Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- MD5 (decoded ISFB client): 2f14a20e5495d8b8df2853c727c93864
- MD5 (decoded ISFB loader): 4d10ec332aa4a7001d8b46c1230f74de
- Bot ['2.18']
- Build ['01']
- Botnet/Group ID ['3008’, '3009']
- DGA TLDs ['com', 'ru', 'org']
- Server [’12’]
- Encryption key ['10291029JSJUYNHG']
- DGA CRC ['0x4eb7d2ca']
- DGA Base URL ['constitution.org/usdeclar.txt']
- Domains ['kokeadriab.com ', 'dhsiwyqdlskwsqo.com', 'hq92lmdlcdnandwuq.com']
- Path: ['/images/']
- 2nd Stage Domains:
- ovellonist.com/RUI/levond.php?l=fewk[1-7].xap
- frumiticur.com/RUI/levond.php?l=fewk[1-7].xap
Add Comment
Please, Sign In to add comment