360netlab/DGA

From VT: New seed of Randomloader DGA?

suqitian opened this issue · 0 comments

  • MD5
    baf268f88c0bf8501efe2cdeee712ce1
  • Domains from VT sandbox
    cgyck.museum
    cimumks.nu
    fyyayyyoc.vg
    gtxwwagzv.vg
    gymsuagbjpr.mp
    icmok.tk
    kohydmqzd.ws
    mfcqlfmve.museum
    mmqcwjzykqs.tk
    pesoeyxgwcc.cd
    psufsoqsgkquy.museum
    qluwbykqusk.cd
    tvoaikyqpk.cd
    ucymkoe.pw
    ugmkgqi.tk
    vouysxzkmebw.cd
    wiynq.mp
    yshcnqopiuz.pw
  • This sample dropped a file: C:\WINDOWS\system32\rmass.exe. Run it and kill the process tree again and again, some suspicious DGA domains would be captured by Wireshark.