Resolved : [zaber.zaberhmar.com] To [109.236.86.227]
Resolved : [zaber.zaberhmar.com] To [80.79.115.30]
Resolved : [zaber.zaberhmar.com] To [109.236.80.114]
Resolved : [zaber.zaberhmar.com] To [217.23.9.116]
Resolved : [zaber.zaberhmar.com] To [94.102.56.158]
Resolved : [zaber.zaberhmar.com] To [50.7.241.242]
Resolved : [zaber.zaberhmar.com] To [80.82.64.69]
Resolved : [zaber.zaberhmar.com] To [217.23.1.100]
Resolved : [zaber.zaberhmar.com] To [217.23.7.147]
TCP Connection Attempts:
109.236.80.114:8800
80.79.115.30:8800
109.236.86.227:8800
217.23.9.116:8800
94.102.56.158:8800
50.7.241.242:8800
Malware injects to explorer.exe
Registry Values Modified:
Key Name New Value
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon Taskman C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1830zaberg.exe
HKUS-1-5-21-842925246-1425521274-308236825-500SOFTWAREMicrosoftWindows NTCurrentVersionWinlogon Shell explorer.exe,C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1830zaberg.exe
HKUS-1-5-21-842925246-1425521274-308236825-500SoftwareMicrosoftWindowsCurrentVersionRun zaber0 C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1830zaberg.exe
Files Created:
C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1830
C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1830Desktop.ini
C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1830zaberg.exe
Directories Created:
C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1830
hosting infos:
http://whois.domaintools.com/109.236.86.227