Mirrors
/
Gi7w0rm-MalwareConfigLists
mirror of https://github.com/Gi7w0rm/MalwareConfigLists
10
0
Fork 0
Code Issues Releases Wiki Activity

Add files via upload

This commit is contained in:
Gi7w0rm 2023-06-02 04:30:07 +02:00 committed by GitHub
parent e9ba582c1e
commit e94035c557
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 74 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
SmokeLoader/smoke_out_01_06_2023.txt Normal file
View File

@ -0,0 +1,44 @@
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
https://cdn.discordapp.com/attachments/1111985588615249960/1113790937693433916/54656464.exe
http://colisumy.com/dl/build.exe
https://speedlab.com.eg/tmp/index.php
http://45.9.74.80/wall.exe
http://host-file-host6.com/
https://cdn.discordapp.com/attachments/1111985588615249960/1113502455964110848/54656464.exe
https://filetransfer.io/data-package/llBlT2VL/download -> GoogleChromeUpdate.exe -> https://raw.githubusercontent.com/RHGF44/string/main/readme.txt -> DCRat -> C2: pococox.cc -> 134.255.216.148:80 (+ Scheduled Task and Add-MpPreference -ExclusionPath)
http://hugersi.com/dl/6523.exe
https://darkbox.pw/d/2NDOYbiR12bS1ItY28sWAZ6I2FJlkP -> clear.exe -> Loader reaching out to:
http://5.42.94.169/customer/115 -> Downloads and executes RedLine C2: 45.9.74.4:46910
http://potunulit.org/
http://kingpirate.ru/tmp/
http://respekt5568.com/downloads/toolspub1.exe
https://nftsmean.com/pro2.exe
https://cdn.discordapp.com/attachments/1113947677764374622/1113960414951252049/1st.exe -> C2: 84.54.50.125:58002
http://dropbuyinc.ga/
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
http://140.99.221.199/sp.exe
http://95.214.27.98/file/lega.exe -> 2x RedLine (Botnet:lars && Botnet grom) C2: 83.97.73.127:19045 + Amadey: http://95.214.27.98/cronus/index.php
https://seattle-fishing-club.com/search.php
http://194.180.48.90/cc.exe -> Rhadamanthys Stealer -> C2: 179.43.162.23:8509
http://colisumy.com/dl/buildz.exe
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
https://miami-golf-club.com/search.php

30
SmokeLoader/smoke_out_31_05_2023.txt Normal file
View File

@ -0,0 +1,30 @@
http://host-file-host6.com/
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
http://140.99.221.199/sp.exe -> Binary Themida Packed and evades Virtual Box via ACPI registry values and SandBox via SystemBiosVersion and VideoBiosVersion
http://kingpirate.ru/tmp/
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
http://respekt5568.com/downloads/toolspub1.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
http://colisumy.com/dl/build.exe
http://potunulit.org/
https://speedlab.com.eg/tmp/index.php -> SmokeLoader pub1
http://45.9.74.80/wall.exe -> Amadey (C2: 45.9.74.80/0bjdn2Z/index.php ) + Fabookie (C2s: http://us.imgjeoigaa.com/sts/imagc.jpg +
http://as.imgjeoigaa.com/check/safe) + XMRig (Pool: xmr-eu2.nanopool.org)
http://colisumy.com/dl/buildz.exe
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
https://nftsmean.com/pro2.exe
https://cdn.discordapp.com/attachments/1111985588615249960/1113502455964110848/54656464.exe