“Red October”. Detailed Malware Description 2. Second Stage of Attack
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 5f730863-0c76-4f6b-8747-b9fff5b98ff0 |
| Fingerprint | fc140d538da3a397 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 17, 2013, 4:08 p.m. |
| Added to db | Jan. 16, 2023, 4:58 p.m. |
| Last updated | Nov. 14, 2024, 2:04 p.m. |
| Headline | “Red October”. Detailed Malware Description 2. Second Stage of Attack |
| Title | “Red October”. Detailed Malware Description 2. Second Stage of Attack |
| Detected Hints/Tags/Attributes | 83/2/66 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 246 | mail.ru |
|
| Details | Domain | 5 | nt-windows-online.com |
|
| Details | Domain | 4 | nt-windows-update.com |
|
| Details | Domain | 4 | nt-windows-check.com |
|
| Details | Domain | 1 | defrag.exe-273f131e.pf |
|
| Details | Domain | 1 | dumpbin.exe-0751b17c.pf |
|
| Details | Domain | 8 | 2ip.ru |
|
| Details | Domain | 3 | myip.ru |
|
| Details | Domain | 2 | smart-ip.net |
|
| Details | Domain | 2 | www.myip.ru |
|
| Details | File | 9 | defrag.exe |
|
| Details | File | 6 | dumpbin.exe |
|
| Details | File | 1 | updatejusched.exe |
|
| Details | File | 1 | datagoogleupdategoogleupdate.exe |
|
| Details | File | 1 | filesmessengermsmsgs.exe |
|
| Details | File | 1 | files7-zip7-zip.dll |
|
| Details | File | 1 | windowssystem32vboxtray.exe |
|
| Details | File | 32 | prefs.js |
|
| Details | File | 29 | profiles.ini |
|
| Details | File | 1 | profile.ini |
|
| Details | File | 1 | opera6.ini |
|
| Details | File | 4 | www.myi |
|
| Details | File | 1 | settingstemptmpxx.tmp |
|
| Details | File | 1 | infosysinfo_%u_%s.bin |
|
| Details | File | 1 | infosysinfo_x_00000000_000000_000.txt |
|
| Details | File | 1 | tmpxx.tmp |
|
| Details | File | 1 | mozillafirefoxprofiles%profilename%places.sql |
|
| Details | File | 104 | sqlite3.dll |
|
| Details | File | 10 | shdocvw.dll |
|
| Details | File | 2 | global_history.dat |
|
| Details | File | 1 | global.dat |
|
| Details | md5 | 1 | 5447848f3a5fdaf97c498190ed501620 |
|
| Details | md5 | 1 | 1b840c5b45cd015f51010e12938b528a |
|
| Details | md5 | 1 | 65820769534fec10958573d1c8a545a8 |
|
| Details | md5 | 1 | e36b94cd608e3dfdf82b4e64d1e40681 |
|
| Details | md5 | 1 | a2fe73d01fd766584a0c54c971a0448a |
|
| Details | Windows Registry Key | 1 | HKLMUserinit |
|
| Details | Windows Registry Key | 1 | HKCUSoftwareVB |
|
| Details | Windows Registry Key | 1 | HKCUSoftwareMail.ruAgentAgent |
|
| Details | Windows Registry Key | 2 | HKCUSoftwareMicrosoftWindowsShellNoRoamMUICache |
|
| Details | Windows Registry Key | 1 | HKLMSoftwareOracle |
|
| Details | Windows Registry Key | 1 | HKCUSoftwareCIT |
|
| Details | Windows Registry Key | 1 | HKLMSoftware |
|
| Details | Windows Registry Key | 1 | HKLMSoftwareBaw |
|
| Details | Windows Registry Key | 1 | HKLMSoftwareBaw2 |
|
| Details | Windows Registry Key | 5 | HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun |
|
| Details | Windows Registry Key | 3 | HKCRCLSID |
|
| Details | Windows Registry Key | 7 | HKLMSOFTWAREMicrosoftWindows |
|
| Details | Windows Registry Key | 1 | HKCUSOFTWAREVB |
|
| Details | Windows Registry Key | 1 | HKCUSoftwareMicrosoftOffice12.0CommonGeneral |
|
| Details | Windows Registry Key | 1 | HKCUSoftwareMail.RuAgent |
|
| Details | Windows Registry Key | 1 | HKLMSOFTWAREClassesInstallerProducts |
|
| Details | Windows Registry Key | 1 | HKLMSOFTWAREMicrosoftWindowsCurrentVersionSetup |
|
| Details | Windows Registry Key | 3 | HKCUSOFTWAREMicrosoftWindows |
|
| Details | Windows Registry Key | 1 | HKLMSoftwareNokia |
|
| Details | Windows Registry Key | 1 | HKLMSoftwareHTC |
|
| Details | Windows Registry Key | 1 | HKLMSystemCurrentControlSetControlDeviceClasses |
|
| Details | Windows Registry Key | 1 | HKCRSonyEricsson.PCCompanion.1CLSID |
|
| Details | Windows Registry Key | 1 | HKLMSystemControlSet001EnumRootWPD000 |
|
| Details | Windows Registry Key | 1 | HKLMSYSTEMCURRENTCONTROLSETENUMUSB |
|
| Details | Windows Registry Key | 1 | HKLMSYSTEMRAdmin |
|
| Details | Windows Registry Key | 1 | HKLMSOFTWAREMicrosoftInternet |
|
| Details | Windows Registry Key | 1 | HKCRttpshellopencommand |
|
| Details | Windows Registry Key | 1 | HKCRhttpsshellopencommand |
|
| Details | Windows Registry Key | 1 | HKCRhtmfileshellopencommand |
|
| Details | Windows Registry Key | 1 | HKCRmailtoshellopencommand |