Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hancitor "19zai12" Payload Domains (MD5: E6EE61AB3A26EDAE49C35730D557710C):
- // l -> Download and execute .EXE in separate thread (arg=1)
- {l:http://dubbingafrica.com/wp-content/themes/1|http://www.ntfisheybusiness.net/wp-admin/1|http://www.47inf.org/blog/wp-content/plugins/wp-filemanager/incl/1|http://rosemaryromero.com.br/wp-content/plugins/force-regenerate-thumbnails/1|http://seosem.com.br/inc/1}
- // b -> Download and inject code into svchost.exe
- {b:http://dubbingafrica.com/wp-content/themes/2|http://www.ntfisheybusiness.net/wp-admin/2|http://www.47inf.org/blog/wp-content/plugins/wp-filemanager/incl/2|http://rosemaryromero.com.br/wp-content/plugins/force-regenerate-thumbnails/2|http://seosem.com.br/inc/2}
- // r -> Download and execute .DLL or .EXE
- {r:http://dubbingafrica.com/wp-content/themes/3|http://www.ntfisheybusiness.net/wp-admin/3|http://www.47inf.org/blog/wp-content/plugins/wp-filemanager/incl/3|http://rosemaryromero.com.br/wp-content/plugins/force-regenerate-thumbnails/3|http://seosem.com.br/inc/3}
- http://ressiritar.com/4/forum.php|http://undretseddown.ru/4/forum.php|http://histoldwobet.ru/4/forum.php
- EvilPony C2 (MD5: 3E7B23063986C9CDF596DC282BD0533F):
- http://ressiritar.com/mlu/forum.php
- http://undretseddown.ru/mlu/forum.php
- http://histoldwobet.ru/mlu/forum.php
- MD5 (2018-12-19.isfbv217.loader.packed.vk.exe) = 9A74D77D6C82658146FD85D40209E750
- Bot ['2.17']
- Build ['061']
- Botnet/Group ID ['2000']
- DGA TLDs ['com', 'ru', 'org']
- Server [’550’]
- Encryption key ['Gwe9HMygngWe8kPK']
- DGA CRC ['0x4eb7d2ca']
- DGA Base URL ['constitution.org/usdeclar.txt']
- Domains: ['api2.doter.at/webstore', 'beetfeetlife.bit/webstore', 'in.extermas.at/webstore', 'sx.zaronif.at/webstore', 'g2.ex100p.at/webstore', 'gif.doter.at/webstore', 'extra.avareg.cn/webstore', 'foo.avaregio.at/webstore', 'op.iovbased.at/webstore', 'ws.doter.at/webstore', 'f1.cnboal.at/webstore', 'xxx.doolap.at/webstore', '51.255.48.78', '192.71.245.208', '178.17.170.179', '193.183.98.66', '207.148.83.241', '111.67.20.8', '103.236.162.119', '142.4.205.47', '213.136.85.253', '159.89.249.249', '82.196.9.45']
- Path: ['/images/']
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement