Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Gandcrab #Ransomware #Trojan #Malware
- Analysis:
- https://app.any.run/tasks/a1514f7f-cf2a-4f9e-889a-ea9177d55537
- Main object- "fattura#87448680672-270620198172_2018_4_24_798144.pdf.js"
- sha256 d7603311a426562888ae4327a5da4061e3223de247355d542b0d4a20229a05ec
- sha1 fe09aaf885bec68436ed832b1dfdbba84a168417
- md5 0a328de6f5e9a70dd5a7bcc407c0c738
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\garageidentityopportunity.exe 191a65f32c603e1543d9414870dab94e3321401ae55ffe854e1a072b37888172
- sha256 C:\Users\admin\AppData\Roaming\Microsoft\qoyabf.exe 76cc5b86f38f87ccd6e6d38972f19cb40e076aff1428d94fa1868ec245b7a044
- DNS requests
- domain ransomware.bit
- domain zonealarm.bit
- domain ns1.corp-servers.ru
- domain ns2.corp-servers.ru
- domain ipv4bot.whatismyipaddress.com
- domain pythonxl.fun
- domain bwyvryyaou.com
- Connections
- ip 94.249.60.127
- ip 89.203.10.56
- ip 185.67.45.121
- ip 189.75.183.21
- ip 66.171.248.178
- HTTP/HTTPS requests
- url http://ransomware.bit/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement