Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- MD5 (2018-11-16.isfbv217.loader.decoded.vk.exe) = 3eada298cbfe1398de64a3d2516c8e31
- Bot ['2.17']
- Build ['39']
- Botnet/Group ID ['3113’, '3114']
- DGA TLDs ['com', 'ru', 'org']
- Server [’12’]
- Encryption key ['10291029JSJUYNHG']
- DGA CRC ['0x4eb7d2ca']
- DGA Base URL ['constitution.org/usdeclar.txt']
- Domains ['cjwefrfomatt.com', 'gticgrerfgiff.com', 'dubbumnabb.com']
- Path: ['/images/']
- Bot ['2.17']
- Build ['39']
- Botnet/Group ID ['3114’, '3115']
- DGA TLDs ['com', 'ru', 'org']
- Server [’12’]
- Encryption key ['10291029JSJUYNHG']
- DGA CRC ['0x4eb7d2ca']
- DGA Base URL ['constitution.org/usdeclar.txt']
- Domains ['abbtggmaazzrt.com', 'ticraphiff.com', 'dubbumnabb.com']
- Path: ['/images/']
- 2nd Stage Payload:
- zatewitsuk.com/YER/pelim.php?l=ulof[1-10].wos
- ninasukash.com/YER/pelim.php?l=ulof[1-10].wos
- 2nd Stage Payload:
- lootototic.com/YER/pelim.php?l=marb[1-10].wos
- osslusturv.com/YER/pelim.php?l=marb[1-10].wos
Add Comment
Please, Sign In to add comment
