Cluster AM

21 samples (WinXP (100%))


Ports
InfectionEgg-downloadUpload
445 (76%)1032 (44%)1032 (50%)
Filenames
ProcessesExecutables
DfrgFat.exe (100%)
MSMSGS.EXE (100%)
defrag.exe (100%)		ftpupd.exe (52%)
index.dat (52%)

random 5
character filename
Registry keys
...Microsoft\Wireless (89%)

full list

Snort IDs
1:99913 (72%)
1:2000032 (67%)
1:2000033 (67%)
1:2466 (67%)
1:5001684 (67%)
1:2001683 (61%)

full list

Network chatter
FTP
pass=1 (67%)
server=StnyFtpd 0wns j0 (67%)
user=1 (67%)
exec=windervs.exe (33%)
user=a (33%)
Static analysis
MD5Antivirus labels
7d99b0... (29%)

diversity: 50.0%

full list

korgo (90%)
lsabot (90%)
padobot (90%)