VSDC hack — Indicators of compromise

Samples

All hashes are SHA1

Installers

6e6d2e2a2bfe5cae7cad11db87792be286a48d4a: video_editor_x64.exe
cdb22065e436f8be87c4b382b6d6eaac50bb3632: NordVPNSetup.exe

Trojan.DownLoader

aa940989d959f41a48561eeb26d0f007c8416af5: update_check.exe
39985f475755d9cb865bdf359609b176f6c85a5f: update.exe
8277a1968397b60334449a99899e2ce412d3c595: updtae.exe
7e199b09816111b8083621598ed41d9ff62ed0ae: update_driver.exe
3dd0c98ddcf91250492d472eced7a672595b54db: part1.exe
8bcf6def0c0dc6e23b3d016112523310a07e60bf: tvbit.exe
87daed1db7a7d4b7d7d7ba9b1ca35c85d944f111: tvbit10.exe
7cea576c983971f5009c7190eda3a53cbc031469: UpdateRD.exe
69ef67ba5157508a895bccae49bea9f7a6753644: update.exe

Backdoor.TeamViewer

9120e9d256d4032219f40b76af911bdd874a20b8: msi.dll
6c0caf141bd6772d3642a893ab846fa7ff19b056: msi.dll
65602d436660b4477123a268f184289e4da1adf1: msi.dll
4ddc12ca7c7b034d2318a8717c51f90fc78e5a1c: msi.dll

PowerShell.Dropper.10 (HRDP dropper)

86a87cf7453378f57a23dc433a1870251e86bae6: my.db

BackDoor.HRDP

178b3c93609d05ea4257f30959120081789214dd: appcache.xml
c029ebfa16c062fab32bac1546086a09bfdff0c4: default_list.xml

BAT.KillAV.144

1db07a21617b55426b9ab9825c227e3eef687ab2: update_check.exe, DFEx.exe

Trojan.KeyLogger.41944 (X-Key)

1d1a70d9a67117120d099d8069718cf04d52cf16: lkeytv.tiff (decrypted)
495aeca4def6fdb4a13cd38408ea4e2fec2508c1: errorlog.exe

Trojan.PWS.Stealer.28012 (Predator The Thief)

bc24d39e740b8809183103e7f729f47cd1ff6bae: predtv.tiff (decrypted)

BackDoor.Siggen2.3092

a92364656435488e2fa45ebcddb863ff3dff3328: nctv.tiff (decrypted)

Trojan.Clipper.67

50da321b85159693cc02b82fd5fedfa94cf57614: cliptv.tiff (decrypted)

Trojan.Spynet.29 (SystemBC)

17a4920fe9addd89e27946025531ad101ad7816e: soctv.tiff (decrypted)

Trojan.Siggen9.9205

a16e1abdc186f58ab7fee84fef870bb0a0c81c0a: butv.tiff (decrypted)

Network indicators

Bitbucket repositories

https://bitbucket.org/videosoftdev/
https://bitbucket.org/vscd/
https://bitbucket.org/softvpn/
https://bitbucket.org/soft-group/

Domains

centory20.xyz
mginskjadivizija.club
get-cert-ssl1.xyz
my-helper.site
my-super-puper-helper.xyz

IPs

23.249.167.164

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VSDC hack — Indicators of compromise

Samples

Installers

Trojan.DownLoader

Backdoor.TeamViewer

PowerShell.Dropper.10 (HRDP dropper)

BackDoor.HRDP

BAT.KillAV.144

Trojan.KeyLogger.41944 (X-Key)

Trojan.PWS.Stealer.28012 (Predator The Thief)

BackDoor.Siggen2.3092

Trojan.Clipper.67

Trojan.Spynet.29 (SystemBC)

Trojan.Siggen9.9205

Network indicators

Bitbucket repositories

Domains

IPs

FilesExpand file tree

README.adoc

Latest commit

History

README.adoc

File metadata and controls

VSDC hack — Indicators of compromise

Samples

Installers

Trojan.DownLoader

Backdoor.TeamViewer

PowerShell.Dropper.10 (HRDP dropper)

BackDoor.HRDP

BAT.KillAV.144

Trojan.KeyLogger.41944 (X-Key)

Trojan.PWS.Stealer.28012 (Predator The Thief)

BackDoor.Siggen2.3092

Trojan.Clipper.67

Trojan.Spynet.29 (SystemBC)

Trojan.Siggen9.9205

Network indicators

Bitbucket repositories

Domains

IPs