Cluster N

94 samples (Win2K-f (63%)
WinXP (37%))

Ports
Infection Listen Egg-download
445 (48%)
139 (18%) 135 (89%)
500 (89%)
1026 (89%) 445 (73%)
68 (65%)
139 (27%)

Filenames
Processes Executables
MSMSGS.EXE (37%)
msupdates.exe (30%) index.dat (97%)
msupdates.exe (43%)
wupdate.exe (37%)

Registry keys
...CurrentVersion\RunServices (100%)
...CurrentVersion\Run (67%)
...InternetSettings\5.0 (67%)
full list

Snort IDs
1:1390 (100%)
1:2001683 (100%)
1:5001684 (100%)
1:99998 (100%)
1:2001944 (73%)
1:3000006 (73%)
full list

Network chatter
FTP
pass=1 (100%)
user=1 (100%)
server=StnyFtpd 0wns j0 (56%)
server=NzmxFtpd 0wns j0 (44%)
exec=msupdates.exe (30%)

Static analysis
MD5 Antivirus labels
7df646... (30%)
a3e1e3... (17%)
51be10... (14%)
418432... (6%)
2a8ea0... (5%)
diversity: 26.6%
full list
sdbot (100%)
vipre (100%)
sheur (62%)
behav (61%)
rbot (59%)
ircbot (45%)
full list