Trojan.DownLoader22.65304

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Lantern' = '"<Полный путь к файлу>" -startup'

Вредоносные функции:

Запускает на исполнение:

'%APPDATA%\byteexec\pac-cmd.exe' on http://12#.#.0.1:16823/proxy_on.pac?14#################

Изменения в файловой системе:

Создает следующие файлы:

%TEMP%\systray_temp_icon334182167
%APPDATA%\Lantern\lantern-9999.99.99.yaml
%APPDATA%\byteexec\pac-cmd.exe
%APPDATA%\byteexec\certimporter.exe
%APPDATA%\systray\systray.dll
%APPDATA%\Lantern\logs\lantern.log

Сетевая активность:

Подключается к:

'54.##2.181.78':443
'54.##2.201.66':443
'54.##2.221.251':443
'54.##2.201.233':443
'54.##2.201.174':443
'54.##2.215.201':443
'54.##2.206.152':443
'54.##2.211.139':443
'54.##2.199.246':443
'54.##2.205.181':443
'54.##2.198.123':443
'54.##2.198.59':443
'54.##2.218.219':443
'54.##2.193.107':443
'54.##2.222.16':443
'54.##2.220.65':443
'54.##2.233.221':443
'54.##2.196.237':443
'54.##2.203.163':443
'54.##2.201.87':443
'54.##2.223.115':443
'54.##2.198.45':443
'54.##2.201.202':443
'54.##2.233.132':443
'54.##0.254.165':443
'54.##2.182.48':443
'54.##2.207.138':443
'54.##2.196.225':443
'54.##2.223.38':443
'54.##2.200.3':443
'54.##2.220.158':443
'54.##2.203.186':443
'54.##2.205.147':443
'54.##2.222.73':443
'54.##2.222.242':443
'54.##2.222.71':443
'54.##2.222.193':443
'54.##2.198.38':443
'54.##2.220.216':443
'54.##2.194.211':443
'54.##2.202.227':443
'54.##2.216.57':443
'54.##2.205.240':443
'54.##2.195.115':443
'54.##2.156.214':443
'54.##2.195.102':443
'54.##2.206.74':443
'54.##0.254.194':443
'54.##2.221.10':443
'54.##0.254.225':443
'54.##2.216.181':443
'54.##2.233.40':443
'54.##2.210.114':443
'54.##2.215.48':443
'54.##2.207.168':443
'54.##2.156.82':443
'54.##2.206.128':443
'54.##2.207.172':443
'54.##2.198.121':443
'54.##2.209.221':443
'54.##0.191.103':443
'54.##2.207.43':443
'54.##2.156.12':443
'54.##2.174.43':443
'54.##2.156.156':443
'54.##0.254.141':443
'54.##2.197.205':443
'54.##2.210.210':443
'54.##2.216.169':443
'54.##2.200.121':443
'54.##2.206.13':443
'54.##2.222.183':443
'54.##2.203.161':443
'54.##2.198.244':443
'54.##2.202.170':443
'54.##2.218.126':443
'54.##2.219.49':443
'54.##2.207.156':443
'54.##0.149.217':443
'54.##2.218.70':443
'54.##2.209.86':443
'54.##2.201.234':443
'54.##2.226.49':443
'54.##2.196.7':443
'54.##2.201.91':443
'54.##2.203.195':443
'54.##2.210.157':443
'54.##0.254.85':443
'54.##0.254.175':443
'54.##2.205.123':443
'54.##2.211.175':443
'54.##2.219.142':443
'54.##2.198.218':443
'54.##2.203.98':443
'54.##2.219.216':443
'54.##2.197.88':443
'54.##2.195.74':443
'54.##2.216.225':443
'54.##2.210.43':443
'54.##2.219.143':443
'54.##2.205.171':443
'54.##2.215.216':443
'54.##2.156.62':443
'54.##2.222.139':443
'54.##2.221.134':443
'54.##2.178.35':443
'54.##2.174.8':443
'54.##2.156.207':443
'54.##2.220.142':443
'54.##2.200.156':443
'54.##2.196.221':443
'54.##2.202.57':443
'54.##2.218.14':443
'54.##0.191.220':443
'54.##2.194.221':443
'54.##2.200.107':443
'54.##2.211.58':443
'54.##2.207.201':443
'54.##0.149.249':443
'54.##2.197.44':443
'54.##2.203.74':443
'54.##2.198.43':443
'54.##2.194.219':443
'54.##2.200.109':443
'54.##2.219.52':443
'54.##2.198.91':443
'54.##2.201.166':443
'13#.#9.240.135':32212
'13#.#9.240.127':443
'54.##2.224.5':443
'54.##2.207.104':443
'54.##2.205.21':443
'54.##2.216.85':443
'54.##2.215.26':443
'54.##2.216.142':443
'54.##0.212.58':443
'54.##2.207.52':443
'54.##2.198.11':443
'54.##2.203.111':443
'54.##2.181.85':443
'54.##2.219.96':443
'54.##2.207.246':443
'54.##2.221.54':443
'54.##0.212.97':443
'54.##2.176.40':443
'54.##2.200.113':443
'54.##2.222.250':443
'54.##2.216.205':443
'54.##2.218.80':443
'54.##2.210.165':443
'54.##2.198.238':443
'54.##0.254.182':443
'54.##2.228.45':443
'54.##2.218.192':443
'54.##0.212.193':443
'54.##2.207.173':443
'54.##2.193.177':443
'54.##2.195.152':443
'54.##0.254.44':443
'54.##2.193.44':443
'54.##2.220.143':443
'54.##2.223.236':443
'54.##2.192.116':443
'54.##2.197.219':443
'54.##2.203.99':443
'54.##2.203.138':443
'54.##2.202.84':443
'54.##2.205.104':443
'54.##2.211.156':443
'54.##2.198.31':443
'54.##2.211.39':443
'54.##2.219.16':443
'54.##2.223.189':443
'54.##2.181.130':443
'54.##2.211.124':443
'54.##2.195.106':443
'54.##0.212.190':443
'54.##2.222.217':443
'54.##2.174.16':443
'54.##2.201.32':443
'54.##2.197.187':443
'54.##2.221.106':443
'54.##2.203.33':443
'54.##2.209.59':443
'54.##2.210.59':443
'54.##2.216.242':443
'54.##2.181.139':443
'54.##2.220.134':443
'54.##0.254.118':443
'54.##2.200.94':443
'54.##2.198.110':443
'54.##2.201.149':443
'54.##2.218.214':443
'54.##2.205.68':443
'54.##2.218.200':443
'54.##2.218.38':443
'54.##2.221.147':443
'54.##2.216.135':443
'54.##2.219.95':443
'54.##2.206.23':443
'54.##2.162.18':443
'54.##2.222.227':443
'54.##2.209.45':443
'54.##2.215.11':443
'54.##2.198.80':443
'54.##2.222.230':443
'54.##2.223.30':443
'54.##2.218.51':443
'54.##2.181.82':443
'54.##2.196.187':443
'54.##2.202.31':443
'54.##2.202.37':443
'54.##2.215.3':443
'54.##2.178.49':443
'54.##2.207.40':443
'54.##2.209.61':443
'54.##2.193.125':443
'54.##2.201.232':443
'54.##2.233.26':443
'54.##2.181.19':443
'54.##0.191.127':443
'54.##2.199.43':443
'54.##2.181.168':443
'54.##0.191.65':443
'54.##2.223.62':443
'54.##2.182.43':443
'54.##2.215.147':443
'54.##2.198.165':443
'54.##2.201.199':443
'54.##2.221.8':443
'54.##2.223.169':443
'54.##2.224.36':443
'54.##2.215.166':443
'54.##2.199.81':443
'54.##2.216.253':443
'54.##2.210.84':443
'54.##0.212.200':443
'54.##2.206.222':443
'54.##2.197.172':443
'54.##2.196.182':443
'54.##2.233.57':443
'54.##2.193.76':443
'54.##2.195.160':443
'54.##2.201.27':443
'54.##2.206.10':443
'54.##2.181.45':443
'54.##2.206.126':443
'54.##2.217.208':443
'54.##2.219.251':443
'54.##2.211.16':443
'54.##2.221.248':443
'54.##2.203.112':443
'54.##2.198.75':443
'54.##2.217.12':443
'54.##2.203.77':443
'54.##0.254.87':443
'54.##2.196.143':443
'54.##2.195.238':443
'54.##2.207.10':443
'54.##2.223.48':443
'54.##2.216.189':443
'54.##2.203.203':443
'54.##2.215.208':443
'54.##2.198.182':443
'54.##2.216.7':443
'54.##2.197.244':443
'54.##2.209.22':443
'54.##2.195.4':443
'54.##2.210.183':443
'54.##2.203.248':443
'54.##2.193.231':443
'54.##2.196.141':443
'54.##2.200.130':443
'54.##2.203.134':443
'54.##0.254.5':443
'54.##2.192.20':443
'54.##2.197.237':443
'54.##2.156.50':443
'54.##2.223.110':443
'54.##2.211.83':443
'54.##2.203.229':443
'54.##2.195.124':443
'54.##2.233.80':443
'54.##2.196.222':443
'54.##2.215.49':443
'54.##0.191.204':443
'54.##2.198.200':443
'54.##2.216.230':443
'54.##2.221.223':443
'54.##2.210.172':443
'54.##2.194.152':443
'54.##2.206.149':443
'54.##2.201.26':443
'54.##2.233.120':443
'54.##2.198.120':443
'54.##2.206.6':443
'54.##2.219.118':443
'54.##2.218.117':443
'54.##2.193.151':443
'54.##2.210.115':443
'54.##2.200.222':443
'54.##2.201.137':443
'54.##2.195.65':443
'54.##2.193.97':443
'54.##2.199.12':443
'54.##2.202.182':443
'54.##0.254.178':443
'54.##2.198.251':443
'54.##2.150.6':443
'54.##2.228.7':443
'54.##0.191.121':443
'54.##0.212.196':443
'54.##2.206.87':443
'54.##2.219.237':443
'54.##2.196.35':443
'54.##2.211.159':443
'54.##2.203.219':443
'54.##2.192.82':443
'54.##2.195.168':443
'54.##2.156.169':443
'54.##2.207.167':443
'54.##2.202.72':443
'54.##2.198.141':443
'54.##2.156.53':443
'54.##2.194.250':443
'54.##2.198.249':443
'54.##2.198.208':443
'54.##2.218.245':443
'54.##2.198.68':443
'54.##2.199.55':443
'54.##2.201.219':443
'54.##2.142.239':443
'54.##2.194.32':443
'54.##2.193.226':443
'54.##2.166.45':443
'54.##2.202.207':443
'54.##2.216.22':443
'54.##2.217.70':443
'54.##2.233.10':443
'54.##2.196.106':443
'54.##2.195.221':443
'54.##2.220.13':443
'54.##0.191.225':443
'54.##2.210.170':443
'54.##2.222.138':443
'54.##2.142.236':443
'54.##2.181.153':443
'54.##2.178.8':443
'54.##2.207.211':443
'54.##2.193.47':443
'54.##0.254.195':443
'54.##2.202.203':443
'54.##2.181.86':443
'54.##2.199.63':443
'54.##2.200.29':443
'localhost':8787
'54.##2.156.146':443
'54.##2.221.216':443
'54.##2.220.190':443
'54.##2.203.70':443
'54.##2.228.9':443
'54.##2.211.108':443
'54.##2.200.43':443
'54.##2.195.157':443
'54.##2.193.55':443
'54.##0.149.98':443
'54.##2.223.149':443
'54.##2.192.5':443
'54.##2.218.24':443
'54.##2.197.178':443
'54.##2.215.116':443
'54.##2.233.35':443
'54.##2.209.95':443
'54.##2.210.78':443
'54.##2.209.240':443
'54.##2.216.217':443
'54.##2.182.42':443
'54.##2.193.172':443
'54.##2.220.56':443
'54.##0.212.224':443
'54.##2.182.4':443
'54.##2.217.48':443
'54.##2.219.81':443
'54.##2.202.177':443
'54.##2.217.158':443
'54.##0.162.99':443
'54.##2.233.235':443
'54.##2.202.215':443
'54.##2.205.79':443
'54.##2.201.34':443
'54.##2.198.101':443
'54.##2.193.91':443
'54.##2.196.207':443
'54.##2.211.143':443
'54.##2.223.254':443
'54.##0.212.225':443
'54.##2.222.189':443
'54.##2.215.221':443
'54.##0.212.60':443
'54.##2.181.191':443
'54.##0.191.149':443
'54.##2.178.41':443
'54.##2.205.70':443
'54.##2.216.35':443
'54.##2.202.165':443
'54.##2.207.166':443
'54.##2.210.6':443
'54.##2.207.213':443
'54.##2.205.237':443
'54.##2.198.178':443
'54.##2.209.9':443
'54.##2.194.108':443
'54.##2.206.113':443
'54.##2.198.152':443
'54.##2.223.185':443
'54.##2.192.155':443
'54.##2.197.13':443
'54.##2.206.250':443
'54.##2.198.100':443
'54.##2.207.3':443
'54.##2.218.143':443
'54.##2.217.155':443
'54.##2.215.34':443
'54.##2.156.64':443
'54.##2.201.54':443
'54.##2.195.186':443
'54.##2.199.59':443
'54.##2.205.185':443
'54.##2.202.34':443
'54.##2.199.176':443
'54.##2.205.143':443
'54.##2.211.32':443
'54.##2.156.130':443
'54.##2.198.171':443
'54.##2.200.245':443
'54.##2.182.41':443
'54.##2.197.201':443
'54.##2.219.58':443
'54.##2.195.153':443
'54.##2.164.5':443
'54.##2.233.128':443
'54.##2.223.246':443
'54.##2.217.51':443
'54.##2.203.16':443
'54.##2.184.46':443
'54.##2.221.99':443
'54.##2.219.197':443
'54.##2.196.6':443
'54.##2.210.69':443
'54.##2.201.82':443
'54.##2.207.102':443
'54.##2.205.223':443
'54.##2.202.201':443
'54.##2.193.74':443
'54.##2.233.140':443
'54.##0.254.136':443
'54.##2.199.240':443
'54.##2.203.130':443
'54.##2.201.68':443
'54.##2.219.213':443
'54.##2.202.94':443
'54.##2.220.108':443
'54.##2.196.175':443
'54.##2.211.54':443
'54.##2.223.184':443
'54.##2.210.70':443
'54.##2.210.190':443
'54.##0.212.81':443
'54.##2.216.119':443
'54.##2.219.153':443
'54.##0.149.186':443
'54.##2.210.182':443
'54.##0.149.130':443
'54.##0.149.51':443
'54.##2.218.67':443
'54.##2.200.97':443
'54.##2.200.165':443
'54.##2.207.25':443
'54.##0.254.74':443
'54.##2.223.228':443
'54.##2.233.59':443
'54.##2.220.210':443
'54.##2.195.235':443
'54.##0.191.211':443
'54.##2.211.142':443
'54.##2.166.4':443
'54.##2.193.31':443
'54.##2.206.88':443
'54.##2.197.70':443
'54.##2.195.220':443
'54.##2.233.49':443
'54.##2.201.229':443
'54.##0.191.110':443
'54.##2.192.166':443
'54.##2.202.237':443
'54.##0.191.115':443
'54.##2.154.37':443
'54.##0.254.199':443
'54.##2.198.206':443
'54.##2.210.29':443
'54.##2.221.128':443
'54.##2.201.243':443
'54.##2.219.136':443
'54.##2.199.247':443
'54.##2.202.149':443
'54.##2.211.241':443
'54.##2.205.233':443
'54.##2.197.8':443
'54.##2.192.130':443
'54.##0.149.143':443
'54.##2.221.164':443
'54.##2.198.47':443
'54.##2.181.189':443
'54.##2.219.146':443
'54.##2.181.55':443
'54.##2.210.87':443
'54.##2.221.119':443
'54.##2.217.234':443
'54.##2.203.31':443

TCP:

Запросы HTTP GET:

http://co####.getiantem.org/cloud.yaml.gz?95################################## via localhost
http://ge#.##tiantem.org/lookup/ via localhost

Другое:

Изменяет значение AutoConfigURL на 'http://127.0.0.1:16823/proxy_on.pac?1476700698812500000'

Ищет следующие окна:

ClassName: 'Shell_TrayWnd' WindowName: ''

Технології

Терміни

Навчання

Міфи

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней