Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2019-10-11
- #Malvertising -> #RIGEK -> #Smokeloader
- #NEMTY v1.6(#Ransomware) & #Quasar &MedusaHTTP &
- [Example Payload]
- https://app.any.run/tasks/d662c74a-17dc-4902-bb11-cc93cfb0886f
- /crot777amx.exe -> Quasar
- https://app.any.run/tasks/7bcf758a-788a-4c3d-8ac1-aa8a76385785
- /elin.exe -> NEMTY v1.6
- https://app.any.run/tasks/3344da77-b7b9-4014-b74d-dd302c64c80c
- /socks777amx.exe -> MedusaHTTP
- https://app.any.run/tasks/972e4047-7e70-49eb-a185-8c5328c104ad
- /sky/new/dos777.exe -> MedusaHTTP
- https://app.any.run/tasks/63994f2a-c9cc-402a-8b5e-3a020fa1c72e
- /chapo/chapo777.exe -> Unknown(Tor)
- https://app.any.run/tasks/943eade4-da22-4041-a72a-3a078539ff67
- [Comment]
- /bro111.exe
- /chapo/chapo777.exe
- /crot777amx.exe
- /crot777mx.dll
- /dan777.exe
- /dmx777amx.exe
- /dor.exe
- /elin.exe
- /evi111.exe
- /evi999.exe
- /gab.exe
- /greem.exe
- /guc.exe
- /hit777.exe
- /hrd777.exe
- /isb777amx.exe
- /kam.exe
- /pak.exe
- /pak444.exe
- /pred777amx.exe
- /relax/pred999.exe
- /skd.exe
- /sky/dmx777.exe
- /sky/new/dos777.exe
- /socks777amx.exe
- /tap.exe
- /vnc777.exe
- /vodka.exe
- and more payload ...
- [memo]
- https://app.any.run/tasks/ab06872e-7e84-4b11-b161-b15e1a1e936c
- ===========================================================================================================
- Main object- "lck3dhrk.exe"
- sha256 1be738710027bd65b5a54d085d3905faa4dcd476f5198838c3cbdb6c9a6e435c
- sha1 1bc7d2fba7fd771e99fe44f9dddffce226d0f433
- md5 978fe8d21f6e7f78397c5a950d1ef034
- Dropped executable file
- sha256 C:\Users\admin\AppData\Roaming\fthtujv 1be738710027bd65b5a54d085d3905faa4dcd476f5198838c3cbdb6c9a6e435c
- sha256 C:\Users\admin\AppData\Local\Temp\B042.tmp.exe 809c1cba2bd47ada9f1db0f64220cf01a87fdf7d3e1947382e1623bcb1c2ec5b
- sha256 C:\Users\admin\AppData\Local\Temp\D47F.tmp 3a98d10a2792713d8368920cb139323aae576bee3ca70f5ab23f91af4f2bb244
- sha256 C:\Users\admin\AppData\Roaming\local\MicrosoftVisualBasicVsa.dll 8f1965758f46265104ee27a855ead8cf3b37a3408f55e4fcbc6221dd47229f0e
- sha256 C:\Users\admin\AppData\Local\Temp\nswB8FD.tmp\System.dll 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- sha256 C:\Users\admin\AppData\Local\Temp\nswB8FD.tmp\BgImage.dll e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04
- DNS requests
- domain csdstat14tp.world
- domain advertpage75.com
- domain api.db-ip.com
- domain api.ipify.org
- domain cdnshop78.world
- domain bbouble.xyz
- domain vulcan-stars.club
- domain nemty.hk
- Connections
- ip 45.11.19.102
- ip 198.23.141.107
- ip 107.22.193.167
- ip 5.45.127.135
- ip 192.35.177.64
- ip 82.146.39.206
- ip 185.136.168.132
- ip 104.25.2.33
- ip 104.18.61.30
- ip 198.23.202.49
- HTTP/HTTPS requests
- url http://advertpage75.com/serverstat315/
- url http://api.ipify.org/
- url http://api.db-ip.com/v2/free/104.218.63.76/countryName
- url http://cdnshop78.world/forums/members/api.jsp
- url http://198.23.202.49/sky/new/dos777.exe
- url http://csdstat14tp.world/elin.exe
- url http://5.45.127.135:2012/websocket
- url http://csdstat14tp.world/sky/new/dos777.exe
- url http://csdstat14tp.world/socks777amx.exe
- url http://csdstat14tp.world/chapo/chapo777.exe
- url http://csdstat14tp.world/crot777amx.exe
Add Comment
Please, Sign In to add comment