Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #GandCrab #Ransomware #Trojan #Malware
- ------------------------------------------
- IOC's
- ------------------------------------------
- Main object- "mud.exe"
- url http://185.189.58.222/mud.exe
- sha256 ce9c9917b66815ec7e5009f8bfa19ef3d2dfc0cf66be0b4b99b9bebb244d6706
- sha1 d8eb074db4eabe9d48502b4a6ba8183c5337527c
- md5 a2bbae61bf0cf64b9d04b18cdd2a419d
- Dropped executable file
- sha256 C:\Users\admin\AppData\Roaming\Microsoft\gpcccd.exe 48adfc8b34392379507479bb2c218282afa8f03a2dd79f1eace1d763e86594cb
- DNS requests
- domain ransomware.bit
- domain ns1.corp-servers.ru
- domain ns2.corp-servers.ru
- domain ipv4bot.whatismyipaddress.com
- Connections
- ip 94.249.60.127
- ip 66.171.248.178
- ip 89.203.10.56
- HTTP/HTTPS requests
- url http://ransomware.bit/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement