Cluster A

2701 samples (WinXP (100%))

Ports
Infection Egg-download Upload
445 (69%) 1032 (68%)
1031 (31%) 1032 (68%)
1031 (32%)

Filenames
Processes Executables
MSMSGS.EXE (100%)

random 5/6/7/8
character filename ftpupd.exe (100%)

random 5/6/7/8
character filename

Registry keys
...Microsoft\Wireless (100%)
full list

Snort IDs
1:2000032 (100%)
1:2000033 (100%)
1:2466 (100%)
1:3000003 (100%)
1:99913 (100%)
1:3000000 (100%)
full list

Static analysis
MD5 Antivirus labels Domain
7d99b0... (46%)
3ae357... (11%)
a0139d... (8%)
1fcc14... (5%)
986b59... (5%)
diversity: 3.6%
full list
korgo (100%)
padobot (100%)
lsabot (100%) adult-empire.com (100%)
asechka.ru (100%)
citi-bank.ru (100%)
color-bank.ru (100%)
crutop.nu (100%)
kavkaz.ru (100%)
full list