Remote Host Port Number
67.202.108.14 6567 PASS s1m0n3t4
MODE [SI|USA|00|P|27568] -ix
JOIN #nuevocsm# c1rc0dus0leil
PRIVMSG #nuevocsm# :[p2p]: File injected to peer2peer folders.
PRIVMSG #nuevocsm# :WinRAR Injection Activated
PONG Coupe2.Network
NICK [SI|USA|00|P|27568]
USER XP-5246 * 0 :COMPUTERNAME
* The following port was open in the system:
Port Protocol Process
1053 TCP oldbin.exe (%Windir%oldbin.exe)
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Ci Servs = “oldbin.exe”
so that oldbin.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun]
+ Ci Servs = “oldbin.exe”
so that oldbin.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
oldbin.exe %Windir%oldbin.exe 335 872 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 %Windir%oldbin.exe
[file and pathname of the sample #1] 86 016 bytes MD5: 0x218FDBFAB94FE1D132F7C688CC2644DA
SHA-1: 0xD9E375D8BDACBB466637A11F49D72C06798A3ED1