (63%) 1:2466:7 (34%) 1:99913:2 (34%) 1:3000003:99 (100%) 1:5001684:99 (34%) 1:2001683:3 (32%) 1:2001569:11 (100%) 555:5555005:1 (100%)
Registry	Registry keys Registry values ...microsoft/downloadmanager (100%) ...internetsettings/5.0 (100%) ...internetsettings/connections (100%) ...currentversion/run (86%) full list defaultconnectionsettings (100%) windowsnetworkingmonitoring (72%)
Servers	DNS Lookups Failed connections C & C IPs US:qtas.net (32%) SE:dzuc.net (26%) SE:tap.radioprishtina.net (26%) US:wow.blackirc.us (26%) SE:84.244.5.183:2345 (58%) 84.244.5.183:2345 (36%) 69.65.40.234:2345, 66.29.25.194:80 (18%) 84.244.6.253:2345, 66.29.25.194:80 (18%) 84.244.11.226:2345 (9%) 84.244.5.183:2345, 66.29.25.194:80 (9%)
Chatter	FTP chatter HTTP chatter IRC chatter pass=4lamer5sexy7 (100%) UA=mozilla/4.0 (compatibl... (100%) sourceport= keep-alive (100%) version=1.0 (100%) filename=/mumie.exe (32%) sourceIP=qtas.netconnecti... (32%) filename=/mixit.exe (29%) full list -
Static Analysis	Antivirus labels Packed MD5 Unpacked MD5 kaspersky (70%) ircbot (40%) microsoft (40%) suspicious_malware (30%) webwasher (23%) 05ec07... (11%) 67e72b... (8%) 1c8163... (5%) 60ccb4... (5%) 694747... (5%) 859e67... (5%) diversity: 65.7% full list 05ec07... (11%) 67e72b... (8%) 60ccb4... (5%) 859e67... (5%) bb3911... (5%) bcdf9c... (5%) diversity: 64.3% full list