From VT: A new key of Murofet V2?
suqitian opened this issue · 3 comments
suqitian commented
- MD5
6d0f3196e91f8ae640791d5bb0d466b7 - Some domains generated on Sep 09, 2016
enlwmlrnnrwghtzo.info
fjshqslnctjjih.com
fjshqslnctjjih.net
fnqpwtpnqjrelr.com
fnqpwtpnqjrelr.info
fokilqnsjounrky.net
fokilqnsjounrky.org
fwiwunhysiobknow.com
fwiwunhysiobknow.org
gbrykvuhjyswps.com
gbrykvuhjyswps.org
gdsyglrssgouivot.com
gdsyglrssgouivot.info
ggmvhppkztszqus.biz
ggmvhppkztszqus.info
gresqpvwthsrcoho.biz
gresqpvwthsrcoho.com
gwkokphtoqkpphnt.com
gwkokphtoqkpphnt.net
gxnxtrdljnhvpb.com
gxnxtrdljnhvpb.org
hlmgmsjpckypfto.net
hlmgmsjpckypfto.org
hnrkreqknieipzs.com
hnrkreqknieipzs.info
hoqunoctsxlirmt.info
hoqunoctsxlirmt.org
hpgyloqmkfgieltk.info
hpgyloqmkfgieltk.org
htuntitiwlxjtn.biz
htuntitiwlxjtn.com
hvekvijjuprlscl.net
hvekvijjuprlscl.org
jolgbxtlovrtmnrq.biz
jolgbxtlovrtmnrq.info
jpxhnfzphfqvpooj.com
suqitian commented
Domains which generated on Sep 26, 2016.
fdovspiopzsit.com
fdovspiopzsit.info
fwkqjnztmuqnk.com
fwkqjnztmuqnk.info
gmiuslcetzrtoi.com
gmiuslcetzrtoi.net
mphyzqfqgxftiq.biz
mphyzqfqgxftiq.org
nujwkktgxnhkskfi.biz
nujwkktgxnhkskfi.net
qxvksgicitkrnpp.biz
qxvksgicitkrnpp.com
uvslklkqqzuoppre.com
uvslklkqqzuoppre.org
suqitian commented
Seed:
0x8811eea2
Test:
$ python dga.py -d 2016-09-26 -k 0x8811eea2
mduqmsnykuhinnnw.biz
mduqmsnykuhinnnw.com
qmvyspsgtrxypqon.net
...
fdovspiopzsit.info
fdovspiopzsit.com
uvslklkqqzuoppre.org
...
fwkqjnztmuqnk.info
fwkqjnztmuqnk.com
nujwkktgxnhkskfi.net
...
dga.py is here
suqitian commented
In fact, the malware sample only generated 800 domains per day.
But for covering all possibilities, 1020 domains per day was needed.