API tools faq
paste
tkanalyst

2019/09/17 RIG EK -> Smokeloader -> Other Malware

tkanalyst
Sep 16th, 2019
628
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.16 KB | None | 0 0
raw download clone embed print report
  1. #Malvertising -> #RIGEK -> #Smokeloader
  2.  
  3. #Crysis (#dharma) & #Vidar & #Predator & #kpot
  4.  
  5. [Example Payload]
  6. https://app.any.run/tasks/8ab44e97-219f-4a44-a0a3-6c49b78fa6a4/
  7. ================================================================
  8. Main object- "radD314E.tmp.exe"
  9. sha256 6c69ebcf9538467c1fd0b537a19ea47e7146ed801a53053c1353c83679a4159b
  10. sha1 77542ba98485882949fa421cb18aaf83b9e4c317
  11. md5 ab6a7544a697345151b8ccc0d60eecdb
  12. Dropped executable file
  13. sha256 C:\Users\admin\AppData\Roaming\fthtujv 6c69ebcf9538467c1fd0b537a19ea47e7146ed801a53053c1353c83679a4159b
  14. sha256 C:\Users\admin\AppData\Local\Temp\161D.tmp.exe a3928623078f6667dc35f8346c497d1ee84ca8b58fd29cafa78174246d78f0ca
  15. sha256 C:\Users\admin\AppData\Local\Temp\1C86.tmp.exe 055244546364fd9dd857a2ba0ca2d1af856be37cb0160c6652300b1cbc6d0065
  16. sha256 C:\Users\admin\AppData\Local\Temp\2002.tmp.exe 77d670d768b4ed9d79f3de2cf7e099b760ce977b93c268587a8673dc80fe70a9
  17. sha256 C:\Users\admin\AppData\Local\Temp\23EB.tmp.exe 990cd15ae1518a5e68b47f5f717607de96bd79bb316bd24da9a5ba7772f25bd7
  18. sha256 C:\Users\admin\AppData\Local\Temp\2BBC.tmp.exe c47eb1dafce229b1c9f143b9fbace813a3df62231f296f0cca6bfa913f5ac837
  19. sha256 C:\Users\admin\AppData\Local\Temp\2F57.tmp.exe 41e4ca6de30cc234d6ae05f3887e7a91a01c72ccb7d56d327f5bd8ea4f45e1cd
  20. sha256 C:\Users\admin\AppData\Local\Temp\D47F.tmp 3a98d10a2792713d8368920cb139323aae576bee3ca70f5ab23f91af4f2bb244
  21. sha256 C:\ProgramData\freebl3.dll a770ecba3b08bbabd0a567fc978e50615f8b346709f8eb3cfacf3faab24090ba
  22. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U1WPAC\mozglue[1].dll 3fe6b1c54b8cf28f571e0c5d6636b4069a8ab00b4f11dd842cfec00691d0c9cd
  23. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K78MRVB5\msvcp140[1].dll 334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4
  24. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\nss3[1].dll e2935b5b28550d47dc971f456d6961f20d1633b4892998750140e0eaa9ae9d78
  25. sha256 C:\ProgramData\softokn3.dll 43536adef2ddcc811c28d35fa6ce3031029a2424ad393989db36169ff2995083
  26. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K78MRVB5\vcruntime140[1].dll c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d
  27. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQYU0XHJ\client[1].exe adecb2e76d737e6c598bd0204c698439d8b03d4951acb86bf57903f6d4afdeef
  28. sha256 C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.id-7CD9E0E6.[3442516480@qq.com].pdf 90c570a2e35bdec68204e16c497749b409d83fbae53d8d4c067c0cf4f2dbfeb9
  29. DNS requests
  30. domain advertserv25.world
  31. domain vidvpn.cc
  32. domain www.advertserv25.world
  33. domain mailadvert82dx.world
  34. domain mailstatm74.club
  35. domain advertstat19.com
  36. domain anjalihome.org
  37. domain ip-api.com
  38. domain sdstat597tp.world
  39. domain kutahya.hayvansagligi.com
  40. Connections
  41. ip 198.54.117.218
  42. ip 162.255.119.221
  43. ip 5.9.26.115
  44. ip 185.25.51.155
  45. ip 178.157.82.166
  46. ip 104.27.157.207
  47. ip 213.252.245.227
  48. ip 185.194.141.58
  49. ip 213.252.245.139
  50. ip 45.93.245.10
  51. HTTP/HTTPS requests
  52. url http://www.advertserv25.world/logstatx77/?from=@
  53. url http://advertserv25.world/logstatx77/
  54. url http://mailstatm74.club/logstatx77/
  55. url http://mailadvert82dx.world/sky/crot777mx.exe
  56. url http://mailadvert82dx.world/del/del777pmx.exe
  57. url http://anjalihome.org/72
  58. url http://mailadvert82dx.world/sky/dmx22pms.exe
  59. url http://anjalihome.org/freebl3.dll
  60. url http://mailadvert82dx.world/sky/pred888amx.exe
  61. url http://mailadvert82dx.world/fun111lm.exe
  62. url http://anjalihome.org/vcruntime140.dll
  63. url http://anjalihome.org/nss3.dll
  64. url http://anjalihome.org/msvcp140.dll
  65. url http://anjalihome.org/mozglue.dll
  66. url http://anjalihome.org/softokn3.dll
  67. url http://anjalihome.org/
  68. url http://advertstat19.com/cq2fKWVooVNMYqNW/conf.php
  69. url http://kutahya.hayvansagligi.com/wp-content/uploads/client.exe
  70. url http://ip-api.com/line/
  71. url http://sdstat597tp.world/api/check.get
  72. url http://sdstat597tp.world/api/gate.get?p1=2&p2=15&p3=0&p4=0&p5=0&p6=0&p7=0&p8=0&p9=0
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!