From VT: New seed of Randomloader DGA?
suqitian opened this issue · 0 comments
suqitian commented
- MD5
baf268f88c0bf8501efe2cdeee712ce1 - Domains from VT sandbox
cgyck.museum
cimumks.nu
fyyayyyoc.vg
gtxwwagzv.vg
gymsuagbjpr.mp
icmok.tk
kohydmqzd.ws
mfcqlfmve.museum
mmqcwjzykqs.tk
pesoeyxgwcc.cd
psufsoqsgkquy.museum
qluwbykqusk.cd
tvoaikyqpk.cd
ucymkoe.pw
ugmkgqi.tk
vouysxzkmebw.cd
wiynq.mp
yshcnqopiuz.pw - This sample dropped a file: C:\WINDOWS\system32\rmass.exe. Run it and kill the process tree again and again, some suspicious DGA domains would be captured by Wireshark.