Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Shade #Troldesh #Ransomware #Trojan
- ----------------------------------------
- 11-02-2019 IOC's
- ----------------------------------------
- Main object- "e577944c48edfc65b6f59630b0b0ac625b997f26af3d4bdbe2f534be0fff6f34.bin.gz"
- sha256 70b0f9b0d235d8edddaac7f5074e7273265f2335da455e1b6cd4d965ca1a4acc
- sha1 3aadb876abefc7269dfb450fef8349dca2aff4b5
- md5 864c5dfc4af43b932126ebbcc375e905
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\messg[1].jpg 26fec998b7b9ad941a346184b1eaaf7fc603abf8f8f96da025ba96f7021e7351
- sha256 C:\ProgramData\Adobe\ARM\S\618\AdobeARM.msi 2339ee197758a31ef70ea19a7a11413e08341c34d34a07a11029f8003114080f
- sha256 C:\ProgramData\Adobe\ARM\S\618\AdobeARMHelper.exe f9b595f657589a25f6f247b4cdd0de7f2ba0319b015d33f000728bfc11d0a1c2
- DNS requests
- domain projectmmo.ru
- domain equiracing.fr
- domain whatismyipaddress.com
- domain whatsmyip.net
- Connections
- ip 31.31.198.12
- ip 51.255.235.153
- ip 154.35.32.5
- ip 194.109.206.212
- ip 131.188.40.189
- ip 104.16.155.36
- ip 163.172.149.122
- ip 82.251.167.192
- ip 217.182.196.65
- ip 104.18.34.131
- HTTP/HTTPS requests
- url http://whatismyipaddress.com/
- url http://equiracing.fr/templates/rhuk_milkyway_equiracing/css/messg.jpg
- url http://projectmmo.ru/blog/slavneft.zakaz.zip
- url http://whatsmyip.net/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
