Ransom_HPCERBER.SMONT4(Hosted in France ASN: 16276 (OVH SAS)

Contacts servers via udp :

"178.33.158.0:6893"
"178.33.158.1:6893"
"178.33.158.2:6893"
"178.33.158.3:6893"
"178.33.158.4:6893"
"178.33.158.5:6893"
"178.33.158.6:6893"
"178.33.158.7:6893"
"178.33.158.8:6893"
"178.33.158.9:6893"
"178.33.158.10:6893"
"178.33.158.11:6893"
"178.33.158.12:6893"
"178.33.158.13:6893"
"178.33.158.14:6893"
"178.33.158.15:6893"
"178.33.158.16:6893"
"178.33.158.17:6893"
"178.33.158.18:6893"
"178.33.158.19:6893"

execute command :
"taskkill /f /im "c1.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\c1.exe" > NUL && exit"

Sample here : hxxp://119.205.220.184/c.exe

0 comments:

Post a Comment