Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

04 February 2013
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

03:37:00 Win2K-f 59.188.196.132 (RT-SYSTEM.COM):
NEW WORLD TELECOM LTD. HONG KONG,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a US:www.w3.org
:wbqxxftlvam.info
:opaqayqyvb.com
:cazqddlp.net
:erobkdts.net
:ppgitdcp.info
US:xkvfirfcu.biz
:keqknstmnk.net
:onqydihfa.org
US:hkilewkl.biz
:zxeckecvgf.org
:hbuukvuc.com
:knqfh.net
:lmxhocqvtfp.org
:gyelpsrqbr.net
:fsyxdypx.com
:vehjuooed.info
:xpdrmczq.info
US:dxqgeruxtq.biz
US:dzwptxgm.biz
US:bloynblo.biz
:acpmjnav.net
:njswolegit.com
:jlqzdwv.info
:jzsjcfx.net
:dlukxcyd.net
:tpyhsyi.org
:xsqnlwlmnf.info
:puroizq.info
:jjieaonjccx.com
:hoyvzxl.net
:wyxogvgsogw.org
US:xdgtbkqw.biz
:sjgrqu.com
:rksobfxg.com
:idsnwwtxqp.org
US:hunougv.biz
:mloezc.net
US:arxci.biz
:tjajqbfrcxy.org
:dsnjlbxqzbs.org
:xsemj.com
US:hjwcrelg.biz
:jjawzgqmm.info
:mmoewoytaq.info
:wbqhtueapei.net
US:rjdcgvkt.biz
US:nmzrgkj.biz
:rgaqyvenbxj.info
:dknzqto.net
:jayaclvw.net
US:zqasgh.biz
:jqgbv.net
:xfucaaqyzls.info
:exzzdwtzu.net
:epedjezs.info
:xlxybshmrpk.com
:airpywxp.info
:mjnclpkyr.info
:jqdrnbwg.com
:ftiiettq.org
US:128.30.52.37:80
EE:195.50.195.10:443
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

04:41:00 Win2K-f 111.253.150.181 (-):
. n/a :www.google.com
:uzosqfly.org
:fufgzivr.info
:uxslpoctr.info
:kpifk.net
:vlkfjvuwxa.org
US:kkjywousbim.biz
:bqkcdtect.info
:mmfqi.info
:pfwgxcou.info
:yyokgqwa.net
:kdqmlvdiens.org
:rksobfxg.com
:mloezc.net
:tnqtjt.org
:puccbsmwp.com
:zorhn.com
:knqfh.net
:qgntqncu.info
:ufuwf.net
:jayaclvw.net
:ppdzcla.org
:rgaqyvenbxj.info
US:akijpbhvd.biz
:cutssnyi.net
:vdrkql.com
:mmoewoytaq.info
:htqevgyhdpa.com
:yqploazdp.org
:chkkx.org
:hntcczcbeu.com
:dlyddroq.org
:rthtrdjedy.com
:hugxkbhlabs.info
:grulmets.org
US:dzwptxgm.biz
:tjajqbfrcxy.org
US:nmzrgkj.biz
:rzxffh.com
:vuhnpvhlft.org
:twkhwprcevn.com
:qncuavnab.com
:zmduqoxglso.net
:seflluqh.info
:jzsjcfx.net
US:ejsolnw.biz
:kjoqefz.info
:zfyxvfou.com
:ylrmkfy.com
:sjlzbxworpu.com
:vdpudmo.com
:cbfopagk.net
:dlljra.org
:tswaxsrtvd.net
:wbqhtueapei.net
:erobkdts.net
US:xkvfirfcu.biz
:ctihenlzw.com
:vylomgzs.com
US:zryeydzc.biz
:joqekjus.net
EE:www.starman.ee
FI:www.if.ee
US:149.20.56.32:80
FI:194.215.38.135:80
US:204.152.184.139:80
EE:62.65.192.25:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

06:35:00 Win2K-f 42.112.16.40 (-):
. n/a :www.maxmind.com
:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
DE:131.220.6.26:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 5 of 37 741c93f3c1
NEW none[3] none:none
UPX| none trace

T:07:03:00 WinXP 49.125.67.63 (-):
. 213.155.14.161:80 DE:citi-bank.ru
DK:bem.dk
US:banboon.com
MY:bdb.com.my
TH:baulaung.org
IR:bazyar-arya.com
:barlikinsaat.com.tr
TR:basamakhalisi.com
:parex-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 57d9829b6a
NEW none[none] none:none
none|none none none

07:48:00 Win2K-f 95.30.39.40 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a :lytyum.net
:apnjzyazuyj.net
:kdqmlvdiens.org
:baxiopg.org
:qvethwwaat.org
US:hunougv.biz
:jayaclvw.net
:koaodg.info
US:ozbyissad.biz
US:dmrlyrpvgmt.biz
:seflluqh.info
:mbdvapbg.com
:geiysohg.info
:chvtoptwg.org
:bebev.org
:dhxkeedzhro.org
:jwriwofve.org
:wyxogvgsogw.org
:xsemj.com
US:zqasgh.biz
:zfyxvfou.com
:uwvgfurzq.com
:ufaqyd.com
:njswolegit.com
:chkkx.org
US:nxbhnwi.biz
:tbodnueg.info
:dsnjlbxqzbs.org
:dlljra.org
:iwdsx.org
:cutssnyi.net
US:bpokvnc.biz
:kjoqefz.info
:jqlfyova.org
:bqkcdtect.info
:hqojxh.info
:onqydihfa.org
US:xkvfirfcu.biz
:tpyhsyi.org
:gyelpsrqbr.net
:sjlzbxworpu.com
:rbuhdlaj.org
:jqgbv.net
US:sysnorj.biz
:tutyxsvde.info
:yqploazdp.org
:wdgndjoqy.info
:tozgsccijhp.info
:puccbsmwp.com
:woggdnwc.org
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
3 lines Argh : 0.3
profile none summary
tarball none none none none none none none

08:07:00 Win2K-f 178.20.227.160 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a
FI:194.215.38.135:80
EE:195.50.195.10:443
EE:62.65.192.24:80 445 pcap raw alerts
ruleset http
6 lines Argh : 0.3
profile none summary
tarball none none none none none none none

08:48:00 Win2K-f 122.170.7.21 (122.AIRTELBROADBAND.IN):
ABTS-WEST-DSL-MUM,
MUMBAI, MAHARASHTRA, IN. (DSL) n/a :www.maxmind.com
US:checkip.dyndns.org
:www.getmyip.org
:getmyip.co.uk
174.36.207.186:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 223d8089f8
NEW none[3] none:none
StarForce| none trace

T:10:11:00 WinXP 109.110.132.155 (JWS.COM):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none 25b0ac0c3c
NEW none[none] none:none
none|none none none

T:12:14:00 WinXP 46.119.244.95 (-):
. n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 42 22340630ac
NEW none[none] none:none
none|none none none

13:28:00 Win2K-f 122.155.167.90 (MOL.GO.TH):
CAT TELECOM PUBLIC COMPANY LTD,
TH. (DSL) n/a :www.maxmind.com
US:checkip.dyndns.org
:www.getmyip.org
:getmyip.co.uk
DE:131.220.6.26:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 2 of 37 223d8089f8
NEW none[3] none:none
StarForce| none trace

14:00:00 Win2K-f 207.238.142.30 (XO.NET):
XO COMMUNICATIONS,
NOVATO, CALIFORNIA, US. (DSL) n/a :vdrkql.com
US:rzmzfzz.biz
:swwfirjp.com
:rrrjwqvcklt.net
US:eebymi.biz
:budajpqrol.com
:rbuhdlaj.org
:abspppyuo.info
US:kjteajvm.biz
:mmfqi.info
:hbuukvuc.com
US:ejsolnw.biz
:qdxfumfogid.net
:ufuwf.net
:jayaclvw.net
US:dmrlyrpvgmt.biz
:xgomzfssib.org
:zfyxvfou.com
:mloezc.net
US:nmzrgkj.biz
:chkkx.org
:lxotzplkzq.com
:kjoqefz.info
:ywpointl.org
:opaqayqyvb.com
:lmugo.net
:cqqjfysvt.info
:hntcczcbeu.com
:geiysohg.info
US:ozbyissad.biz
US:149.20.56.32:80
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:15:16:00 WinXP 186.198.223.157 (-):
. n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 42 22340630ac
NEW none[none] none:none
none|none none none

16:17:00 Win2K-f 95.28.184.30 (CORBINA.RU):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (100Mbps) n/a US:checkip.dyndns.org
:www.getmyip.org
:getmyip.co.uk
DE:131.220.6.26:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:17:32:00 WinXP 186.34.234.56 (-):
. n/a DE:moscow-advokat.ru
:london.uk.eu.undernet.org
NL:diemen.nl.eu.undernet.org
NL:broekhuisjuweliers.nl
:lia.zanet.net
NL:brussels.be.eu.undernet.org
TH:btech.ac.th
:caen.fr.eu.undernet.org
SE:vancouver.dal.net
TR:btr.gen.tr
:washington.dc.us.undernet.org
SE:broadway.ny.us.dal.net
TR:burakasansor.com
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 41 of 43 048b720afe
NEW none[none] none:none
none|none none none

17:48:00 Win2K-f 109.55.100.250 (JWS.COM):
EU-ZZ,
UK. (DSL) n/a
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

20:06:00 Win2K-f 103.13.101.30 (-):
. n/a US:www.yahoo.com
:vglnlolz.com
:oiqwagr.info
:fwktgrai.info
US:aewmvhmnaxm.biz
:motmugkyl.org
:cfyij.org
US:cbxexjig.biz
:wpizyxeni.org
:nfsiz.info
US:ttwermo.biz
:xobxwx.net
:xbauqpa.net
:dtdmczanfe.com
:pwtoybp.info
:hewnlrp.info
:eynpbmbxb.net
:bvymbjhyj.info
:jtjgh.com
:nmnijmri.net
:ooshbdjt.org
US:ldtfs.biz
:uiutyi.com
US:rukjfokskrp.biz
US:ukgcny.biz
:corljeqvcj.org
:dnfxpxxanjr.org
:rgndgbrbb.org
:thlsjvvqlmd.org
:khpkprymjsw.info
:lgxhywaax.org
:twdqny.org
:xhdhxtezm.net
US:anpfflec.biz
US:mmjlaku.biz
:bhisihqghq.info
:rdtxvrmim.info
:bvgzfgsbp.org
US:lojaomzjnb.biz
:koyabddazhw.net
US:pdwqdprfwcl.biz
:mwmfiufid.net
US:aphljsrd.biz
:fimuoikcxk.org
US:clsidlqu.biz
:kghilxjo.org
:nlzyztlljlu.info
:zvynydbyl.info
US:sdsdpbplu.biz
US:nrsghnvmrof.biz
:boggwtvli.com
:njlinw.info
:atljm.net
US:jmfoigolf.biz
:ndjxcyxj.net
:tjehxpuc.com
:qhhqlxl.info
:epadqh.com
:farptcynn.org
:nxvzqixydj.org
:ibcccwt.org
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
4 lines Argh : 0.3
profile none summary
tarball none 0be51ddbd6
NEW none[none] none:none
none|none none none

21:40:00 Win2K-f 190.111.22.250 (GRUPONAVEGA.COM):
NAVEGA.COM S.A,
GT. (DSL) n/a :www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
:www.getmyip.org
DE:131.220.6.26:80
174.36.207.186:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace