Remote Host Port Number
204.232.192.26 5900
NICK VirUs-hhefhkdz
USER VirUs “” “ydf” :
8Coded
8Ahmed.Ramzey@Hotmail.Com..
PASS Virus
Registry Modifications
* The following Registry Key was created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-00WE-AAX5-77EF1D187562}
* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-00WE-AAX5-77EF1D187562}]
+ StubPath = “c:RESTOREk-1-3542-4232123213-7676767-8888886JUZZ.exe”
so that JUZZ.exe runs every time Windows starts
Interesting ports on 204-232-192-26.static.cloud-ips.com (204.232.192.26):
Not shown: 1688 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh (protocol 2.0)
69/tcp filtered tftp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1433/tcp filtered ms-sql-s
4444/tcp filtered krb524
5900/tcp open vnc?