[[techdocs:security:malware:3018e3b251119fd3215489f1f233a328]]
 
Trace: » security » howto » lvm » screen » clamav » alphalinux » dhcpserver » nepenthes » commandline » 3018e3b251119fd3215489f1f233a328

Research Notes for 3018e3b251119fd3215489f1f233a328

Summary

Loaded program on WinXP Home for 1 week. After execution, the app attempted to connect to a IRC server irc.sohbetini.net without success (SYNs went without replies).

The hostname for the server continued to resolve until Jan 4, 2010 11:40:20, when it was apparently removed from DNS.

On Jan 7, 2010 13:12:56, the software began to scan 172.16/16 for 445/tcp.

Analysis was terminated on Sat Jan 9 10:08:43 EST 2010

Pcap file: 3018e3b251119fd3215489f1f233a328.1.pcap

 
techdocs/security/malware/3018e3b251119fd3215489f1f233a328.txt · Last modified: 2010/01/09 09:09 by earnoth
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki