Cluster W

Ports	Attack port 445 (100%)
Files	Drops msnmanegers.exe (100%)
Snort	Snort IDs Snort Egg IDs Snort Outbound IDs 1:21390:5 (100%) 1:299998:1 (100%) 1:23003:4 (42%) 1:3000006:99 (91%) 1:2000427:9 (88%) -
Servers	DNS Lookups Failed connections C & C IPs US:hail.dns2go.com (52%) CN:scorti1.dns2go.com (48%) CN:hail.dns2go.com (43%) US:scorti1.dns2go.com (39%) DE:proxim.ircgalaxy.pl (35%) CN:211.96.97.44:7000 (57%) CN:218.93.14.236:7000 (52%) 211.96.97.44:7000 (44%) 85.114.137.60:65520, 211.96.97.44:7000 (25%) 85.114.137.60:80, 211.96.97.44:7000 (12%)
Chatter	FTP chatter HTTP chatter IRC chatter exec=msnmanegers.exe (100%) user=a (97%) pass=a (94%) - -
Static Analysis	Antivirus labels Packed MD5 Unpacked MD5 sophos (100%) kaspersky (97%) virut (97%) webwasher (97%) fortinet (94%) microsoft (87%) full list 01506e... (6%) 18b909... (6%) a7e366... (6%) diversity: 90.9% full list diversity: 100.0%