File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
9390d4d170cc309f16427b843842d0ef | 4d1a2fe95761d59c1e3b9202f567425aaa2f4bd7 | 3eb3044ee4ed04157fb16d1e567db515bb19776dab7d46dd5e84170c290e0969 | 3072:TOXpHv1O0NCwkOuB8GmqqWNlbKxWIgEGhkee4LhrEcc5tIc5W7mUv2jUNOPYT//z:ipTkl8GT1b | 194560 |
File Name |
---|
Telegrama%5FOnline.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|---|
N/A | Symantec |
Tool-WGe | McAfee |
N/A | Kaspersky |
Trojan-Downloader.BAT.Banload. | Kaspersky |
Path | Folder Name |
---|---|
c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5 | MSHist012011040720110408 |
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5 | ITB2CJ0C |
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 58 53 A7 3F 8B AD 96 5F B4 FB 7F 45 F0 55 01 0E 5A 2F CD E4 83 94 5C 83 0E A0 4A | 56 90 9D AB 25 40 CA 0D DC 6F E6 DA 9C E6 98 56 5A D2 DC 66 BD 37 A1 F2 A8 91 6 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/UserAssist/{5E6AB780-7743-11CF-A12B-00AA004AE837}/Count | HRZR_PGYFRFFVBA | 89 C3 53 0E 0D 00 00 00 | 09 A7 5F 0E 0E 00 00 00 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexplore | Count | 0x00000007 | 0x00000008 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexplore | Time | D9 07 0C 00 03 00 09 00 03 00 0C 00 36 00 51 02 | DB 07 04 00 04 00 07 00 05 00 03 00 2E 00 EC 02 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/BagMRU | MRUListEx | 01 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF | 00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|---|
bit.ly | Standard query response A 168.143.172.53 |
powerup-host.com | Standard query response A 67.23.226.159 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
168.143.172.53 | bit.ly:80 | /flppQp | Wget/1.5.3.1 | 0x06 |
67.23.226.159 | powerup-host.com | /2/index.php | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) | 0x06 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 20 | 18 | 1487 | 4087 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 20 | 18 | 1487 | 4087 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
01:03:33 | 2011-04-07 | 6 | 10.10.10.7 | 168.143.172.53 | -> | e | 158 | 80 | 13 | 1950 |
01:03:38 | 2011-04-07 | 6 | 10.10.10.7 | 168.143.172.53 | -> | e | 158 | 80 | 10 | 1965 |
01:03:43 | 2011-04-07 | 6 | 10.10.10.7 | 168.143.172.53 | -> | e | 158 | 80 | 6 | 633 |
01:03:49 | 2011-04-07 | 6 | 10.10.10.7 | 67.23.226.159 | -> | e | 42 | 80 | 9 | 1026 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|