2019/09/15 RIG EK -> Smokeloader -> Crysis & Predator & Quas

1. 2019/09/15 RIG EK -> Smokeloader -> Crysis & Predator & Quasar
2.  
3. https://app.any.run/tasks/a80110b0-902e-4da6-a05e-bd5d9aef82a8
4.  
5. Main object- "bbkbw6ut.exe"
6. sha256 a8c762168fd6db06cdc7410aaf553ac930d9466c119ae366026aafb912b0e0ca
7. sha1 3c1b650b87a9fc74c300f6438f6c7cbd69f93910
8. md5 2f2c2135f0daca933598d406324acb9e
9. Dropped executable file
10. sha256 C:\Users\admin\AppData\Roaming\fthtujv a8c762168fd6db06cdc7410aaf553ac930d9466c119ae366026aafb912b0e0ca
11. sha256 C:\Users\admin\AppData\Local\Temp\6CB.tmp.exe 12a607dff06d89c142790c0130801303511793750d0f18c084b0b800c89e36d5
12. sha256 C:\Users\admin\AppData\Local\Temp\1F74.tmp.exe 543c0f2d14c4fc5b4599889d5dcb547c6adebcbfaef27b8e63b30ff9cc9995b5
13. sha256 C:\Users\admin\AppData\Local\Temp\4741.tmp.exe 8dbb1b972bc40e15daadc42428a5a19963c7d9b64d41e0775b2f1bc5aa505332
14. sha256 C:\Users\admin\AppData\Local\Temp\D47F.tmp 3a98d10a2792713d8368920cb139323aae576bee3ca70f5ab23f91af4f2bb244
15. DNS requests
16. domain advertserv25.world
17. domain advexmail23mn.world
18. domain mailadvert5917dx.world
19. Connections
20. ip 5.9.26.115
21. ip 185.25.50.148
22. ip 119.207.64.137
23. ip 185.25.50.163
24. ip 195.201.161.25
25. HTTP/HTTPS requests
26. url http://advertserv25.world/logstatx77/
27. url http://mailadvert5917dx.world/sky/dmx27km.exe
28. url http://mailadvert5917dx.world/mp444tx.exe
29. url http://195.201.161.25:2012/websocket
30. url http://mailadvert5917dx.world/sky/pred37sd.exe
31. url http://advexmail23mn.world/api/check.get