API tools faq
paste
Advertisement
VRad

#smokeloader_260124

VRad
Jan 29th, 2024 (edited)
191
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.52 KB | None | 0 0
raw download clone embed print report
  1. #IOC #OptiData #VR #smokeloader #signed #7z #exe
  2.  
  3. https://pastebin.com/WYsm7Jyk
  4.  
  5. previous_contact:
  6. https://pastebin.com/UfW73LSg
  7. https://pastebin.com/e46KzBWE
  8. https://pastebin.com/xEwN5JPc
  9. https://pastebin.com/GMwv38g4
  10. https://pastebin.com/DgFvarG0
  11. https://pastebin.com/AayUSaXq
  12.  
  13. FAQ:
  14. https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader
  15. https://radetskiy.wordpress.com/2018/10/19/ioc_smokeloader_111018/
  16.  
  17. attack_vector
  18. --------------
  19. email attach .7z (PWD) > exe1 and exe2 > C2
  20.  
  21. # # # # # # # #
  22. email_headers
  23. # # # # # # # #
  24. Date: Fri, 26 Jan 2024 08:41:23 +0000
  25. Subject: Fw: Рахунок (канц. товари)
  26. From: Компанiя Папiрус <jwilson@spmcotx_com>
  27. Received: from mail_dlkpc_com (47_190_39_223)
  28. Reply-To: "umaoda@meta_ua" <umaoda@meta_ua>
  29. Message-ID: <wri6p0i-zambac-06@spmcotx_com>
  30.  
  31. # # # # # # # #
  32. files
  33. # # # # # # # #
  34. SHA-256 297d5a2231d9dedf998db29e402cd71dd775eba3073b50f7cca0d21f0365bb2d
  35. File name Рахунок_ПУ19_10958_та_Договiр_11224.7z [7-zip archive, v 0.4] !PWD
  36. File size 176.66 KB (180896 bytes)
  37.  
  38. SHA-256 4841be428d00d29ab878fda23850d948bc2d12eefb31621c0272e301d95bbc7f
  39. File name ДОГОВIР_ПОСТАВКА_11224_Вiд_12_01_2024p.PDF.exe [PE32 executable] !Smokeloader
  40. File size 344.59 KB (352864 bytes)
  41.  
  42. SHA-256 6a684f04b6dc6ed0ca2bc55dec214e78c664aa18ee412fd290e6d543866115a9
  43. File name Ранунок_фактура_вiд_23_01_2024р_UA35...PDF.exe [PE32 executable] !Smokeloader
  44. File size 344.59 KB (352864 bytes)
  45.  
  46. # # # # # # # #
  47. activity
  48. # # # # # # # #
  49.  
  50. PL_SCR email_attach
  51.  
  52. C2 kitfishstore_ru /index.php
  53. homemademagazine_ru /index.php
  54.  
  55. netwrk
  56. --------------
  57. n/a
  58.  
  59. comp
  60. --------------
  61. n/a
  62.  
  63. proc
  64. --------------
  65. C:\Users\operator\Desktop\ДОГОВIР_ПОСТАВКА_11224_Вiд_12_01_2024p.PDF.exe
  66.  
  67. persist
  68. --------------
  69. n/a
  70.  
  71. drop
  72. --------------
  73. n/a
  74.  
  75. # # # # # # # #
  76. additional info
  77. # # # # # # # #
  78. {
  79. "Version": 2022,
  80. "C2 list":
  81. kitfishstore_ru /index.php,
  82. homemademagazine_ru /index.php
  83. }
  84. # # # # # # # #
  85. VT & Intezer
  86. # # # # # # # #
  87. https://www.virustotal.com/gui/file/297d5a2231d9dedf998db29e402cd71dd775eba3073b50f7cca0d21f0365bb2d/details
  88. https://www.virustotal.com/gui/file/4841be428d00d29ab878fda23850d948bc2d12eefb31621c0272e301d95bbc7f/details
  89. https://www.virustotal.com/gui/file/6a684f04b6dc6ed0ca2bc55dec214e78c664aa18ee412fd290e6d543866115a9/details
  90.  
  91. VR
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!