sohbet.az(botnet hosted in Germany Hetzner Online Ag)

Remote Host Port Number
173.192.225.170 80
64.211.162.99 80
67.202.66.171 80
67.202.66.203 80
67.202.94.86 80
75.126.182.189 80
95.168.183.188 80
178.63.104.143 6667

NICK USA|51200
USER svkhl 0 0 :USA|51200
JOIN #Dos!
USERHOST USA|51200
MODE USA|51200 -x+i
PRIVMSG #Dos! :-
shell
– File opened: www.siber.gen.tr

Registry Modifications

* The following Registry Key was created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Service Agent = “dosyn.exe”

so that dosyn.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
+ Windows Service Agent = “dosyn.exe”

so that dosyn.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Windows Service Agent = “dosyn.exe”

so that dosyn.exe runs every time Windows starts

infos about hosting:
http://whois.domaintools.com/178.63.104.143

Categories: Uncategorized