API tools faq
paste
Advertisement
KGN

2019/10/19 RIG EK -> Smokeloader and more

KGN
Oct 19th, 2019
852
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.47 KB | None | 0 0
raw download clone embed print report
  1. 2019-10-19
  2. #RIGEK -> #Smokeloader -> #Raccoon & #Amadey -> #Lazagne
  3.  
  4. [Example Traffic]
  5. https://app.any.run/tasks/80750e99-21d6-4fd4-b245-0312fa3908ab/
  6. https://app.any.run/tasks/ab2cf2d4-2611-48b5-9799-8d6198e9c936/
  7. https://app.any.run/tasks/979deccb-e5c5-468a-a932-88c0efa2bc81
  8.  
  9. ================================================================================
  10. Main object- "rad94943.tmp.exe"
  11. sha256 5afa8a59daa912491e08dfbb774d68f3880df9a01ebf247b0c555b3c1a3433d1
  12. sha1 06860a80d5898b8220c9b3445a89af9684c10913
  13. md5 7e2b5557b2fd7500a07b8ed7b180a544
  14. Dropped executable file
  15. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\prldap60.dll 46b005817868f91cf60baa052ee96436fc6194ce9a61e93260df5037cdfa37a5
  16. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\AccessibleMarshal.dll d368eb240106f87188c4f2ae30db793a2d250d9344f0e0267d4f6a58e68152ad
  17. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\AccessibleHandler.dll a1a2bb03a7cfcea8944845a8fc12974482f44b44fd20be73298ffd630f65d8d0
  18. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\breakpadinjector.dll 87ed943d2f06d9ca8824789405b412e770fe84454950ec7e96105f756d858e52
  19. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\ucrtbase.dll 0bb8c77de80acf9c43de59a8fd75e611cc3eb8200c69f11e94389e8af2ceb7a9
  20. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\vcruntime140.dll c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d
  21. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\softokn3.dll 25a4dae37120426ab060ebb39b7030b3e7c1093cc34b0877f223b6843b651871
  22. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\nssdbm3.dll be3987a6cd970ff570a916774eb3d4e1edce675e70edac1baf5e2104685610b0
  23. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\qipcap.dll 7a589024cf0eeb59f020f91be4fe7ee0c90694c92918a467d5277574ac25a5a2
  24. sha256 C:\Users\admin\AppData\Roaming\fthtujv 5afa8a59daa912491e08dfbb774d68f3880df9a01ebf247b0c555b3c1a3433d1
  25. sha256 C:\Users\admin\AppData\Local\Temp\sqlite3.dll 83bc57dcf282264f2b00c21ce0339eac20fcb7401f7c5472c0cd0c014844e5f7
  26. sha256 C:\Users\admin\AppData\Roaming\ActiveX\ciaqefovusylp.exe 0db61319b408a6771057b6a07037e0fb73ee8f247ca7b77098e59c1e0a60c294
  27. sha256 C:\Users\admin\AppData\Roaming\ActiveX\manager.exe 5c7f5813142029aa1a1326ebef5b7664ab93e0c6bb40cbb40bf9146556a783f3
  28. sha256 C:\Users\admin\AppData\Local\Temp\D47F.tmp 3a98d10a2792713d8368920cb139323aae576bee3ca70f5ab23f91af4f2bb244
  29. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\freebl3.dll 9876c53134dbbec4dcca67581f53638eba3fea3a15491aa3cf2526b71032da97
  30. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-memory-l1-1-0.dll bb33a9e906a5863043753c44f6f8165afe4d5edb7e55efa4c7e6e1ed90778eca
  31. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\IA2Marshal.dll 621f38bd19f62c9ce6826d492ecdf710c00bbdcf1fb4e4815883f29f1431dfda
  32. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\lgpllibs.dll 7f93b70257d966ea1c1a6038892b19e8360aadd8e8ae58e75ebb0697b9ea8786
  33. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\libEGL.dll 7b9fc6be34f43d39471c2add872d5b4350853db11cc66a323ef9e0c231542fb9
  34. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\ldif60.dll 3aabbe0aa86ce8a91e5c49b7de577af73b9889d7f03af919f17f3f315a879b0f
  35. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\ldap60.dll 2b128b3702f8509f35cad0d657c9a00f0487b93d70336df229f8588fba6ba926
  36. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\MapiProxy_InUse.dll bcfb0e397df40aba8c8c5dd23c13c414345decdd3d4b2df946226be97defbf30
  37. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\mozMapi32.dll 06ef2010b738fbe99bcdebbf162473a4ee090678bb6862eeb0d4c7a8c3f225bb
  38. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\mozglue.dll a0c6630d4012ae0311ff40f4f06911bcf1a23f7a4762ce219b8dffa012d188cc
  39. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\msvcp140.dll 334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4
  40. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\nss3.dll 1989526553fd1e1e49b0fea8036822ca062d3d39c4cab4a37846173d0f1753d5
  41. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-rtlsupport-l1-1-0.dll 2257fea1e71f7058439b3727ed68ef048bd91dcacd64762eb5c64a9d49df0b57
  42. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-profile-l1-1-0.dll 8eb5270fa99069709c846db38be743a1a80a42aa1a88776131f79e1d07cc411c
  43. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-processthreads-l1-1-0.dll 9dab884071b1f7d7a167f9bec94ba2bee875e3365603fa29b31de286c6a97a1d
  44. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-processthreads-l1-1-1.dll 91eeb842973495deb98cef0377240d2f9c3d370ac4cf513fd215857e9f265a6a
  45. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-multibyte-l1-1-0.dll 66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735
  46. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-filesystem-l1-1-0.dll 7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2
  47. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-environment-l1-1-0.dll c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382
  48. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-locale-l1-1-0.dll 565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33
  49. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-math-l1-1-0.dll bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed
  50. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-sysinfo-l1-1-0.dll 4b704b36e1672ae02e697efd1bf46f11b42d776550ba34a90cd189f6c5c61f92
  51. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-string-l1-1-0.dll 7670fdede524a485c13b11a7c878015e9b0d441b7d8eb15ca675ad6b9c9a7311
  52. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-timezone-l1-1-0.dll 24c9aa0b70e557a49dac159c825a013a71a190df5e7a837bfa047a06bba59eca
  53. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-private-l1-1-0.dll 65ded8d2ce159b2f5569f55b2caf0e2c90f3694bd88c89de790a15a49d8386b9
  54. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-synch-l1-2-0.dll 30d99ce1d732f6c9cf82671e1d9088aa94e720382066b79175e2d16778a3dad1
  55. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-util-l1-1-0.dll f7d450a0f59151bcefb98d20fcae35f76029df57138002db5651d1b6a33adc86
  56. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-synch-l1-1-0.dll 5dd4ccd63e6ed07ca3987ab5634ca4207d69c47c2544dfefc41935617652820f
  57. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-convert-l1-1-0.dll 3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1
  58. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\nssckbi.dll 2481da1c459a2429a933d19ad6ae514bd2ae59818246ddb67b0ef44146ced3d8
  59. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-processenvironment-l1-1-0.dll 96898930ffb338da45497be019ae1adcd63c5851141169d3023e53ce4c7a483e
  60. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-conio-l1-1-0.dll 9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2
  61. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-namedpipe-l1-1-0.dll c4f60f911068ab6d7f578d449ba7b5b9969f08fc683fd0ce8e2705bbf061f507
  62. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-heap-l1-1-0.dll f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d
  63. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-utility-l1-1-0.dll a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0
  64. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-file-l2-1-0.dll c85dc081b1964b77d289aac43cc64746e7b141d036f248a731601eb98f827719
  65. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-time-l1-1-0.dll 69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d
  66. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-string-l1-1-0.dll 73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c
  67. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-stdio-l1-1-0.dll b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7
  68. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-process-l1-1-0.dll c03124ba691b187917ba79078c66e12cbf5387a3741203070ba23980aa471e8b
  69. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-crt-runtime-l1-1-0.dll c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b
  70. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-file-l1-2-0.dll c8c499b012d0d63b7afc8b4ca42d6d996b2fcf2e8b5f94cacfbec9e6f33e8a03
  71. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-handle-l1-1-0.dll 945cc64ee04b1964c1f9fcdc3124dd83973d332f5cfb696cdf128ca5c4cbd0e5
  72. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-heap-l1-1-0.dll 44f6df4280c8ecc9c6e609b1a4bfee041332d337d84679cfe0d6678ce8f2998a
  73. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-libraryloader-l1-1-0.dll bb25ccf8694d1fcfce85a7159dcf6985fdb54728d29b021cb3d14242f65909ce
  74. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-localization-l1-2-0.dll 03ad57c24ff2cf895b5f533f0ecbd10266fd8634c6b9053cc9cb33b814ad5d97
  75. sha256 C:\Users\admin\AppData\Local\Temp\AdLibs\api-ms-win-core-interlocked-l1-1-0.dll deccd75fc3fc2bb31338b6fe26deffbd7914c6cd6a907e76fd4931b7d141718c
  76. DNS requests
  77. domain advertpage75.com
  78. domain cmailserv19fd.club
  79. domain drive.google.com
  80. domain doc-0o-a0-docs.googleusercontent.com
  81. Connections
  82. ip 45.12.32.252
  83. ip 172.107.2.143
  84. ip 45.11.19.102
  85. ip 108.177.103.101
  86. ip 173.194.70.132
  87. ip 35.228.79.212
  88. HTTP/HTTPS requests
  89. url http://advertpage75.com/serverstat315/
  90. url http://cmailserv19fd.club/slot.exe
  91. url http://45.12.32.252:8080/api/update/YzE0MTY2MGIxZWQ5YzJkMDNmMjQ4MDM0Y2RlZWI2MWM1OTEzYWJmZTIwYWE1OWNjZDFlZjM2ZmZjODViNmVjNTBjNTIyZjY5YjM1MTJiMTc2NzBlNTQwOWFjMWZiZjViZTAzNzdkNWM2NDkxOGE4ZDUwYTMxZjU5ODIzY2QxNTQyMmNkODQxNzdmMDY5Y2U2NGRiOTMwNThlMWJhMWRmMTVkNDRjNTVhNTc0ZDgwMmE0OWUwZTI0ZDA4ZDdkMzQ0Yjg3ODNmNTRjMDVkNGQ0ZGIyMDY2NmVmMmEwYzg4MmFmMGQwYWVjZjQ3ZjQ1M2M3NDIwMGJlMTAyMDNmODY3N2Q2Y2UyZmJhZmEyYTQxMzBhZWRiNmY0ZjI2ZjFjZmI4MTQwMTFmZDY0NGUzNzI5YWUwNWM0Mjc1MmE1Zg==
  92. url http://45.12.32.252:8080/api/download/YzE0MTY2MGIxZWQ5YzJkMDNmMjQ4MDM0Y2RlZWI2MWM1OTEzYWJmZTIwYWE1OWNjZDFlZjM2ZmZjODViNmVjNTBjNTIyZjY5YjM1MTJiMTc2NzBlNTQwOWFjMWZiZjViZTAzNzdkNWM2NDkxOGE4ZDUwYTMxZjU5ODIzY2QxNTQyMmNkODYxMzJiNTI5Y2U3NDhhNTYyNThiNGVkMDlhNDBjNDI5NjQ2NWM0ZDgwN2IwNmUwZTYxZTU4ZDVkZDEwZTg3YzM4NThjNw==
  93. url http://35.228.79.212/gate/log.php
  94. url http://35.228.79.212/gate/libs.zip
  95. url http://35.228.79.212/gate/sqlite3.dll
  96. url http://35.228.79.212/file_handler/file.php?hash=337f21e404b7e4b239183a3c78e379f718e0cf66&js=09682f3862b4e300d87bf32e5b7e2d24268cf173&callback=http://35.228.79.212/gate
  97.  
  98. ================================================================================
  99. Main object- "slot.exe"
  100. sha256 5c7f5813142029aa1a1326ebef5b7664ab93e0c6bb40cbb40bf9146556a783f3
  101. sha1 630f7d9cbbb0af1a0d90502bc4be4dbc32b458de
  102. md5 f267d07c82912e0222666aa2cdc4cbee
  103. Dropped executable file
  104. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\_ssl.pyd ae14e8d2ac9adbbb1c1d2a8001a017ba577663322fe7606c22bc0081d2764bc9
  105. sha256 C:\Users\admin\AppData\Roaming\ActiveX\xofiilapeszoad.exe fa03446b6e232801544f3b86597317f7931d0a8f5c620ed500c4d9cf6f2ec03b
  106. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\r[1].exe 5860aa99f2728d1fe095387575f210cea1ca41a4a1c1d12f276ea7784413c186
  107. sha256 C:\Users\admin\AppData\Local\Temp\file.exe 243130ffeed495f03352ee97b3718f9d5ffc17678f25d518f7d34c5c3ee5df20
  108. sha256 C:\ProgramData\f62a297bb5\usbmon.exe c506d218de6ee351bc9b7b94b41364ec15a2989d28fcc0787b205a15ad8c8f8f
  109. sha256 C:\Users\admin\AppData\Local\Temp\l.exe 7d1ebf05a0fc52a3ef804d0e1c4fc094aed2bd8b4c07839679a9b86f269e1a68
  110. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\_ctypes.pyd 030bf1aaff316dfbb1b424d91b1340b331c2e38f3e874ae532284c6170d93e7e
  111. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\_elementtree.pyd 455ba3fecaa17f3e382f47bd9e9c6e3133a7f0fd0056fcbb4cfae5913c044e9b
  112. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\_socket.pyd 36a7dd2596598916384044b680d62fc7369d246703a57178c27c74214a78585f
  113. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\_hashlib.pyd 8dceafaaec28740385b1cb8cf2655db68ecf2e561053bfe494795019542491e4
  114. sha256 C:\Users\admin\AppData\Roaming\ActiveX\manager.exe 5c7f5813142029aa1a1326ebef5b7664ab93e0c6bb40cbb40bf9146556a783f3
  115. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\_sqlite3.pyd b355041828e249b476d198f5b245b89a32e1a857f401f137e768e6e2f8b5f687
  116. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\bz2.pyd d99399bd6ca916c0490af907fb06530839d0797b18a997ed5c091393fc2292f8
  117. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\msvcm90.dll 636e12fea8c47ea528dba48827ac51a2e98b2ef0864854c9375b8170555c0a6e
  118. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\msvcp100.dll b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
  119. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\msvcp90.dll 45cb405589c92bf74c47b7c90e299a5732a99403c51f301a5b60579caf3116e7
  120. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\msvcr100.dll 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
  121. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\msvcr90.dll ae163388201ef2f119e11265586e7da32c6e5b348e0cc32e3f72e21ebfd0843b
  122. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\pyexpat.pyd f5bdabbc4b7396d0836b0c7e6908a73a33650d503d7a89f2b8357f9e8f371171
  123. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\python27.dll 65a063a0b44746f382e9669563b29f4ae66b7bf3416c7fa5879a06b70ea9bb40
  124. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\pywintypes27.dll 6758a9c2b31be12bdc2a880529b76b5136df15a9ec62e4b5fdc6c00491f1008e
  125. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\select.pyd 83b5c76d938bc50e58c851d56ef8cbc1001d2e81a1e1f8f5dfed2245244c1472
  126. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\sqlite3.dll d3abe5d3d99ec9c9f570a31a0d2d6efaa6ad18b926b80d9126a73b6f2d21a38e
  127. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\win32pipe.pyd ff2eb92d492c38054117c103c232385b97961776948c6f3b64f3c86c62ee3d08
  128. sha256 C:\Users\admin\AppData\Local\Temp\_MEI17322\unicodedata.pyd 061926aeaaf4f7e0212552cd4bb5d6af0e8607ec77f6eb836b6612ab86645ac9
  129. DNS requests
  130. domain go-refund.com
  131. domain vip-rocket.net
  132. Connections
  133. ip 45.12.32.252
  134. ip 31.31.196.138
  135. ip 80.78.240.203
  136. HTTP/HTTPS requests
  137. url http://45.12.32.252:8080/api/update/YzE0MTY2MGIxZWQ5YzJkMDNmMjQ4MDM0Y2RlZWI2MWM1OTEzYWJmZTIwYWE1OWNjZDFlZjM2ZmZjODViNmVjNTBjNTIyZjY5YjM1MTJiMTc2NzBlNTQwOWFjMWZiZjViZTAzNzdkNWM2NDkxOGE4ZDUwYTMxZjU5ODIzY2QxNTQyMmNkODQxNzdmMDY5Y2U2NGRiOTMwNThlMWJhMWRmMTVkNDRjNTVhNTc0ZDgwMmE0OWUwZTI0ZDA4ZDdkMzQ0Yjg3ODNmNTRjMDVkNGQ0ZGIyMDY2NmVmMmEwYzg4MmFmMGQwYWVjZjQ3ZjQ1M2M3NDIwMGJlMTAyMDNmODY3N2Q2Y2UyZmJhZmEyYTQxMzBhZWRiNmY0ZjI2ZjFjZmI4MTQwMTFmZDY0NGUzNzI5YWUwNWM0Mjc1MmE1Zg==
  138. url http://45.12.32.252:8080/api/download/YzE0MTY2MGIxZWQ5YzJkMDNmMjQ4MDM0Y2RlZWI2MWM1OTEzYWJmZTIwYWE1OWNjZDFlZjM2ZmZjODViNmVjNTBjNTIyZjY5YjM1MTJiMTc2NzBlNTQwOWFjMWZiZjViZTAzNzdkNWM2NDkxOGE4ZDUwYTMxZjU5ODIzY2QxNTQyMmM4ZDMxODJhNTdjNmVmMWZhNTM3MGViMGJmMDlhNDBhMTE5NDQ2MDU0ZDhmMmIwNmU0ZTE0MTA5ZDFkMzQyZWEyMDZlNWU5MQ==
  139. url http://go-refund.com/t1QccbN2/index.php
  140. url http://vip-rocket.net/file.exe
  141. url http://vip-rocket.net/r.exe
  142. url http://80.78.240.203/v.dat
  143. url http://80.78.240.203/te.php
  144. url http://80.78.240.203/z.dat
  145.  
  146. ================================================================================
  147. Main object- "file.exe"
  148. sha256 243130ffeed495f03352ee97b3718f9d5ffc17678f25d518f7d34c5c3ee5df20
  149. sha1 a8390e57737b87d84a520dd366837a4e378a30b4
  150. md5 c7b7cf3f00c7848161c3840c006b891a
  151. Dropped executable file
  152. sha256 C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe 243130ffeed495f03352ee97b3718f9d5ffc17678f25d518f7d34c5c3ee5df20
  153. sha256 C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\usbmon.exe c506d218de6ee351bc9b7b94b41364ec15a2989d28fcc0787b205a15ad8c8f8f
  154. sha256 C:\Users\admin\AppData\Local\Temp\l.exe 7d1ebf05a0fc52a3ef804d0e1c4fc094aed2bd8b4c07839679a9b86f269e1a68
  155. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\_ctypes.pyd 030bf1aaff316dfbb1b424d91b1340b331c2e38f3e874ae532284c6170d93e7e
  156. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\_elementtree.pyd 455ba3fecaa17f3e382f47bd9e9c6e3133a7f0fd0056fcbb4cfae5913c044e9b
  157. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\_socket.pyd 36a7dd2596598916384044b680d62fc7369d246703a57178c27c74214a78585f
  158. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\_hashlib.pyd 8dceafaaec28740385b1cb8cf2655db68ecf2e561053bfe494795019542491e4
  159. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\_sqlite3.pyd b355041828e249b476d198f5b245b89a32e1a857f401f137e768e6e2f8b5f687
  160. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\_ssl.pyd ae14e8d2ac9adbbb1c1d2a8001a017ba577663322fe7606c22bc0081d2764bc9
  161. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\bz2.pyd d99399bd6ca916c0490af907fb06530839d0797b18a997ed5c091393fc2292f8
  162. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\msvcm90.dll 636e12fea8c47ea528dba48827ac51a2e98b2ef0864854c9375b8170555c0a6e
  163. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\msvcp100.dll b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
  164. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\msvcp90.dll 45cb405589c92bf74c47b7c90e299a5732a99403c51f301a5b60579caf3116e7
  165. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\msvcr100.dll 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
  166. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\msvcr90.dll ae163388201ef2f119e11265586e7da32c6e5b348e0cc32e3f72e21ebfd0843b
  167. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\pyexpat.pyd f5bdabbc4b7396d0836b0c7e6908a73a33650d503d7a89f2b8357f9e8f371171
  168. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\python27.dll 65a063a0b44746f382e9669563b29f4ae66b7bf3416c7fa5879a06b70ea9bb40
  169. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\pywintypes27.dll 6758a9c2b31be12bdc2a880529b76b5136df15a9ec62e4b5fdc6c00491f1008e
  170. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\select.pyd 83b5c76d938bc50e58c851d56ef8cbc1001d2e81a1e1f8f5dfed2245244c1472
  171. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\sqlite3.dll d3abe5d3d99ec9c9f570a31a0d2d6efaa6ad18b926b80d9126a73b6f2d21a38e
  172. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\win32pipe.pyd ff2eb92d492c38054117c103c232385b97961776948c6f3b64f3c86c62ee3d08
  173. sha256 C:\Users\admin\AppData\Local\Temp\_MEI14322\unicodedata.pyd 061926aeaaf4f7e0212552cd4bb5d6af0e8607ec77f6eb836b6612ab86645ac9
  174. Connections
  175. ip 80.78.240.203
  176. HTTP/HTTPS requests
  177. url http://80.78.240.203/z.dat
  178. url http://80.78.240.203/v.dat
  179. url http://80.78.240.203/a00a.php?id=admin-USER-PC-2094653670
  180. url http://80.78.240.203/te.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!