Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- MD5 Hashes:
- ===========
- MD5 (0) = d41d8cd98f00b204e9800998ecf8427e
- MD5 MD5 (0cdfe991b7/kntd.exe) = f83d03095067d0155c36311c259b19fb
- MD5 (21347976566547_5194481500343.vbs) = 7a932aa015f4c0da5ac4de90685c88af
- MD5 (3.exe) = d47612c3c48cb18b7b2620c97a9593ea
- MD5 (7767.bin) = 7ea90f22b7ca6b54de6e213cf6f0ba99
- MD5 (1BE.bin) = 6833db0181a98622028323a774aa2252
- MD5 (fVkDJhq) = fb89b055d351ec5dccf4e76084c4a71d
- MD5 (uFqmcspqI.exe) = f83d03095067d0155c36311c259b19fb
- Munin Results:
- ==============
- Online Hash Checker for Virustotal and Other Services
- Florian Roth - 0.13.0 April 2019
- [+] Writing results to new file: check-results_Desktop.csv
- [ ] Processing kntd.exe ...
- [ ] Processing 3.exe ...
- [ ] Processing 0 ...
- [ ] Processing fVkDJhq ...
- [ ] Processing 1BE.bin ...
- [ ] Processing 21347976566547_5194481500343.vbs ...
- [ ] Processing 7767.bin ...
- [ ] Processing uFqmcspqI.exe ...
- [+] Processing 8 lines ...
- 1 / 8 > Unknown
- HASH: 47623100c9c9b63dc5782e5510e695f1ae274b2c70e6a1f0215409bfc38d46ae COMMENT: kntd.exe
- RESULT: - / -
- [!] Sample on ANY.RUN URL: https://any.run/report/47623100c9c9b63dc5782e5510e695f1ae274b2c70e6a1f0215409bfc38d46ae
- 2 / 8 > Malicious
- HASH: 416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980 COMMENT: 3.exe
- VIRUS: Microsoft: Trojan:Win32/Wacatac.B!ml / CrowdStrike: win/malicious_confidence_90% (D) / Symantec: ML.Attribute.HighConfidence
- TYPE: - FILENAMES: -
- FIRST: - LAST: 2019-07-23 18:14:26 COMMENTS: 0 USERS: -
- RESULT: 19 / 67
- [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980/
- [!] URLHaus info TYPE: exe FIRST_SEEN: 2019-07-23 18:18:04 LAST_SEEN: 2019-07-23 20:37:07 URL_COUNT: 1
- [!] URLHaus STATUS: online URL: http://nanohair.com.au/wp-content/plugins/wordpress-seo/inc/3.exe
- [!] Sample on ANY.RUN URL: https://any.run/report/416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980
- 3 / 8 > Clean
- HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 COMMENT: Desktop/0
- TYPE: - FILENAMES: -
- FIRST: - LAST: 2019-07-23 20:25:58 COMMENTS: 0 USERS: -
- RESULT: 0 / 62
- [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/
- [!] URLHaus info TYPE: unknown FIRST_SEEN: 2018-03-21 05:29:38 LAST_SEEN: 2018-07-11 15:20:02 URL_COUNT: 576
- [!] URLHaus STATUS: offline URL: http://46.161.40.93/alpine/svchost.exe
- [!] URLHaus STATUS: offline URL: http://tehranring.com/Greeting-messages/
- [!] URLHaus STATUS: offline URL: http://www.dnaadv.org/u6/
- [!] URLHaus STATUS: offline URL: http://www.dnaadv.org/apcfNQgg/
- [!] URLHaus STATUS: offline URL: http://dnaadv.org/u6/
- [!] URLHaus STATUS: offline URL: http://www.lddspt.com/Congratulations/
- [!] Sample on ANY.RUN URL: https://any.run/report/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- [!] Sample on CAPE sandbox URL: https://cape.contextis.com/analysis/84959/
- 4 / 8 > Unknown
- HASH: 15277d0deb8a33290f90c65c9667c98e9fadb50250449826c496b286ce061a23 COMMENT: fVkDJhq
- RESULT: - / -
- 5 / 8 > Unknown
- HASH: 580eb7b45a7b90c82f4efab3f7fe43f8f48b077e6e490e9c1a061e0173c2e78b COMMENT: 1BE.bin
- RESULT: - / -
- 6 / 8 > Unknown
- HASH: 93c16093653078cdc57697e5e316295ef06ce84acb28d6695ce3662f3df98ca3 COMMENT: 21347976566547_5194481500343.vbs
- RESULT: - / -
- 7 / 8 > Unknown
- HASH: 55bf42c2c94d6dd990656bbb192e23b058ba8477357c0f0d7cbd879474051823 COMMENT: 7767.bin
- RESULT: - / -
- 8 / 8 > Unknown
- HASH: 47623100c9c9b63dc5782e5510e695f1ae274b2c70e6a1f0215409bfc38d46ae COMMENT: uFqmcspqI.exe
- RESULT: - / -
- [!] Sample on ANY.RUN URL: https://any.run/report/47623100c9c9b63dc5782e5510e695f1ae274b2c70e6a1f0215409bfc38d46ae
- $ tshark -nr /2019-07-23-Amadey-Hancitor.pcap -T fields -e ip.src -e http.host -e tls.handshake.extensions_server_name -e http.request.full_uri -Y "http.request or tls.handshake.extensions_server_name" | sort | uniq -c
- 3 192.168.1.105 129.226.63.136 http://129.226.63.136/favicon.ico
- 1 192.168.1.105 cd.pranahat.at http://cd.pranahat.at/jvassets/o1/s64.dat
- 25 192.168.1.105 forrolrestons.ru http://forrolrestons.ru/f5lkB/index.php
- 24 192.168.1.105 hersdintfortho.ru http://hersdintfortho.ru/f5lkB/index.php
- 1 192.168.1.105 nanohair.com.au http://nanohair.com.au/wp-content/plugins/wordpress-seo/inc/3.exe
- 2 192.168.1.105 nanohair.com.au http://nanohair.com.au/wp-content/plugins/wordpress-seo/inc/p.exe
- 26 192.168.1.105 retredmuchwas.com http://retredmuchwas.com/f5lkB/index.php
- 1 192.168.1.105 retredmuchwas.com http://retredmuchwas.com/mlu/forum.php
- 3 192.168.1.105 www.bing.com http://www.bing.com/favicon.ico
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/6vyzxmDr/aCYlRHp3PAkcPYUc6KSe9NF/ouHM_2F3pl/JUs_2F2Rundotz28k/H5ZBPuLOrBGK/LuYJyiIhHtN/BeFWJXJoKHVdc2/0LeLEo3ePGJ3OiH341S7D/soJNl8miHhA3GV0t/JvO56fDtLatdkxB/8PN0_2BA1FGGNyy08M/yaqk1X4w6/14OVushP6iOFQ1uamAFA/w0xWXbvCDts1DadMBOC/xY7kOuL
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/7Ih0tWYT8BqcM0/2mFnY5o38EQJWdUGM3Wa6/XpPCOykF9XYDYJqh/UjVeUzmYzSxeDeH/D2anPOSOZo4AXX6MS_/2B6NWtquh/zungTOJv9n1KZTckcJof/N34U1puUtqYfhA5KT_2/BoYnkEUt00xxlujKCnBuYV/LbUDajfyNq0xd/1_2BLNRQ/RZDz7F6lAkE6BGiQN5bFvsW/NcuXpPcpYi/sBc5LRowYOAygmDo0/PLwlAsptOjit/KtSZ
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/F6imATubsjTwQpFEziRK2K/azWu0fJ5xs5LZ/KA9AYdG9/pUIalQE5_2FmB3wElP4vXYB/TKEDk6wqdv/2SFgIdZ55HA4BUiB6/aCqA1WTOnwwX/_2Beki_2FT4/fbVUITgudKHgRO/PYGD2o7r9lbQl55g8z_2F/pwMQko4f7vPbfsmN/B_2F15q0CVDoaUI/qpG7KSUGQy0s5x5BC7/u9DCavDHZ/RvSqnU_2BTu3ZCGSBzKq/tc2744isnWk0SU2oU5e/3ZCVJw4T9M6pghsL_0A_0D/yDIa
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/H50URNOMDpOZnnjh5Wq_/2FG_2BreHCTkdAzuIRH/AwrDorZOVR3Y5OSiXtFpoT/o3EwJQyazoQ8t/EcGAQvDI/10OGBd3R1PjW2RW4RJMiIJu/ly29UZFgy9/G3O6VMDJ2JoKDLG6f/wSIOzFssQqKO/FnvN9Qpu_2B/WKwt7rab6k_2Fw/sB4E3tIPjOoZ0vQkN9T8c/93PVIzmcRpi_2Fwi/hXavF8SFnCQAELe/cCb2YGTUUcwKARVInh/jxyPfn2fl/Iydu5TAHr1xdec_0A_0D/yyLk
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/HKo3cpLjRW7SZygE_2B81E/XlDhziAN8xOuk/bhyJCVGY/LJgQoOlOS6wjx0u8V8w9pnU/xDn2viiBSG/PETvDxRAIUf7y7P0O/Bz7Y_2BtOT8n/4PjQI2D0bxG/XxZ_2FNhM3Ufjz/cChi2l3rD6NBfi1sd0usE/jWIa7UEy9BplhLPy/BEJA21Fud_2Boji/Ammk_2Batl7IgAs8w3/V33manwBo/bwls3CeY/qc47p9o
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/PugKgziiAU5/XrvRNRxdvEFEoT/2TH_2BD5YFY_2FH4A_2BM/KlN04HCbmY1dZiYy/PSnxgGa8yjvOLBh/Xr4OHsqQhAhfe0PFSP/ttadHYZLQ/1paRXnlWlexdEPlBrPRm/feUewxl_2FWL3jAlhDv/MLig_2BL3RBysp_2BBsnP6/1MAsseAkDFD_2/FaEuyWvi/NKAK8JLzIw3tWuVGo7CWGBJ/PST6m9KKqu/Wd6oNa_2BHL4ujBnS/xHN2_2BHx7Lm/OKQGrr_2BrG/KoNpBBnU/lRjzU_0A_0/Dz1ZX
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/fWBy18rG_2Bog9uY/RX9LJuRS3pKkq_2/FICMcvBAWpJDGgGZTZ/g4KDbU2GH/TVyBl8_2F8iGuq_2Blfe/4N8Hdy0pU52D_2BpCvT/ppkvVybnJZ0Zr_2FlR_2Fl/_2FX0hD56_2FC/dtPt2rhu/BJjlkHYeVPEEhbJf5eyS6YQ/x1raUzUxd_/2FesJA3qqLNB2unRh/Pw9Q5I564MWC/qpzx9_2Fyiu/woUl_2FE1TlqZJ/qIDSXzVDfn8BKsVaVJa5F/kAWQWzHGyJM7_2BF/VKnUxldQSVmgH7_/0A_0Dpbr/x
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/guz_2BQzd4KBsEP/rdEbMAzLSH9BDLLFW5/RuUSs_2BZ/FsinaSR8ELClTm_2BcbD/j8v3r0VI7fddcA_2Fjp/JKlNzgrqu_2Ft6Q6jge4FI/73uVlHHKNfQZG/i31DX6Ka/XVDIrkwYiph5behTeYviFfh/cmhKFDchv_/2FeDhlmtSCTh1lw11/C9LLZ2xSBgD8/W6JAgLJ9oy7/p35erywJVIvAoC/gpwv8uGh4vZ_2FI7ZtxWF/qib43ylM/ykvZ6wrW/m
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/mZep6BMxMGXlEhdu/uChDlwglbxP3wFC/qzpPcOcMp2JTPxwRvV/WUQL20Myu/kZDG9SFiN_2BHQFkz5s0/f6_2BJukrxEFrF1iYGx/Us1Hga15pSUbkltZIgI4_2/BZXoRjJoW5_2F/SIJfCRRc/Om5oYqCUKhGWCOEl_2FivQL/KUv1xqhpBJ/DP3gKgZLL5amScBuD/XCAwwBCoiI_2/Fw6iCryIu4e/fApUn2Iz9k0pU_/2B4IfN3ggfpWAATGb2LPp/N8Gq8uO4Aeuyg9Kz/bK_0A_0DxAm/Y
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/qM6LO_2BTWLFlo/k1fY3gICYFo1bSmvYpXHG/ggq8Dh9qPr45Ga40/IunfSKoDGhUFLOk/xlH03Jy_2F_2B0OPv7/D2Vg9xU4l/FUnYTSUSncXfOj6A4ddO/c1uGMC9JWShRWkTBIEC/J2bNJzffqK_2F1nIDyJe4f/IbiGXQYbao4x9/lYc5COBm/12B_2FOvWYFZHTkTTvNvNJM/gmVjRvTu3G/IHtWctv1Ry_2BE_2B/fn6TiQ8bcc_2/BSC1dCpz7RM/r_2F7alpSJnKmu/GA8qQKBy_0A_0/DLw_2BB
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/wHmhL0VF/mM1zNlPXmVtMvSRl6Gn6tAz/rzVDaIgOcd/z_2FBkOAExFOA5q_2/B35vS0UpU2AO/gm7R5jv_2Fn/jcahxt2Zi0lRmA/yknlNnMnDXtDb3DZei6xj/58NK_2BrSuqWpO4i/CfdxFJ2jkClDIhR/SWI5LZ4mxXST_2BIKy/UsNq6CwDO/5AyaU3aU8oKIbx5NR54S/kMFbmWgsZ8CKFaWjf0b/X_2B5bhjWOH762Vn5Q_2BQ/ULyFI5N1zAJTI/iNBj_2FF/D8jghNqTg0T1_0A_0D_2BdV/8
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/y3aBfqd5pYXkb7jWCJcP/X9XNLtyAEgOCH_2FvRY/gZt5M6jKKpp_2F56HgCbKc/rZPNJ8zfEq2Tv/iK_2BjwU/H1Q3sxCPixcs5_2BbmScOM9/PMlupGosLV/YqVesrLmHP7THuO4l/78OC28Dw1LfV/h3rHe9rb4_2/FGoxF7O9AYTvNI/iAwD4_2B7rSvrih8_2FBR/beYKSe84vvkmHKB1/kdXFJg6UWih_2FQ/fFKQIMlxyAMXDEcJE6/7c5XNNZWi/ufudGgof1H_2Br1VBXH3/9u_0A_0DWBH/0
- 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/yxAyKXl6j6cD6AzH/kR2Fw29f3NdmWpf/a_2FbB4IJpJfH9dJlV/orTN5y4Bn/h_2FEy8cThTHuMg6nU4t/_2BZY8uJ3_2BhQff8RV/UYcppfduDbJPTRdp0LMiVo/kdesg4XBGvC_2/FpQ8rnYr/vhdLEokB8RK0wATtZ1NIv_2/BGSNT8S8o7/Pvzg4rXfHZfV4o7Mm/tyrkJrecBUfJ/V1Q0Rukc_2F/MW8fUpqGQLPzGw/BdCSDOGmx7XCxURt_2BeC/mJbjyYWFiJuRX4nc/CSWt_0A_0Dk/lJl
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement