Mirrors
/
Gi7w0rm-MalwareConfigLists
mirror of https://github.com/Gi7w0rm/MalwareConfigLists
10
0
Fork 0
Code Issues Releases Wiki Activity

Add files via upload

This commit is contained in:
Gi7w0rm 2023-05-18 21:14:26 +02:00 committed by GitHub
parent 60068c88c0
commit 8e2fb3628d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 179 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
SmokeLoader/smoke_out_11_05_2023_IT.txt Normal file
View File

@ -0,0 +1,60 @@
http://potunulit.org/
https://apnamachine.com/tmp/index.php
http://aek0aicifaloh1yo.com/
http://wa5zu7sekai8xeih.com/
http://respekt5567.com/downloads/toolspub1.exe
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe
https://bayfiles.com/v1HbA7q9zf/OriginalBuild_exe -> Raccoon Stealer -> C2: http://94.142.138.32
https://transfer.sh/get/25CBdR/moscow_exchang.exe
http://172.86.123.224:8000/builds
http://45.15.159.174/s.exe
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
http://hugersi.com/dl/6523.exe
https://transfer.sh/get/I2A8JJ/123.exe -> RedLine (C2: 45.9.74.40:10814)
http://45.9.74.80/power.exe
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
http://140.99.221.199/sp1.exe
http://77.73.131.239/s.exe
https://transfer.sh/RmnLYw/crypted%20%282%29.exe
http://hoh0aeghwugh2gie.com/
http://158.101.155.92/koIWDRc.exe
http://yic0oosaeiy7ahng.com/
https://transfer.sh/get/Vz6kII/43252345.exe -> Vidar ->
DeadDrops: https://steamcommunity.com/profiles/76561198272578552 + https://t.me/libpcre -> C2: http://116.202.1.79:9100 + http://195.201.47.75 + Smth targeting YouTube/ Google Accounts
http://193.109.85.183/btc.exe
https://transfer.sh/7zzgaI/testing.exe -> Noisy! Check later -> https://tria.ge/230513-lqq4hsfh95/behavioral2
Loads: https://transfer.sh/get/pbxx5A/tst2.exe
http://colisumy.com/dl/buildz.exe
http://hie7doodohpae4na.com/
https://nftsmean.com/pro2.exe
http://host-file-host6.com/
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
http://209.250.254.249:3002/ -> RedLine (LogsDiller Cloud (Telegram: @logsdillabot)) -> 178.33.182.70:18918
http://138.3.213.192/RKiDaNx.exe -> SectopRat: DNS YqWrYpnLbcsrnl.YqWrYpnLbcsrnl -> C2: 89.248.165.23:5865
https://transfer.sh/get/gEdWaA/maloy.exe -> Telegram Loader : /bot6188685234:AAFOQPOXVhq-YWcA-zGt9fPBpbCYZB9Qf6Q/sendMessage?chat_id=5705203982&text=%0D%0A%F0%9F%94%8A%20*NEW%20EXECUTION*%0D%0A1%EF%B8%8F%E2%83%A3%20User%20=%20Admin%0D%0A2%EF%B8%8F%E2%83%A3%20Date%20UTC%20=%205/13/2023%2011:46:50%20AM%0D%0A3%EF%B8%8F%E2%83%A3%20File%20=%20maloy.exe%0D%0A -> Loads PNG: http://77.91.77.6/loads/Smnnqs.png

74
SmokeLoader/smoke_out_13_05_2023_DE.txt Normal file
View File

@ -0,0 +1,74 @@
http://kingpirate.ru/tmp/
http://colisumy.com/dl/buildz.exe
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
http://aek0aicifaloh1yo.com/
http://yic0oosaeiy7ahng.com/
http://209.250.254.249:3002/
http://respekt5567.com/downloads/toolspub1.exe
https://transfer.sh/get/t3c1nE/Arens.exe -> (Loader?) connects to 77.91.77.6:80 however 1/10 on triage probably because payload is not received -> https://tria.ge/230516-pfkersag26/behavioral2
http://potunulit.org/
http://45.9.74.80/power.exe
http://wa5zu7sekai8xeih.com/
http://172.86.123.224:8000/builds
https://tradingneon.com/files/81.exe -> (Account suspended)
https://www.4sync.com/web/directDownload/yLIfzG1i/EwakEzLs.2f2f949ed1b7f55d5969d844127c9d5c
https://filebin.net/wd3v9sjjlohobzq8/5455.exe -> 9dc5308c66ea1b516a823a01b703d0d497313227237b765205e031237fe940f3.exe -> Quasar Rat (Botnet: Office04, C2: 217.196.96.37:5678)
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
http://hie7doodohpae4na.com/
https://transfer.sh/get/7Ux0pU/43432.exe -> RedLine (C2: 94.142.138.147:48665)
https://transfer.sh/get/oFBAuC/MavrodiBlack%202.exe ->
Get: http://t.me/cinoshibot -> (from Bio) Get: https://central-cee-doja.ru//antivm.php?id=1087 +
https://github.com/holdthismoney/icona/raw/main/version32.exe -> Some sort of Miner (Reliable BlueScreen on Win64 lul) +
https://github.com/MavrodiBlack/sturdy-potato/raw/main/MavrodiBlack.exe (Nice Locker/Ransomware. To get Decryption Key: @Imthepassword Group: "Jumper Hacks") + https://transfer.sh/get/L0fiUE/@MavrodiBlack_alice.exe -> RedLine (C2: 37.220.87.13:48790)
https://tradingneon.com/files/17.exe (Account suspended)
https://transfer.sh/V58Jw2/run.exe -> RedLine (C2: 176.123.9.85:16482)
https://transfer.sh/EocwQ5/build_230513_103126.exe -> PandaStealer -> https://tria.ge/230516-n64ewsaf66/behavioral2
http://host-file-host6.com/
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe
https://nftsmean.com/pro2.exe
http://138.3.213.192/RKiDaNx.exe
https://bayfiles.com/v1HbA7q9zf/OriginalBuild_exe -> Corrupt Signature -> Raccoonv2 (C2: http://94.142.138.32)
https://transfer.sh/get/lBIYXx/635965506-2.exe -> Unidentified Stealer: https://tria.ge/230516-n7czbshf9v/static1
https://apnamachine.com/tmp/index.php
http://hugersi.com/dl/6523.exe
https://transfer.sh/get/VJPf5S/@reality_lolz_easy.exe -> RedLine (C2: 37.220.87.13:48790 )
http://95.214.27.98/file/lega.exe
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
http://hoh0aeghwugh2gie.com/
https://transfer.sh/get/9exO8N/@bad_gerl69_alice.zip -> RedLine (C2: 37.220.87.13:48790)

45
SmokeLoader/smoke_out_14_05_2023_NL.txt Normal file
View File

@ -0,0 +1,45 @@
https://www.4sync.com/web/directDownload/Yyp50QJV/EwakEzLs.9666f37808bd11cdb388db6badaa4da9
http://kingpirate.ru/tmp/
https://www.4sync.com/web/directDownload/yLIfzG1i/EwakEzLs.2f2f949ed1b7f55d5969d844127c9d5c
http://file-file-file1.com/stats.php?id=2279&key=9953df1dbd96f6a178d75ce871b94875
https://github.com/Raarawsd/1/blob/main/Loader.exe
http://respekt5567.com/downloads/toolspub1.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
http://hugersi.com/dl/6523.exe
https://transfer.sh/get/oFBAuC/MavrodiBlack%202.exe
http://potunulit.org/
http://45.9.74.80/power.exe
http://colisumy.com/dl/buildz.exe
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
https://www.4sync.com/web/directDownload/D9bwfK5d/EwakEzLs.028f876cbed1c424a5575f5a7efee811
https://transfer.sh/dSWllk/31.exe
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe
https://nftsmean.com/pro2.exe
http://209.250.254.249:3002/
http://213.170.135.147/dashboard/build.exe
https://apnamachine.com/tmp/index.php
http://host-file-host6.com/
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe