Pattern JUL-AUGL

37 samples (WinXP (100%))


Ports
InfectionListenEgg-downloadUpload
445 (70%)
1033 (19%)
1034 (11%)
9996 (97%)
1032 (60%)
1033 (60%)
5554 (29%)
445 (26%)
9996 (92%)
445 (32%)
9996 (76%)
Filenames
ProcessesExecutables
MSMSGS.EXE (100%)
ftp.exe (57%)

random 7/8
character filename
index.dat (97%)
cmd.ftp (61%)
avserve2.exe (28%)

random 8
character filename
Snort IDs
1:2466 (97%)
1:99913 (97%)
1:2000047 (92%)
1:3000004 (76%)
1:2001056 (30%)
1:2001569 (30%)

full list

Network chatter
FTP
user=anonymous (97%)
pass=bin (94%)
server=OK (91%)
destport=1033 (60%)
Static analysis
MD5Antivirus labels
None (65%)
1a2c0e... (19%)
831f4e... (8%)

full list

jobaka (83%)