Trojan.DownLoader10.46484

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'engel' = '%APPDATA%\updates\updates.exe'

Создает или изменяет следующие файлы:

%HOMEPATH%\Start Menu\Programs\Startup\updates.exe

Вредоносные функции:

Для обхода брандмауэра удаляет или модифицирует следующие ключи реестра:

[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'

Запускает на исполнение:

'<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="<Имя вируса>" dir=in action=allow program="<Полный путь к вирусу>"

Изменяет следующие настройки браузера Windows Internet Explorer:

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe'

Изменения в файловой системе:

Создает следующие файлы:

%APPDATA%\engel\updates.exe

Сетевая активность:

Подключается к:

'89.##5.92.20':3128
'91.##9.160.117':3128
'93.##9.222.154':3128
'77.##6.66.102':3128
'78.##1.26.173':3128
'37.##.157.168':3128
'2.###.130.199':3128
'19#.#6.245.30':3128
'2.###.241.42':3128
'92.##.139.70':3128
'95.##9.217.65':3128
'41.##7.206.248':3128
'78.#8.2.120':3128
'19#.#5.74.221':3128
'41.##.158.66':3128
'91.##5.73.249':3128
'46.#6.33.39':3128
'19#.#3.97.170':3128
'5.###.21.110':3128
'18#.#5.139.142':3128
'77.##6.121.163':3128
'10#.#85.58.240':3128
'18#.#90.153.75':3128
'37.##4.147.248':3128
'37.##.181.47':3128
'92.##.183.165':3128
'5.###.238.33':3128
'19#.#06.205.187':3128
'18#.#58.43.175':3128
'19#.#98.216.171':3128
'11#.#39.85.2':3128
'18#.#4.190.173':3128
'84.##0.203.242':3128
'20#.#42.34.69':3128
'46.##0.146.122':3128
'20#.#7.124.246':3128
'2.##4.17.78':3128
'20#.#4.234.45':3128
'2.###.128.191':3128
'85.##0.81.228':3128
'18#.#31.72.134':3128
'18#.#90.151.196':3128
'5.###.106.45':3128
'10#.#9.167.34':3128
'2.###.68.228':3128
'95.##9.216.10':3128
'19#.#05.144.235':3128
'18#.#9.213.23':3128
'22#.#80.58.192':3128
'19#.#55.209.166':3128
'2.###.146.102':3128
'2.###.34.250':3128
'85.##5.11.76':3128
'5.##.109.24':3128
'41.##0.167.121':3128
'18#.#18.61.146':3128
'91.##9.161.39':3128
'91.##9.160.220':3128
'18#.#3.252.193':3128
'37.##4.151.66':3128
'46.#6.33.98':3128
'37.##.150.112':3128
'20#.#3.183.98':3128
'5.##8.19.13':3128
'78.#8.2.121':3128
'20#.#43.138.226':3128
'37.##4.146.43':3128
'19#.#06.46.82':3128
'59.#4.0.40':3128
'91.##9.162.77':3128
'95.##.196.38':3128
'2.###.134.238':3128
'95.##.160.112':3128
'84.##0.202.216':3128
'15#.#81.190.170':3128
'19#.#7.33.180':3128
'92.#7.70.60':3128
'2.###.121.43':3128
'15#.#81.161.6':3128
'18#.#8.193.223':3128
'18#.#9.129.245':3128
'2.###.154.201':3128
'46.##.33.221':3128
'24.##8.204.220':3128
'41.##3.250.224':3128
'2.###.14.181':3128
'18#.#94.246.174':3128
'85.#.122.146':3128
'31.#7.45.64':3128
'93.##2.250.41':3128
'10#.#28.170.156':3128
'92.##.130.141':3128
'95.##9.216.236':3128
'18#.#68.13.159':3128
'37.##.180.248':3128
'20#.#09.164.83':3128
'19#.#5.102.184':3128
'77.##6.41.203':3128
'19#.#98.161.246':3128
'18#.#0.88.100':3128
'18#.#3.197.144':3128
'18#.#3.149.25':3128
'41.##0.157.142':3128
'17#.#2.72.234':3128
'20#.#3.117.146':3128
'19#.#7.160.230':3128
'5.###.20.221':3128
'18#.#31.125.51':3128
'17#.#24.74.210':3128
'49.##6.35.10':3128
'2.###.127.135':3128
'5.###.208.138':3128
'95.##9.217.148':3128
'18#.#08.198.53':3128
'2.###.133.21':3128
'85.#.97.58':3128
'19#.#06.180.23':3128
'21#.#6.21.53':3128
'11#.#84.116.43':3128
'2.##4.21.82':3128
'11#.#3.158.187':3128
'19#.#06.67.12':3128
'18#.#8.209.171':3128
'17#.#23.175.251':3128
'19#.#04.226.166':3128
'18#.#43.140.122':3128
'95.##.93.137':3128
'18#.#5.203.181':3128
'18#.#.127.226':3128
'41.##3.222.12':3128
'11#.#07.166.171':3128
'16#.#46.45.208':3128
'95.##.100.11':3128
'11#.#35.148.119':3128
'37.##8.247.159':3128
'92.##.102.254':3128
'95.##.67.109':3128
'17#.#00.132.43':3128
'37.##.145.47':3128
'95.##9.217.25':3128
'46.##.57.114':3128
'95.##2.109.119':3128
'94.##9.164.190':3128
'18#.#8.199.56':3128
'41.##0.192.238':3128
'10#.#09.53.51':3128
'46.#6.33.91':3128
'94.##9.164.51':3128
'11#.#11.33.11':3128
'95.##.78.162':3128
'18#.#58.47.38':3128
'12#.#53.55.242':3128
'62.#4.60.29':3128
'88.##4.155.126':3128
'18#.#3.239.66':3128
'60.##4.31.107':3128
'78.#.251.26':3128
'19#.#06.13.11':3128
'94.##9.163.127':3128
'18#.#9.214.28':3128
'2.###.68.238':3128
'92.##.128.49':3128
'91.##9.161.19':3128
'18#.#31.68.156':3128
'19#.#06.215.187':3128
'11#.#95.98.226':3128
'95.##.206.125':3128
'18#.#4.180.52':3128
'19#.#4.226.103':3128
'41.##0.128.102':3128
'49.##7.88.148':3128
'19#.#06.9.113':3128
'18#.#0.156.17':3128
'24.#.81.55':3128
'31.##9.6.110':3128
'18#.#18.83.67':3128
'11#.#39.226.83':3128
'17#.#8.157.44':3128
'77.##6.121.235':3128
'2.##4.37.6':3128
'17#.#1.115.187':3128
'95.##9.216.233':3128
'95.##.194.226':3128
'18#.#30.19.144':3128
'77.##6.41.235':3128
'92.##.211.181':3128
'11#.#18.14.148':3128
'2.###.41.212':3128
'18#.#3.234.233':3128
'24.##.214.120':3128
'41.##0.160.142':3128
'19#.#9.137.69':3128
'18#.#8.177.164':3128
'21#.#29.34.119':3128
'18#.#35.179.58':3128
'10#.#94.24.114':3128
'19#.#06.235.29':3128
'18#.#8.202.222':3128
'18#.#3.79.22':3128
'95.##.248.215':3128
'5.##8.9.223':3128
'95.##9.216.202':3128
'11#.#13.35.161':3128
'2.###.101.150':3128
'95.##9.216.228':3128
'20#.#10.28.70':3128
'41.##9.115.7':3128
'95.##.155.60':3128
'11#.#18.100.231':3128
'59.##.210.76':3128
'19#.#55.212.200':3128
'92.##.164.62':3128
'21#.#6.20.119':3128
'18#.#4.199.123':3128
'2.###.108.249':3128
'15#.#55.32.160':3128
'89.##5.53.154':3128
'5.###.226.162':3128
'95.##9.216.23':3128
'41.##0.128.34':3128
'19#.#8.121.46':3128
'95.##.213.106':3128
'93.##2.242.238':3128
'37.##.128.59':3128
'18#.#90.159.77':3128
'2.##9.49.22':3128
'2.###.14.208':3128
'95.##.177.130':3128
'78.##1.10.80':3128
'95.##.196.158':3128
'18#.#60.11.204':3128
'93.##2.232.50':3128
'41.##3.203.9':3128
'10#.#09.53.111':3128
'11#.#06.93.9':3128
'19#.#8.22.163':3128
'95.##2.239.33':3128
'18#.#35.185.6':3128
'77.##2.113.237':3128
'17#.#36.46.162':3128
'94.#5.55.95':3128
'18#.#8.194.37':3128
'5.##8.5.7':3128
'19#.#00.22.228':3128
'19#.#11.55.30':3128
'20#.#43.119.48':3128
'78.##.124.131':3128
'95.##.203.231':3128
'18#.#88.43.76':3128
'81.##0.185.150':3128
'91.##9.160.233':3128
'2.###.200.133':3128
'49.##6.35.154':3128
'11#.#3.158.186':3128
'11#.#10.96.11':3128
'11#.#21.244.198':3128
'74.#15.3.63':3128
'27.#.176.77':3128
'85.##.141.88':3128
'2.###.155.228':3128
'19#.#01.236.5':3128
'18#.#3.228.32':3128
'41.##3.223.231':3128
'18#.#7.136.113':3128
'11#.#14.6.244':3128
'15#.#81.165.127':3128
'19#.#05.22.155':3128
'20#.#22.53.220':3128
'17#.88.92.0':3128
'18#.#0.20.131':3128
'31.##0.48.196':3128
'20#.#7.125.207':3128
'19#.#99.196.179':3128
'18#.#4.22.82':3128
'91.##9.161.36':3128
'37.##0.251.122':3128
'18#.#59.213.153':3128
'2.###.239.192':3128
'1.###.119.191':3128
'2.###.240.75':3128
'95.##9.216.104':3128
'59.##.229.119':3128
'5.###.170.98':3128
'5.###.204.145':3128
'20#.#43.99.213':3128
'5.###.230.253':3128
'11#.#35.148.90':3128
'2.###.100.221':3128
'2.##2.19.75':3128
'19#.#04.237.84':3128
'18#.#35.184.225':3128
'20#.#11.110.201':3128
'20#.#09.196.15':3128
'95.##.181.38':3128
'41.##0.164.177':3128
'5.###.53.168':3128
'78.##.250.158':3128
'20#.#4.227.162':3128
'18#.#8.202.206':3128
'19#.#8.176.99':3128
'5.###.15.250':3128
'2.###.199.48':3128
'93.##8.128.93':3128
'18#.#6.236.106':3128
'95.##.100.35':3128
'5.###.25.195':3128
'20#.#.158.150':3128
'17#.#0.237.73':3128
'17#.#8.215.169':3128
'11#.#44.108.162':3128
'77.##6.121.176':3128
'20#.#43.159.242':3128
'11#.#95.122.27':3128
'91.##9.162.2':3128
'17#.#9.62.111':3128
'41.##0.154.94':3128
'19#.#1.204.54':3128
'18#.#35.176.124':3128
'11#.#10.1.54':3128
'77.##.218.71':3128
'18#.#9.240.164':3128
'11#.#06.91.205':3128
'20#.#4.136.13':3128
'19#.#6.197.67':3128
'19#.#22.40.178':3128
'19#.#05.154.165':3128
'19#.#4.245.99':3128
'92.##.134.246':3128
'46.##.235.34':3128
'95.##.209.196':3128
'5.##8.0.42':3128
'19#.#00.23.197':3128
'93.##9.213.7':3128
'36.#4.31.90':3128
'49.##9.132.115':3128
'94.##5.186.57':3128
'61.##.86.209':3128
'20#.#6.41.147':3128
'19#.#7.47.73':3128
'11#.#18.145.214':3128
'95.##.234.125':3128
'19#.#00.20.2':3128
'37.##.181.242':3128
'18#.#60.47.6':3128
'20#.#64.129.106':3128
'86.##5.218.108':3128
'5.###.198.232':3128
'92.#6.42.42':3128
'80.##.238.93':3128
'19#.#01.171.160':3128
'11#.#19.204.177':3128
'2.###.239.198':3128
'2.###.46.179':3128
'11#.#04.160.116':3128
'21#.#6.20.23':3128
'91.##9.160.225':3128
'78.#8.2.107':3128
'2.###.123.144':3128
'37.##8.240.79':3128
'10#.#17.94.197':3128
'61.#.56.87':3128
'2.###.109.72':3128
'41.##0.228.219':3128
'11#.#3.158.188':3128
'18#.#9.188.49':3128
'18#.#88.19.38':3128
'95.##.15.252':3128
'19#.#1.205.82':3128
'17#.#0.254.108':3128
'19#.#1.205.178':3128
'78.##9.41.123':3128
'19#.#24.216.94':3128
'18#.#9.208.138':3128
'2.##8.58.91':3128
'77.##6.66.95':3128
'91.##9.161.45':3128
'19#.#22.113.143':3128
'12#.#38.125.24':3128
'95.##9.216.88':3128
'18#.#31.29.109':3128
'84.##0.210.231':3128
'78.#8.20.65':3128
'2.###.156.225':3128
'11#.#95.100.82':3128
'20#.#0.39.12':3128
'2.###.226.187':3128
'2.###.133.88':3128
'19#.#8.127.140':3128
'19#.#12.75.35':3128
'41.##0.181.172':3128
'2.##0.5.82':3128
'95.##9.217.188':3128
'5.###.151.251':3128
'11#.#18.106.122':3128
'18#.#60.40.146':3128
'95.##0.211.175':3128
'18#.#88.44.179':3128

UDP:

DNS ASK 41.ttp

Другое:

Ищет следующие окна:

ClassName: 'Indicator' WindowName: '(null)'

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней