Will redirecting to "sodanthu.com/in6.php"
Few domains and IP address used to download the payloads:
sodanthu.com - 76.186.201.167
domoktov.com - 122.115.63.19
bodyscanfit.com - 95.143.192.197
93.178.16.243
67.8.103.165
115.23.132.150
72.189.62.203
remotepaybill.com - 72.233.65.202
58.180.228.103
noloid.com - 82.38.177.107
Basically there have two executable payload files downloaded with low that AV detection rate.
- load.exe 11/40 (sha1:f1b4fc1e56c9e129e83f3139b54dc9b26c481769) VT , ThreatExpert
- 78_wcap.exe 16/40 (sha1:a142cb266ad6cd764501981f6bb194025b7c8cc8) 78_wcap.exe VT, ThreatExpert
"load.exe" starting request to download another two payloads from following urls:
- http://95.211.8.217/pr/pic/test_vorogpa_b.exe (Netherlands)
- http://213.108.56.140/pr/pic/mode.exe (Russian Federation)
- test_vorogpa_b.exe 8/41 (sha1:77e476b0f93241d7fd4c96a93b2aaf51c0b7283c) VT, ThreatExpert
- mode.exe 8/41 (sha1:bd53d7a738a4eb7b208441772312c0a980f6c9d5) VT, ThreatExpert
Other than that, following Host Names were requested from host database:
93.178.16.243 Saudi Arabia
99.172.145.27 United States
70.136.99.45 United States
58.180.228.103 Korea, Republic Of
69.133.52.228 United States
98.150.16.40 United States
116.32.243.20 Korea, Republic Of
121.133.154.145 Korea, Republic Of
65.36.21.142 United States
67.8.103.165 United States
68.63.4.110 United States
115.23.132.150 Korea, Republic Of
211.212.234.198 Korea, Republic Of
189.39.157.223 Brazil
72.189.139.203 United States
200.59.9.82 Argentina
119.207.4.172 Korea, Republic Of
115.136.188.114 Korea, Republic Of
221.161.156.247 Korea, Republic Of
72.189.62.203 United States
152.1.90.107 United States
86.104.133.94 Romania
67.191.95.170 United States
112.170.209.51 Korea, Republic Of
189.41.94.209 Brazil
221.145.69.122 Korea, Republic Of
82.139.32.75 Poland
210.96.149.10 Korea, Republic Of
89.33.184.138 Romania
114.42.119.236 Taiwan, Province Of China
220.88.62.193 Korea, Republic Of
112.164.231.195 Korea, Republic Of
67.66.92.186 United States
192.35.222.23 United States
98.239.53.112 United States
211.56.233.178 Korea, Republic Of
98.204.223.239 United States
92.100.238.0 Russian Federation
162.105.113.88 China
121.182.163.238 Korea, Republic Of
200.79.216.225 Mexico
98.225.215.185 United States
67.160.46.239 United States
89.110.12.115 Russian Federation
98.224.160.221 United States
97.85.189.53 United States
76.237.5.121 United States
58.168.116.29 Australia
76.179.11.105 United States
70.126.56.149 United States
193.151.59.190 Ukraine
200.7.166.145 Bolivia
24.92.178.72 United States
88.216.25.114 Lithuania
99.232.235.89 Canada
115.43.186.103 Taiwan, Province Of China
118.42.212.181 Korea, Republic Of
121.185.21.213 Korea, Republic Of
121.174.84.123 Korea, Republic Of
68.69.204.104 Canada
61.58.111.158 Taiwan, Province Of China
94.54.195.12 Turkey
201.13.94.177 Brazil
121.145.43.209 Korea, Republic Of
188.97.120.80 Germany
80.216.136.246 Sweden
85.67.63.112 Hungary
70.235.17.227 United States
221.143.60.99 Korea, Republic Of
87.7.150.120 Italy
193.110.77.60 Ukraine
93.80.33.215 Russian Federation
67.49.12.244 United States
121.1.71.38 Korea, Republic Of
87.10.29.149 Italy
121.159.139.134 Korea, Republic Of
84.125.210.129 Spain
125.178.173.231 Korea, Republic Of
93.126.104.158 Ukraine
128.130.56.33 Austria
129.22.80.237 United States
220.116.89.236 Korea, Republic Of
24.42.76.57 United States
98.30.33.240 United States
84.3.94.38 Hungary
121.164.68.74 Korea, Republic Of
24.132.52.67 Netherlands
83.85.192.248 Netherlands
70.121.202.156 United States
64.246.85.154 United States
67.187.153.18 United States
98.240.224.97 United States
152.1.40.235 United States
79.9.35.42 Italy
69.204.254.166 United States
121.217.36.61 Australia
24.238.162.9 United States
121.128.195.90 Korea, Republic Of
109.60.245.57 Italy
119.64.109.187 Korea, Republic Of
0 comments:
Post a Comment