Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Drops C:\Users\user\AppData\Roaming\<appnam>\<appname>.com
- Drops C:\Users\<user>\AppData\Local\Temp\<random>.tmp
- Reboots machine
- Uses custom dns server to resolve c2
- .tmp file above is ntdll.dll
- "Address","Port","Packets","Bytes","Tx Packets","Tx Bytes","Rx Packets","Rx Bytes"
- "5.135.183.146",53,25,1221,0,0,25,1221
- "23.94.5.133",53,25,1221,0,0,25,1221
- "23.94.60.240",53,25,1221,0,0,25,1221
- "31.3.135.232",53,50,2442,0,0,50,2442
- "34.240.147.125",53,20,977,0,0,20,977
- "45.63.25.55",53,25,1221,0,0,25,1221
- "51.254.25.115",53,25,1221,0,0,25,1221
- "51.255.48.78",53,25,1221,0,0,25,1221
- "52.174.55.168",53,25,1221,0,0,25,1221
- "54.236.38.98",53,25,1221,0,0,25,1221
- "62.113.203.55",53,25,1221,0,0,25,1221
- "62.113.203.99",53,25,1221,0,0,25,1221
- "82.196.9.45",53,20,977,0,0,20,977
- "87.98.175.85",53,25,1221,0,0,25,1221
- "89.18.27.167",53,25,1221,0,0,25,1221
- "104.238.186.189",53,25,1221,0,0,25,1221
- "130.255.73.90",53,25,1221,0,0,25,1221
- "130.255.78.223",53,25,1221,0,0,25,1221
- "139.59.23.241",53,25,1221,0,0,25,1221
- "151.80.147.153",53,25,1221,0,0,25,1221
- "163.53.248.170",53,25,1221,0,0,25,1221
- "172.104.136.243",53,20,977,0,0,20,977
- "185.121.170.176",53,25,1221,0,0,25,1221
- "185.133.72.100",53,25,1221,0,0,25,1221
- "188.165.200.156",53,25,1221,0,0,25,1221
- "193.183.98.66",53,25,1221,0,0,25,1221
- "193.183.98.154",53,25,1221,0,0,25,1221
- "195.154.226.249",53,25,1221,0,0,25,1221
- "202.46.32.19",53,25,1221,0,0,25,1221
- "202.58.192.10",53,25,1221,0,0,25,1221
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
