Remote Host | Port Number |
174.120.205.250 | 81 |
NICK n[USA|XP]0115398
USER s “” “lol” :s
JOIN #newbin#
PONG 422
JOIN #USA (null)
- The following port was open in the system:
Port | Protocol | Process |
1055 | TCP | msnd.exe (%AppData%msnd.exe) |
Registry Modifications
Memory Modifications
- There was a new process created in the system:
Process Name | Process Filename | Main Module Size |
msnd.exe | %AppData%msnd.exe | 65 536 bytes |
| | File System Modifications - The following files were created in the system:
# | Filename(s) | File Size | File Hash | Alias | 1 | %AppData%msnd.exe [file and pathname of the sample #1] | 155 648 bytes | MD5: 0x0935ED1DC39BAEB138F576A12CEC4C56 SHA-1: 0x53C2F7207DBBD11F95DA7D87584A8471F1659725 | Backdoor.LolBot [PCTools] | 2 | %System%winlogon.txt | 0 bytes | MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 | (not available) | |
| | |