KGN

2019/10/22 RIG EK -> Smokeloader and more

KGN
Oct 21st, 2019
1,319
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-10-22
  2. #RIGEK -> #Smokeloader
  3. #Danabot & #Quasar & #Krnos & #Loader -> #Quasar & #Predator
  4. and more...
  5.  
  6. [Example Payload]
  7. https://app.any.run/tasks/18310361-db17-44ed-b94c-a67536308eb5/
  8.  
  9. [MD5/Filename]
  10. 46f77846fc0336b71e97b3587bf944af /elin.exe.1
  11. 46f77846fc0336b71e97b3587bf944af /elin2.exe
  12. c3613bd934dde67b05ba3983fba2bdfd /evi111.exe
  13. b21cdb0f3ab6db4fa676effbaef89b9d /evi999.exe
  14. 2c058358db86ad7c423ec6e727136724 /gab.exe
  15. 339800289e29184eef7c6436b5e7e9dd /guc.exe
  16. 526ac6eabc862493d32ab7a92408c600 /hrd777.exe
  17. 5082932c741a5ff379de1c3f2edf1321 /isb777amx.exe
  18. 3266feb35d1eaa9697dd2e000b0ce18c /kam.exe
  19. dc3a81cc4f57944f8769d3af969c3a80 /ntm.exe
  20. eb633b7b53815cbe4c12d061063e76ce /pak.exe
  21. b8eb69bc32720f8e99431772e3ffec9b /ph.exe
  22. 4a8d2fb5a4c43261f182df7ecdf36bda /pred777amx.exe
  23. ca3a588b37335dd3f7ce8a3ea480946b /pred999.exe
  24. cc47bc788a58c510b00a5b288769a943 /skd.exe
  25. f267d07c82912e0222666aa2cdc4cbee /slot.exe
  26. 55952f9ebac7118bd88a354c75458935 /socks111.dll
  27. 5662239c0f3bb4ba40f6b7ca2524443b /socks111.exe
  28. e91e67b2db458249d7d429d01cc85c9e /socks111atx.exe
  29. 3d724b6268417a84fc30c8d324b64397 /socks777.exe
  30. c444a2d68b9d5bc7316cb261f46fea72 /socks777amx.exe
  31. 7a4af18d561a31a156762b6cf01b981e /tap.exe
  32. 85ae6322075411aa058d86bba298d96f /vodka.exe
  33. e8e14b6dba2a54aed0106e8b85025241 /atx555mx.exe
  34. 41b93173a8b5583daaf090438fb05004 /chapo777.exe
  35. 33dcc5eee446fe67258ba710b37b1a81 /crot777amx.exe
  36. 136fae97d28f7dc1c275d52fdb885949 /crot777mx.dll
  37. 565a67a6dff8d567038d9fe8c7fa0024 /dan777.exe
  38. 4a6afd3c6793159cd1cfe99c7992b45a /del777pmx.exe
  39. 611951ee8ab1f66bace29d81d40fdeb3 /dmx777.exe
  40. 7d087a5664a2cd57fc41f3e99ef94055 /dmx777amx.exe
  41. c3defbd7fffd387d09be5347ec1a83a1 /dor.exe
  42. a876ab605d2044cf4e3743ed18b39827 /dos777.exe
  43. 2d2a72236628870121ae36241664026c /elin.exe
  44.  
  45. https://app.any.run/tasks/1b9e36c6-8c0f-45a1-9341-d61a2d1646cf/
  46.  
  47. =====================================================================
  48. Main object- "rad1FF8E.tmp.exe"
  49. sha256 b2f6b2ab9980fb1854649ccf73d6fcf964d8039cf715015d708bda0fa18221a8
  50. sha1 67967b23ea19106b5a1ab6c39f3bd36fb975961d
  51. md5 c60293959c1beacd300776bea1d469a7
  52. Dropped executable file
  53. sha256 C:\Users\admin\AppData\Local\Temp\D47F.tmp 3a98d10a2792713d8368920cb139323aae576bee3ca70f5ab23f91af4f2bb244
  54. sha256 C:\Users\admin\AppData\Local\Temp\BF07.tmp.exe 184e7bb13a43f58e0a2b844207f9f0ed5d0cf9752a243068075007517ff392d4
  55. sha256 C:\Users\admin\AppData\Local\Temp\405E.tmp.exe 8d72fc855462fac8cbd62a30953752da1160ee677872cd15ee0331c5cbff6618
  56. sha256 C:\Users\admin\AppData\Local\Temp\5FCD.tmp.exe de146c4ebb0ba2850b93cb358f78b671f50724c9710127d6755c1c2f2f23d698
  57. sha256 C:\Users\admin\AppData\Local\Temp\6EA3.tmp.exe 111b63f31d1e6855b0bc722107ac4f5668a7f115fd45654625eb41a6160828c6
  58. sha256 C:\Users\admin\AppData\Local\Temp\7B95.tmp.exe b51b8c284864ea55b1d11eeaa556e8a33edf02a133422cedaaa5dd6c4fbc01f5
  59. sha256 C:\Users\admin\AppData\Local\Temp\93F1.tmp.exe d4d617c36b6dd0e343fccf1d9703b72a9321a315aabd9ec8f30e6b1d601cbc22
  60. sha256 C:\Users\admin\AppData\Roaming\fthtujv b2f6b2ab9980fb1854649ccf73d6fcf964d8039cf715015d708bda0fa18221a8
  61. sha256 C:\Users\admin\AppData\Local\Temp\A3B1.tmp.exe 69818a6b8b0c535ceabdc578058c93cc5e7338efc24f52104fc0beee3f48a654
  62. sha256 C:\Users\admin\AppData\Local\Temp\5FCD.dll 528f3a0e46fe32f740387f505f0fdf5d0e9bf36199d1c6a9a9eff55a53fc7cc8
  63. sha256 C:\Users\admin\AppData\Local\Temp\GetX64BTIT.exe 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
  64. sha256 C:\Users\admin\AppData\Local\Temp\{829EBE47-6E02-4418-AFCE-3AFE5B2378AE}\621896936.exe e6f88219fde1d526253de53f06fdb95ad08704c4dedbcdcf062d09db69754a58
  65. DNS requests
  66. domain blogserv27.com
  67. domain kstarserver17km.club
  68. domain api.ipify.org
  69. domain cdnshop78.world
  70. domain ip-api.com
  71. domain advertstar85.com
  72. Connections
  73. ip 199.58.81.140
  74. ip 64.188.26.201
  75. ip 172.107.2.143
  76. ip 5.101.191.51
  77. ip 85.229.148.210
  78. ip 54.243.147.226
  79. ip 81.16.33.31
  80. ip 129.6.15.28
  81. ip 23.129.64.208
  82. ip 81.22.255.146
  83. ip 51.75.254.12
  84. ip 199.249.230.123
  85. ip 117.69.242.3
  86. ip 23.129.64.194
  87. ip 95.179.168.37
  88. ip 145.239.91.37
  89. ip 193.144.40.26
  90. ip 147.135.15.186
  91. ip 73.48.92.89
  92. ip 139.162.210.252
  93. ip 91.92.109.43
  94. ip 91.203.144.194
  95. ip 23.140.160.28
  96. ip 163.172.216.178
  97. ip 199.249.230.68
  98. ip 66.146.193.33
  99. ip 178.17.170.196
  100. ip 139.99.123.88
  101. ip 147.135.209.234
  102. ip 195.154.181.146
  103. ip 219.30.45.197
  104. ip 176.231.138.35
  105. ip 95.142.161.63
  106. ip 142.181.133.99
  107. ip 68.183.182.89
  108. ip 151.236.14.84
  109. ip 138.186.143.9
  110. ip 51.38.185.201
  111. ip 136.244.115.148
  112. ip 46.101.183.160
  113. ip 185.185.26.138
  114. ip 176.10.99.210
  115. ip 43.251.159.144
  116. ip 185.82.203.209
  117. ip 192.42.116.15
  118. ip 82.221.131.102
  119. ip 185.67.82.114
  120. ip 74.12.197.16
  121. ip 199.249.230.75
  122. ip 178.199.228.198
  123. ip 185.2.43.87
  124. ip 45.76.86.86
  125. ip 202.157.177.224
  126. ip 185.177.151.42
  127. ip 23.129.64.184
  128. ip 149.202.238.204
  129. ip 213.152.168.27
  130. ip 50.7.74.172
  131. ip 149.28.61.158
  132. ip 188.120.234.26
  133. ip 217.79.178.60
  134. ip 193.111.115.210
  135. ip 51.15.34.135
  136. ip 50.7.74.171
  137. ip 50.7.179.251
  138. ip 145.239.7.168
  139. ip 54.37.73.76
  140. HTTP/HTTPS requests
  141. url http://blogserv27.com/blogpics17/
  142. url http://kstarserver17km.club/crot777amx.exe
  143. url http://kstarserver17km.club/isb777amx.exe
  144. url http://kstarserver17km.club/elin/elin.exe
  145. url http://kstarserver17km.club/dan777.exe
  146. url http://kstarserver17km.club/socks111atx.exe
  147. url http://kstarserver17km.club/elin/elin2.exe
  148. url http://kstarserver17km.club/sky/new/dos777.exe
  149. url http://kstarserver17km.club/socks777amx.exe
  150. url http://199.58.81.140/tor/status-vote/current/consensus
  151. url http://51.75.254.12/tor/server/fp/2c064760aa6657e2c575dd897c2588b170a3ff12
  152. url http://5.101.191.51:2012/websocket
  153. url http://81.16.33.31/tor/server/fp/b028707969d8ed84e6dea597a884f78aad471971
  154. url http://ip-api.com/json/
  155. url http://178.17.170.196/tor/server/fp/f812de36057fdadf73a16ae701051162ef6f9b4b
  156. url http://23.140.160.28/tor/server/fp/74c0c2705db1192c03f19f7cd1bb234843b1a81f
  157. url http://23.129.64.194/tor/server/fp/def3365f1c012f80e56877b5ef05ce72bdeb0ccc
  158. url http://145.239.91.37/tor/server/fp/67cdf7a4d06e98e55aae595bbebf38e64c4ccbf3
  159. url http://81.22.255.146/tor/server/fp/275ea42562624713b8b89a8f1557796c5f2aa24b
  160. url http://23.129.64.208/tor/server/fp/f46854edaccd16828feaafc6c6eddc07ddf04411
  161. url http://66.146.193.33/tor/server/fp/2bd1936e0b4d5bb615cf99b0cff74eaf19426888
  162. url http://195.154.181.146/tor/server/fp/50f6216ad70e26b9fe70808380a1754bdf3dd0e5
  163. url http://91.203.144.194/tor/server/fp/d4fbe51bc35c3921f31b6e561fd8c07bc56f9d71
  164. url http://163.172.216.178/tor/server/fp/bef65d2ca651b5e484bb0e3da31dd192935feb1e
  165. url http://138.186.143.9/tor/server/fp/4a931c5ee3a0e7f0a85499ec12ca29b4ab0eb54e
  166. url http://199.249.230.68/tor/server/fp/d3b72ada2f3eeda2ba98f645d620ca1c4060aaf4
  167. url http://139.99.123.88/tor/server/fp/47f9d1e0155089917ffa734ef759089326c3761a
  168. url http://147.135.209.234/tor/server/fp/0c25d1ce83b754c4a5a1c3fc1c21e255aec5d764
  169. url http://82.221.131.102/tor/server/fp/cf97b121e511b80125ed8dff27ca403a480cb20a
  170. url http://176.231.138.35/tor/server/fp/348b89013eddd99e4755951d1ec284d9fed71226
  171. url http://46.101.183.160/tor/server/fp/742091486d04734c57d97bcefb53d22ed0b77881
  172. url http://199.249.230.75/tor/server/fp/491db4d216c754008bdbda151547ff38154d1411
  173. url http://95.142.161.63/tor/server/fp/18f34ae6567f5fb081c4353d5eda5cee155810c4
  174. url http://192.42.116.15/tor/server/fp/b27cf1dceecd50f7992b07d720d7f6bf0edf9d40
  175. url http://176.10.99.210/tor/server/fp/5095b68c0033abefa0b5eaa637ceb6ee13c230f0
  176. url http://185.2.43.87/tor/server/fp/4e62ca2a3d579c93c1c09c346ef2ef7fcfeb5664
  177. url http://217.79.178.60/tor/server/fp/f172d77c65683c70d3f6eb293ae109b9aa5efad0
  178. url http://193.111.115.210/tor/server/fp/05a59bb0c71c4b4db08d97618a3a93652090f1d3
  179. url http://149.202.238.204/tor/server/fp/2f9afde43dc8e3f05803304c01bd3dbf329169ac
  180. url http://202.157.177.224/tor/server/fp/5b537bf086315a56730068f3a79215d8870ec746
  181. url http://188.120.234.26/tor/server/fp/84abf6381fd0f96b882764f176b85980ebc31fe1
  182. url http://185.185.26.138/tor/server/fp/a52264f4dffc2fc2dee714908d8138bd0e46a882
  183. url http://145.239.7.168/tor/server/fp/c699f40b3344d34d3c596791a7ebc67e41c62a0b
  184. url http://50.7.74.171/tor/server/fp/56784608242cb15b70ed6cbb8f40eea3b62af69e
  185. url http://50.7.74.172/tor/server/fp/2b88aad2e601e56e5eae82bec38aab0ca6ef2283
  186. url http://54.37.73.76/tor/server/fp/5d263037fc175596b3a344132b0b755eb8fb1d1c
  187. url http://185.177.151.42/tor/server/fp/1f616efae7d4569604372ef960ce27bcc89060a4
  188. url http://23.129.64.184/tor/server/fp/d64537420c6d1799b9ebc937bed9511bf7aab97c
  189. url http://51.15.34.135/tor/server/fp/06d77e461c9814243da2c6145544d5bb3b46b52e
RAW Paste Data