69.42.218.75(linkbot)

Remote Host Port Number
4c.59.85ae.static.theplanet.com 25
168.143.62.231 25
173.12.132.82 25
174.120.139.61 25
204.3.73.205 25
209.85.227.27 25
216.146.33.7 25
216.230.241.211 25
63.231.199.37 25
64.182.102.193 25
205.134.160.74 80
85.17.94.148 80
91.211.117.76 80
69.42.218.75 8878 ircd here
85.17.94.148 8080

USER dfhmiynb dfhmiynb dfhmiynb :qxujoylh
NICK vpOjlDGlp
MODE vpOjlDGlp +xi
JOIN #maxi
USERHOST vpOjlDGlp
MODE #maxi +smntu
PONG :lols.nope.com

Now talking in #maxi
Topic On: [ #maxi ] [ =Dtgg9c+FDI26EwAEY0ujNg1Wh1k/TyT1TmQuwlkMUg+h5wCP+Mbwv6vmPbLjSlNPikOIW/aBqc/LTyuLpB9FX7unRLrZcMHga7d+TiMNflzLpwOXTZErxrSTagZnH2PA++m4T8lHB6B6QWJGOAZqDwqvtCt6gQw650373+rCO8t0+r1/ETEdhc1CPgxsR70MDlWYVARXJs+0iW/7JxQ9wEvWSbgQhU8Vd4JmR8VGKEW/v4dXwQuexjuO4j2T82wftWp5DxM7DCB5tn5I7u93UZnVdIN6gRR ]
Topic By: [ duI2ZHYk ]

* The data identified by the following URL was then requested from the remote web server:
o http://down2fep.100free.com/ftp2.exe

Other details

* The following port was open in the system:

Port Protocol Process
1313 TCP mtfpqc.exe (%UserProfile%mtfpqc.exe)

* Attention! The following process was intentionally hidden from the user:

Process Name Main Module Size
UserNa 151 552 bytes

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
mtfpqc.exe %UserProfile%mtfpqc.exe 81 920 bytes
msrdllp.exe %Temp%msrdllp.exe 81 920 bytes
msakdllp.exe %Temp%msakdllp.exe 81 920 bytes
algs.exe %AppData%algs.exe 151 552 bytes
kfkeblzh.exe %UserProfile%kfkeblzh.exe 532 480 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash Alias
1 %UserProfile%kfkeblzh.exe 532 480 bytes MD5: 0x815361D261AB2F8F93E1DFAFB8BC325C
SHA-1: 0xD053D9BD9239E59ED3A8D97307E984B7DD94741B Trojan.Win32.Ircbrute [Ikarus]
2 %Temp%msakdllp.exe 200 704 bytes MD5: 0x2957D6325DC17F2E2366631B1D719BF0
SHA-1: 0x6BF353B75DF44CD4DE2F5B4AA42CA742F6FA9C05 Trojan.Win32.Ircbrute [Ikarus]
3 %Temp%msrdllp.exe 200 704 bytes MD5: 0x27AFA7D37EFB71A97261EE34DD264ED7
SHA-1: 0xF44D534A8E9DD6856AAC603BF0BB5740849216D9 Trojan.Win32.Ircbrute [Ikarus]
4 %UserProfile%mtfpqc.exe 212 992 bytes MD5: 0xF1E72B9CB845D79DD3FD604483CA09D9
SHA-1: 0xA41FB6F8B1BBB197F341F21EE9C3DD386BC4C207 Trojan.VBInject [PCTools]
Trojan.Win32.Regrun.ieo [Kaspersky Lab]
VirTool:Win32/VBInject [Microsoft]
Trojan.Win32.Ircbrute [Ikarus]

Categories: Uncategorized