Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Shade #Troldesh #Ransomware
- ----------------------------------
- 28-08-2019 IOC's
- ----------------------------------
- Main object- "2019cd186b96e56bc1855676caf88a3c8ecf7c10b8e9e51be724a14c9233e253.bin.gz"
- sha256 9b18e25e5bd8f7567ada050d35429bc66327f13d818587af0612457f0be91997
- sha1 1ae0a516d368e805f21086d3c9c1ce86bf633f2e
- md5 94b3d3a79c0685a2bb4c71325c6b2d96
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\2c[1].jpg ad352e413c157e963315368c198d7fc64a95a2af40a69a91913e089e5840e58c
- DNS requests
- domain quickfingers.net
- domain ipv4bot.whatismyipaddress.com
- Connections
- ip 72.47.224.129
- ip 86.59.21.38
- ip 154.35.32.5
- ip 87.236.194.23
- ip 193.23.244.244
- ip 85.10.200.109
- ip 66.171.248.178
- ip 136.32.240.23
- HTTP/HTTPS requests
- url http://quickfingers.net/amfphp/browser/2c.jpg
- url http://ipv4bot.whatismyipaddress.com/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement