From VT: New seed of Randomloader DGA?

- MD5
  [baf268f88c0bf8501efe2cdeee712ce1](https://github.com/360netlab/DGA/blob/master/md5/baf268f88c0bf8501efe2cdeee712ce1.tar.gz)
- Domains from VT sandbox
  cgyck.museum
  cimumks.nu
  fyyayyyoc.vg
  gtxwwagzv.vg
  gymsuagbjpr.mp
  icmok.tk
  kohydmqzd.ws
  mfcqlfmve.museum
  mmqcwjzykqs.tk
  pesoeyxgwcc.cd
  psufsoqsgkquy.museum
  qluwbykqusk.cd
  tvoaikyqpk.cd
  ucymkoe.pw
  ugmkgqi.tk
  vouysxzkmebw.cd
  wiynq.mp
  yshcnqopiuz.pw
- This sample dropped a file: C:\WINDOWS\system32\rmass.exe. Run it and kill the process tree again and again, some suspicious DGA domains would be captured by Wireshark.
  ![](https://github.com/360netlab/DGA/raw/master/jpg/issue_008_001.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

From VT: New seed of Randomloader DGA? #8

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

From VT: New seed of Randomloader DGA? #8

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions