A new seed of Murofet

Question

A new seed of Murofet

suqitian opened this issue 8 years ago · 1 comments

suqitian commented 8 years ago

MD5
6f8ba741c1968083265346bff7e9533b
VT analysis
Domains captured in my virtual machine, 2016-12-01.
khuqyehgqtpuzzjd.com
rfcvjqgzlmmesuq.com
osrlrwsymmlutoq.biz
osrlrwsymmlutoq.com
hqognriumjzuqyi.info
hqognriumjzuqyi.org
klowmxgxhmriurli.net
klowmxgxhmriurli.biz
rxsptmbnuxzdxby.info
rxsptmbnuxzdxby.com
motipehktnnfigl.net
...

Answer 1 · 2016-12-02T03:12:26.000Z

Seed
0xa4d7ee01
The number of domains
1259

In order to cover all possibilities, need to generate 1259 domains per day.
17 * 59 + 0x100 = 1259

Test

$ python dga.py -d 2016-12-01 -k 0xa4d7ee01
...
rfcvjqgzlmmesuq.com
osrlrwsymmlutoq.biz
osrlrwsymmlutoq.com
hqognriumjzuqyi.info
hqognriumjzuqyi.org
klowmxgxhmriurli.net
klowmxgxhmriurli.biz
rxsptmbnuxzdxby.info
rxsptmbnuxzdxby.com
motipehktnnfigl.net
motipehktnnfigl.org
pffnfxmvzmzsqums.biz
...

dga.py is here