Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #GandCrab #Ransomware #Dropper
- -------------------------------------
- 14-05-2018 IOC's
- -------------------------------------
- Main object- "malPHP.txt"
- sha256 f0a3f5b014b6712339aee33550899699c402c5cf9cc6792e3c5bb63997bda8e6
- sha1 b6abc0588d30f4c24a6b599e4e4c60087781a266
- md5 ed29aaa57866be2710ed01d576b48831
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\bbud3tzj6.exe e0b7584f713ca7ea379654f1ee638c9161ecd4bf918759236330906465590dbb
- sha256 C:\Users\admin\AppData\Roaming\Microsoft\gogkpe.exe 950950bfa5ac44c4c3c2a54659dc918e0a877acc72ab9f5e1152376957ef192a
- DNS requests
- domain ransomware.bit
- domain ns1.wowservers.ru
- domain ns2.wowservers.ru
- domain ipv4bot.whatismyipaddress.com
- domain www.zxytcjj.com
- domain www.a-bricks.com
- Connections
- ip 66.171.248.178
- ip 189.75.183.21
- ip 89.203.10.56
- ip 194.9.94.60
- ip 122.10.89.181
- HTTP/HTTPS requests
- url http://www.zxytcjj.com/update.php
- url http://www.a-bricks.com/file_1.php
- url http://carder.bit/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement