Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #GandCrab #Ransomware
- ------------------------------
- 09-05-2018 IOC's
- ------------------------------
- Main object- "new 7.txt"
- sha256 ddbe6a4def6201f9e82ceeba817b0fedbae3e898d3b1a026b649f217fd5fe24f
- sha1 ab40588f2a84a8e6ced338740cd1d378069f502d
- md5 9de7c4816311ee67e711d3ee1bf9064f
- Dropped executable file
- sha256 C:\Users\admin\Downloads\1.pdf a383cc821d58c21466acbb16171c972093a7a6db8646c716ca3b9b710b4d197b
- sha256 C:\Users\admin\AppData\Roaming\Microsoft\vyavdq.exe 016183d77ae3700d97bf8d876fe1b30116a63c96bb01b423a87773c9355f59da
- DNS requests
- domain carder.bit
- domain ns2.wowservers.ru
- domain ns1.wowservers.ru
- domain ipv4bot.whatismyipaddress.com
- domain www.xdhcf.com
- Connections
- ip 94.249.60.127
- ip 189.75.183.21
- ip 47.104.174.54
- ip 66.171.248.178
- ip 172.217.22.34
- HTTP/HTTPS requests
- url http://www.xdhcf.com/update.php
- url http://carder.bit/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement