Domains contacted : “bticoin.su” “xmr.pool.minergate.com” Sample : hxxps://multiup.org/download/fd770cb19017e1dfdb190493a5c17fb4/rig.exe
GandCrab v4 Ransomware CnC
The sample looks like Carberp with ransomware option added . Contacts domains : “www.billerimpex.com” “www.macartegrise.eu” “www.poketeg.com” “priceclub.su” “perovaphoto.ru” “vision2010usa.com” “asl-company.ru” “www.fabbfoundation.gm” “www.perfectfunnelblueprint.com” “www.wash-wear.com” “pp-panda74.ru” Contacts ips : “216.58.215.46:80” “91.210.104.247:80” “148.251.131.183:80” “52.29.192.136:80” “178.33.233.202:80” “185.174.175.30:80” “87.236.19.51:80” “50.63.197.11:80” “87.236.16.31:80” “104.27.184.39:80” “146.66.72.87:80” “69.73.180.151:80” “87.236.16.29:80” “173.247.242.133:80” “188.165.53.185:80” “107.178.113.162:80” “188.64.184.90:80” “188.64.184.90:443” “213.186.33.3:80” “213.186.33.3:443” Sample here : hxxp://91.210.104.247/putty.exe The sample porn.jpg downloads theseRead more...