Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Occamy #Banking #Trojan
- ------------------------------------------
- 01-08-2019
- ------------------------------------------
- Main object- "https://www.dropbox.com/s/n85rjj7xk4uz3di/PRINT4BC8.rar?dl=1"
- url https://www.dropbox.com/s/n85rjj7xk4uz3di/PRINT4BC8.rar?dl=1
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\Rar$EXa3128.48641\E9FB310E-036B-4A29-9163-BD69FA98E66E-4BC8_PlDF.exe 84ca2506fe6277410786da0cb73d0b9fc82e23725327e16aecac35987f3bfcdb
- sha256 C:\Users\admin\AppData\Roaming\PrjManDev.exe 91ea2e5f5b7573cff0baea7bc5b9d0796cfadee2fa3c6d48192a9982dca71fcc
- DNS requests
- domain www.dropbox.com
- domain accounts.google.com
- domain uc8389ee2e26c7e77ef3358ce117.dl.dropboxusercontent.com
- domain guimacdgt.tk
- domain guimacdgt.com
- domain guimacdgt.1s.fr
- Connections
- ip 162.125.66.1
- ip 162.125.66.6
- ip 2.16.106.203
- ip 66.96.147.96
- ip 88.221.164.202
- HTTP/HTTPS requests
- url http://guimacdgt.1s.fr/e.php?165
- url http://guimacdgt.1s.fr/e.php?105
- url http://guimacdgt.1s.fr/e.php?156
- url http://guimacdgt.1s.fr/e.php?62
Add Comment
Please, Sign In to add comment