Mirrors
/
Gi7w0rm-MalwareConfigLists
mirror of https://github.com/Gi7w0rm/MalwareConfigLists
10
0
Fork 0
Code Issues Releases Wiki Activity

Create SmokeLoader_20_04_2023_DE.txt

This commit is contained in:
Gi7w0rm 2023-04-21 01:29:34 +02:00 committed by GitHub
parent e2bfcd7944
commit 6ec6c56571
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 74 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
SmokeLoader/SmokeLoader_20_04_2023_DE.txt Normal file
View File

@ -0,0 +1,74 @@
###################################################################################################
SmokeLoader C2 URLs:
http://hoh0aeghwugh2gie.com/
http://aek0aicifaloh1yo.com/
http://hie7doodohpae4na.com/
http://wa5zu7sekai8xeih.com/
http://alpatrik.com/
http://host-file-host6.com/
http://yic0oosaeiy7ahng.com/
http://cletonmy.com/
http://aapu.at/tmp/
http://kingpirate.ru/tmp/
http://firsttrusteedrx.ru/tmp/
http://potunulit.org/
###################################################################################################
SmokeLoader additional distribution:
https://leaderspro.ps/tmp/index.php -> SmokeLoader Spreader (pub1)
http://79.137.194.41/s.exe -> SmokeLoader (sprg)
http://hugersi.com/dl/6523.exe -> SmokeLoader
http://respekt5569.com/downloads/toolspub1.exe -> SmokeLoader pub1
###################################################################################################
Payloads:
http://h168476.srv22.test-hf.su/114.exe -> Google/YouTube Stealer: https://tria.ge/230419-tgx5gade8z/behavioral2 (The same as spread via Raccoon?) + 2x RedLine: C2 1 = 45.77.166.103:37904 (Botnet: kyotranbot) & C2 2 = 178.32.215.165:9203 (Botnet: LogsDiller Cloud (Buy Sub: @logsdillabot)) + Pastebin: https://pastebin.com/raw/aCZb2pjR used for Unknown Clipper: http://185.159.129.168/clpr/OWUsN2UsODMsOWIsOWUsODIsOTAsOTEsNjQsN2Ys
https://transfer.sh/get/KgDWVh/34554.exe -> RedLine (Botnet: care4art) C2: 103.173.229.190:18740 + XWorm -> C2: 149.102.231.91:5000
-> http://pastebin.com/raw/aCZb2pjR
Clipper: http://185.159.130.81/clpr/OWUsN2UsODMsOWIsOWUsODIsOTAsOTEsNjQsN2Ys + Unknown YouTube Stealer + Something from: http://5.75.169.249/Client.jpg
http://colisumy.com/dl/buildz.exe ->
djvu Ransomware:
http://colisumy.com/dl/build2.exe -> http://zexeq.com/raud/get.php?pid=C896C06CBBE00268A98E10D2B33685D3&first=true ->
http://zexeq.com/files/1/build3.exe
+ Vidar Stealer : C2 DeadDrop https://steamcommunity.com/profiles/76561199497218285 (C2: http://116.203.7.73)+ https://t.me/tg_duckworld (C2: http://116.203.15.24:80)
https://tria.ge/230420-l9rjdshb43/behavioral1
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe -> Raccoon Stealer C2: http://trastform.com + Key: c610d498a9c34173052f3f4fcea051af
https://charlslogin.com/out/msvc_x64_86.exe -> Loader C2: 195.201.81.165:21891 -> http://195.201.81.165/loadaddr -> http://195.201.81.165/scripts/ffmpg.bin -> Stealer with C2: http://195.201.81.165:27134/ (websocket) <- Identified as #NetDooka Framework: https://twitter.com/Gi7w0rm/status/1649005498069401601 (View full thread) | https://tria.ge/230420-ml7q5sbc8z/behavioral2 + https://tria.ge/230420-mpceeabc9z/behavioral1
https://store1.gofile.io/download/02e69779-8bda-4464-9669-05fb0e8f9ae7/74.0.3729.108_chrome_installer.exe -> RedLine Stealer C2: 149.248.17.106:27825
https://transfer.sh/get/qKWLc1/install.exe -> RedLine Stealer (Botnet: @COSMICCLOUDADMIN) -> C2: 20.226.69.130:30497
http://179.43.155.247/cc.exe -> Rhadamanthys -> C2: http://179.43.142.201/img/favicon.png
http://45.9.74.80/power.exe -> Amadey -> C2: 77.73.134.27/n9kdjc3xSf/index.php -> XMRig + Fabookie -> C2: http://bz.bbbeioaag.com/sts/cimage.jpg -> https://tria.ge/230419-mvglbaaa56 + https://tria.ge/230419-m1ptwaaa68/behavioral2
https://www.jani.hu/upload/files/cheese_sDu.bat -> Amadey -> C2: http://specialblue.in/dF30Hn4m/index.php + http://specialblue.pm/dF30Hn4m/index.php
Additional:
http://specialblue.in/dF30Hn4m/Plugins/clip64.dll
http://specialblue.in/dF30Hn4m/Plugins/cred64.dll
https://nftsmean.com/pro2.exe -> RedLine (BotNet: hawkding002) -> C2: 155.94.235.246:17420
https://transfer.sh/get/vC3irg/31231.exe -> RedLine -> C2: 157.90.123.253:30113 + http://pastebin.com/raw/aCZb2pjR -> Clipper: http://185.159.130.81/clpr/OWUsN2UsODMsOWIsOWUsODIsOTAsOTEsNjQsN2Ys
http://45.138.74.247/shared/Ruzvelt.exe -> Vidar Stealer -> DeadDrops: https://steamcommunity.com/profiles/76561199494593681 + https://t.me/auftriebs -> C2s: http://116.202.6.237 + http://195.201.44.70:80 -> https://tria.ge/230420-spd6wsaf77/behavioral2
###################################################################################################
Payloads (down/not executed)
https://oshi.at/XjYU -> Down at time of Triage Scan
https://bit.ly/3LcCfT6 -> down at time of triage scan
https://transfer.sh/get/7RISXd/JDSFRY_crypted.exe -> No Execution in Triage
https://radiobridge-egy.com/tmp/index.php -> Bootkit ??? https://tria.ge/230420-mh8h9shc75 + https://tria.ge/230420-tbfy1aah35/behavioral1
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe -> Down ?
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw -> Down?
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe -> Down
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe -> Down