File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
ce48c3c03aa847ca3028436600d37415 | 50236d6e8a3f82e96c34f6eab35753b8276536e8 | 0e5c0381d38c412e64cd4c75d42f8f8df91b4255da6264439949ba2d595a83df | 768:bVS7w7A0Kn1Jz1F1IpX4aa4vdh65tbmbzM1bgZvi63xnbcuyD7U:E7w7jX4aZvdhitiXMJg9i63x | 41472 |
File Name |
---|
dgh4.txt.exe |
Snort Class | Snort Alert | Count |
---|---|---|
Misc Attack | ET RBN Known Russian Business Network IP TCP (25) | 4 |
Misc Attack | ET DROP Spamhaus DROP Listed Traffic Inbound | 1 |
AV Alert | AV Vendor |
---|---|
Backdoor.Trojan | Symantec |
Generic | McAfee |
Backdoor.Win32.VB.lvn | Kaspersky |
N/A | Symantec |
N/A | McAfee |
Trojan-Ransom.Win32.XBlocker.aok | Kaspersky |
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 7C 02 F0 97 68 E7 07 C1 12 BC 81 79 A4 89 1B 81 9E 58 B5 78 69 C8 AA 79 6C 20 A9 | 56 05 17 7B 78 16 B9 DD CE EE B9 47 07 F7 DA 4B B1 9B 96 56 F0 93 1A FA 2C B7 2 |
modified | HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19 | RefCount | 0x00000002 | 0x00000001 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/ControlSet001/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 18 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|---|
mskla.com | Standard query response A 193.105.207.31 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 20 | 16 | 2423 | 2060 |
17 | 2 | 0 | 350 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 20 | 16 | 2423 | 2060 |
1900 | 17 | 2 | 0 | 350 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
05:04:06 | 2010-07-07 | 6 | 10.10.10.7 | 193.105.207.31 | -> | e | 122 | 80 | 9 | 1121 |
05:05:09 | 2010-07-07 | 6 | 10.10.10.7 | 193.105.207.31 | -> | e | 410 | 80 | 9 | 1121 |
05:06:18 | 2010-07-07 | 6 | 10.10.10.7 | 193.105.207.31 | -> | e | 91 | 80 | 9 | 1121 |
05:07:22 | 2010-07-07 | 6 | 10.10.10.7 | 193.105.207.31 | -> | e | 616 | 80 | 9 | 1120 |
05:09:29 | 2010-07-07 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|