Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Shade #Troldesh #Ransomware
- --------------------------------------
- 21-01-2019 IOC's
- --------------------------------------
- Main object- "b5d9ee0dfced8f3da4aafce52d06d8e5de5caad68f8f569c33f41efe1f344eb8.bin.gz"
- sha256 84ba0a5529da08cd469c53f309c2f6f83e2246c93dcf2c05380a9f179b39e598
- sha1 43a04d60c64496bd34d3e7935510c1da61b85f50
- md5 869dbaca4e5c3ffff39aa2f637c81651
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\ssj[1].jpg d3378c99134259db2ada97669007f90af17798fb9a8f2c33f3f8e00ab223f8d3
- DNS requests
- domain www.eleinad.org
- domain stockmoneymade.com
- domain whatismyipaddress.com
- domain whatsmyip.net
- Connections
- ip 185.53.160.206
- ip 89.46.105.68
- ip 104.16.20.96
- ip 163.172.21.117
- ip 131.188.40.189
- ip 51.15.113.238
- ip 86.59.21.38
- ip 104.18.34.131
- ip 104.244.78.147
- HTTP/HTTPS requests
- url http://www.eleinad.org/wp-content/themes/dt-the7/css/compatibility/woo-fonts/ssj.jpg
- url http://whatismyipaddress.com/
- url http://whatsmyip.net/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement