66.187.110.154

By Pig, October 13, 2010

Remote Host Port Number
66.187.110.154 81

NICK n[USA|XP|COMPUTERNAME]kspycmw
USER n “” “lol” :n
JOIN #biz#
PONG 422

* The following directory was created:
o %AppData%C-76947-8457-2745

Registry Modifications

* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ WindowsDriverControl = “%AppData%C-76947-8457-2745winmsngrn.exe”

so that winmsngrn.exe runs every time Windows starts

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash Alias
1 %AppData%C-76947-8457-2745winmsngrn.exe
[file and pathname of the sample #1] 323 584 bytes MD5: 0x8C9C7514D35942F7D2402E8CCDC6C07D
SHA-1: 0x08DE75091666158536F73DB0D8FC384C0FEDC38E Backdoor.LolBot [PCTools]
2 %System%win32app.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 (not available)

Categories: Uncategorized
Previous post
Next post