r0-n3.onecik.pl(kuwait botnet user)

Remote Host Port Number
208.43.247.56 80
66.252.13.221 32322
NICK yjbuqskn
JOIN #t4 l4m
PRIVMSG #t4 :done
USER yjbuqskn * 0 :COMPUTERNAME
MODE yjbuqskn +ix

* The following port was open in the system:

Port Protocol Process
1051 TCP PerNet.exe (%Windir%PerNet.exe)

Registry Modifications

* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ MSN = “%Windir%PerNet.exe”

so that PerNet.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
PerNet.exe %Windir%pernet.exe 319 488 bytes

Now talking in #t4
Topic On: [ #t4 ] [ .visit http://www.kuwait29.com/vb/search.php?searchid=22173 -s ]
Topic By: [ r00t ]

Categories: Uncategorized
Previous post