Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- MD5 (2018-10-24.isfb.loader.decoded.vk.exe) = 4854c062bd319303e7da1c5eb0e3461c
- MD5 (2018-10-24.isfb.client.decoded.vk.dll) = e982180971db1e60b34b084a87f877af
- Bot ['2.17']
- Build ['39']
- Botnet/Group ID ['3090’, '3091']
- DGA TLDs ['com', 'ru', 'org']
- Server [’12’]
- Encryption key ['10291029JSJUYNHG']
- DGA CRC ['0x4eb7d2ca']
- DGA Base URL ['constitution.org/usdeclar.txt']
- Domains ['eyedosprot.com ', 'dhsiwyqdlskwsqo.com', 'hq92lmdlcdnandwuq.com']
- Path: ['/images/']
- ISFB 2nd Stage Domains:
- dealadynou.com/RUI/levond.php?l=pory[1-7].xap
- fageingles.com/RUI/levond.php?l=pory[1-7].xap
- Dridex Botnet ID "3101" Fist-Stage Config:
- 213.252.244.233:443
- 192.48.88.118:443
- 176.10.118.150:443
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement