Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Shade #Troldesh #Ransomware
- ------------------------------------
- 19-07-2019
- ------------------------------------
- Main object- "a9ff0707063866fc955f90af8a98ad410ec9836a791115d3f997a6c01595532c.bin.gz"
- sha256 65efc840b5da7b5000e748a4bf76866d7926e13a229bf6761cd43a540203f525
- sha1 85f7aa58f3fe340a0a94914bad11d8249a85c071
- md5 db0cc9532d04dbe807f17667501cbd87
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\1c[1].jpg efc8a598d15f50646444551c6ff08cea8c3a173f307ecc0b42aaa94d043fba3a
- DNS requests
- domain whatismyipaddress.com
- domain ecoteh.fund
- domain whatsmyip.net
- Connections
- ip 195.208.1.167
- ip 128.31.0.39
- ip 194.109.206.212
- ip 158.58.170.183
- ip 142.54.162.114
- ip 91.250.84.156
- ip 104.16.154.36
- ip 104.18.35.131
- HTTP/HTTPS requests
- url http://ecoteh.fund/errordocs/style/1c.jpg
- url http://whatismyipaddress.com/
- url http://whatsmyip.net/
Add Comment
Please, Sign In to add comment