173.1.102.35

Remote Host Port Number
173.1.102.35 81

NICK n[USA|XP|COMPUTERNAME]stnlxlc
USER n “” “lol” :n
JOIN #biz#
PONG 422
JOIN #USA# (null)

Registry Modifications

* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ WindowsDriverControl = “%AppData%C-76947-8457-2745winmsngrn.exe”

so that winmsngrn.exe runs every time Windows starts

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash Alias
1 %AppData%C-76947-8457-2745winmsngrn.exe
%Temp%ohu.exe 204 800 bytes MD5: 0x7DAA545339F8F372D4147B2FCA8467F4
SHA-1: 0xDE4BD39BD43881DA6D5DE10EB8E9FC63AEABCCE2 Backdoor.LolBot [PCTools]
2 [file and pathname of the sample #1] 167 936 bytes MD5: 0x77C59CAFEC6ADA7B483868E4C2474538
SHA-1: 0xA24ABC15D2A489853BE4B15AA75CA24158AD7240 Backdoor.LolBot [PCTools]
3 %System%win32app.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 (not available)

Categories: Uncategorized
Previous post
Next post