91.121.96.150

By Pig, July 21, 2010

Remote Host Port Number
91.121.96.150 51987

NICK pLagUe{USA}07719
JOIN #trees
MODE pLagUe{USA}07719 -ix
USER SkuZ * ok
TeaM UniX b0at 0.4
PONG 33AF95EA
PRIVMSG #trees :
New PC Infected.

Other details

* The following port was open in the system:

Port Protocol Process
1052 TCP raidhost.exe (%Windir%raidhost.exe)

Registry Modifications

* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ raidhost = “raidhost.exe”

so that raidhost.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
raidhost.exe %Windir%raidhost.exe 352 256 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 %Temp%melt.bat 161 bytes MD5: 0x024EB0B24ECF5D51B62A03706A4B492B
SHA-1: 0xE9BFB2789398A8BECEFD8DC8B5205009771F2A23
2 %Windir%raidhost.exe
[file and pathname of the sample #1] 94 208 bytes MD5: 0xCFCA56F72A254259DFFF77A431565DAE
SHA-1: 0xD72383AE1A826A801657329F61DDF6C6F009127F
3 %System%YoItzVlad.tmp 5 bytes MD5: 0xD356C81C0BDF1FE2059EABDA720CA0D4
SHA-1: 0x6A09BBFD26586342F7A9F19B82EBBE5AAB023E06

Categories: Uncategorized
Previous post
Next post