File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
08d100768bee6ba22fbc7583049698c3 | 64ff9444f173cd19cdd31bf7bd1c716f63ced81f | a4a5b5767ab8308493ec7e4985805a7af09a6b32f331e19030acbe85ad0e10ba | 1536:WrjvZfuH2JcrmrnWLYC7ZOn5m6pEGckMst+xzx92XGV1:qUH2OrAYO8k1kzxMWT | 90213 |
File Name |
---|
Postales.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|---|
N/A | Symantec |
N/A | McAfee |
Trojan.Win32.Llac.acaz | Kaspersky |
Path | Folder Name |
---|
Path | File Name |
---|---|
c:/WINDOWS/Prefetch | SANDNET.EXE-2012C478.pf |
c:/WINDOWS | scssrr.exe |
c: | netstat_post.txt |
c: | taskv_post.txt |
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 99 2C D9 54 7C 8A B1 4B D8 AC A7 92 E0 19 29 FA 6E 4C E3 93 EE 9A E6 24 2E FA 44 | CE 7C FD 66 62 2D 81 7B 94 6F 48 94 03 F5 C0 8D C8 29 26 A3 A2 9A 91 3A E5 06 1 |
DNS | DNS Response |
---|---|
krikoperurlz.mooo.com | Standard query response A 200.108.108.43 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
17 | 4 | 0 | 700 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
1900 | 17 | 4 | 0 | 700 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
04:19:25 | 2011-06-27 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 4002 | 1900 | 2 | 350 |
04:19:31 | 2011-06-27 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 4002 | 1900 | 1 | 175 |
04:19:34 | 2011-06-27 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 413 | 1900 | 1 | 175 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|