From VT: A new seed of Dircrypt?

Question

From VT: A new seed of Dircrypt?

suqitian opened this issue 8 years ago · comments

MD5
8dce388365ba4ddd516a744c677d41e9
Domains
aecsztodxcauezvwv.com
agqkgrttm.com
dkpcztxjhlmgppzrd.com
erajimtnghuqfdgnhj.com
ftxtknedryvgywsmchm.com
gcaocxscewiemvhggl.com
gxcmyvpmuuxoluzdenhr.com
hbyxpqjkm.com
hrbkzpoytss.com
injhsmedkkvjktwgmz.com
iufmmhtfuglkewvyrira.com
jzyskusvwwpnykoi.com
khtpzsuzpbaforbsqoqt.com
lvbikxjfrzrofxzn.com
ngntxyqih.com
ntaeqknhxehkadis.com
pbxfdvizihgcv.com
qmeuxytpxbf.com
xbrsttwgaomaxapjpa.com
zwmobkxpbcwddexzh.com
Details in VT
File has been identified by at least ten Antiviruses on VirusTotal as malicious, and one of the keywords is "Dircrypt".

Johannes Bader · Answer 1 · Thu May 03 2018 20:52:07 GMT+0800 (China Standard Time)

This is indeed DirCrypt with Seed 0xF6A84A56 and 50 generated domains . Here is the full list

roxgaffvgdoussasodp.com
fmmpcvptedjj.com
kcioltyxt.com
uoneiidbgd.com
cgisutadrreeofer.com
cdvdzllc.com
qmiovfqxfottkhvxnbh.com
cosehduitwhveyawpvb.com
rstjohxvafpdil.com
ktnpeigebccttk.com
owhcvpphjlhmmhsu.com
hsysmmsyrqigvk.com
xiwizgqqxsxiufcqog.com
bbtflrghufwutxujka.com
srivztiulphfxd.com
poinakvh.com
yjghnpukyqy.com
zjnzfctktonlspuanzlr.com
qszjxjem.com
iedzvuyxzihzdwccayx.com
gznvxlfppo.com
adhwcthf.com
halmafqsuibsddqls.com
ppwktofoh.com
evbjhfhddsqejovzfjx.com
eugrbfjvkzx.com
pmuyficrjmtartnzeouj.com
vfcnugadnuhaoebzwaq.com
khcagvgdllhfjqn.com
siamgggtevghgi.com
erajimtnghuqfdgnhj.com
iufmmhtfuglkewvyrira.com
injhsmedkkvjktwgmz.com
ntaeqknhxehkadis.com
ngntxyqih.com
jzyskusvwwpnykoi.com
khtpzsuzpbaforbsqoqt.com
dkpcztxjhlmgppzrd.com
xbrsttwgaomaxapjpa.com
lvbikxjfrzrofxzn.com
hbyxpqjkm.com
ftxtknedryvgywsmchm.com
pbxfdvizihgcv.com
hrbkzpoytss.com
gcaocxscewiemvhggl.com
aecsztodxcauezvwv.com
agqkgrttm.com
qmeuxytpxbf.com
gxcmyvpmuuxoluzdenhr.com
zwmobkxpbcwddexzh.com

suqitian · Answer 2 · Fri May 04 2018 11:27:50 GMT+0800 (China Standard Time)

Thanks a lot.
The seed has been added to our Opendata!