Event ID - 51966

Port No51966
Service NameCafeini
RFC Doc0
ProtocolTCP
DescriptionWorks on Windows 95, 98, NT and 2000. Telnet can also be used as client.
Reference LinkCafeini
AttackRegisters:
HLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_ MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOne\
HLM\Sof tware\Microsoft\Windows\CurrentVersion\RunServices\
HLM\Software\ Microsoft\Windows\CurrentVersion\RunServicesOnce\
HCU\Software\Mic rosoft\Windows\CurrentVersion\Run\
HCU\Software\Microsoft\Windows\ CurrentVersion\RunOnce\
HCU\Software\Microsoft\Windows\CurrentVers ion\RunServices\
HCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

Files:
Cafeini_polish.zip - 121,628 bytes Cafeini0.8.zip - 250,361 bytes Cafeini0.9.zip - 281,752 bytes Cafein10.zip - 377,898 bytes Cafeini1.1.zip - 395,170 bytes Cafeini.exe - 122,880 bytes Cafeini.exe - 142,848 bytes Cafeclnt.exe - 132,608 bytes Cafeclnt.exe - 143,872 bytes Cafeiniclient.exe - 158,720 bytes Cafeiniclient.exe - 163,840 bytes Cafeiniconfig.exe - 72,192 bytes Cafeiniserver.exe - 153,600 bytes Cafeiniserver.exe - 165,888 bytes Cafe08pl.exe - 123,904 bytes Rundll32.exe - Bygotit.exe - Hemany.exe - Mutihaka.exe - Pazymi.exe - Wilokyl.exe -

Actions:
Remote Access
It kills more than 20 antivirus programs in memory and also four dedicated antitrojan softwares. The trojan can redirect ports and connect to several servers at the same time. It can also be used as a port scanner. Cafeini can also take another programĀ“s place in the Registry. The server will automatically be updated using HTTP.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.