Remote Host Port Number
updat1.bejsis.com 1234

NICK n[USA|XP]7239180
USER 7784 “” “lol” :7784
JOIN #dl#
NICK [USA|XP]3969837
USER 0665 “” “lol” :0665

Other details

* To mark the presence in the system, the following Mutex object was created:
o sv6Jsf868L

* The following ports were open in the system:

Port Protocol Process
1034 TCP redfil.exe (%Windir%redfil.exe)
1036 TCP redfil.exe (%Windir%redfil.exe)

* The following Host Name was requested from a host database:
o updat1.bejsis.com

Registry Modifications

* The following Registry Value was modified:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
+ Userinit =

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
redfil.exe %Windir%redfil.exe 65 536 bytes
[filename of the sample #1] [file and pathname of the sample #1] 102 400 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 c:a.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
2 %Windir%redfil.exe
[file and pathname of the sample #1] 164 864 bytes MD5: 0xA7E430A6E9DBF7D6A8821D26703C9E0B
SHA-1: 0x3D903C421C452C945FA36310BD6337673D5C5674

Categories: Uncategorized
Previous post
Next post