################################################################################################### SmokeLoader C2 URLs: http://host-file-host6.com/ http://aek0aicifaloh1yo.com/ http://wa5zu7sekai8xeih.com/ http://yic0oosaeiy7ahng.com/ http://kingpirate.ru/tmp/ http://hoh0aeghwugh2gie.com/ http://hie7doodohpae4na.com/ http://potunulit.org/ http://firsttrusteedrx.ru/tmp/ ################################################################################################### SmokeLoader additional distribution: https://leaderspro.ps/tmp/index.php http://respekt5569.com/downloads/toolspub1.exe http://hugersi.com/dl/6523.exe http://79.137.194.41/s.exe ################################################################################################### Payloads: https://anonfiles.com/c5f1A1m6z8/Server_exe -> Silly actor with bad payload https://anonfiles.com/29l4A4mdz3/Server_exe- > Silly actor with broken payload https://transfer.sh/get/Hue3ho/op.exe -> DCRat -> C2: http://089240.clmonth.nyashteam.top/nyashsupport.php https://transfer.sh/get/5DgY9D/setup_1682003561.594086.exe -> RedLine: C2: dragrun.top:28786 (Botnet: 5631065866_99) 95.217.245.250:28786 http://atomic.opdailyallowance.top/ufo.exe -> Crashing in Sandbox: https://tria.ge/230421-s55nsaad6y/behavioral2 https://github.com/ThunderMods/dassd/raw/main/4k4wuzs.exe -> DCRat -> C2: http://77.73.131.120//3LineVm/DleServerMariadb/Windows/Lowflowerpipe/Temp4/Touniversal/Multiline/CentrallocalsqlDownloads/Multitest/async5Uploads5/ProcessorJavascript0dump/18ImageTrack/dumpLinuxWpCentral/UniversalDefault/PollauthUpdate2/WindowsDump8/dumpphppacketGame/downloadsProcessorpoll/SqlUploadsDump/externalVmPhpdatalifelocal.php (https://tria.ge/230421-s5x9psad6v/behavioral2) https://cdn.discordapp.com/attachments/1076564301877354569/1098620905766268933/opo.exe -> 5/10 -> https://tria.ge/230421-tknefaaf4v/behavioral2 ################################################################################################### Old Payloads: https://www.jani.hu/upload/files/cheese_sDu.bat -> Analyzed already https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe -> Analyzed already https://store1.gofile.io/download/02e69779-8bda-4464-9669-05fb0e8f9ae7/74.0.3729.108_chrome_installer.exe -> Analyzed already https://nftsmean.com/pro2.exe -> Analyzed already http://45.9.74.80/power.exe -> Analyzed already http://45.138.74.247/shared/Ruzvelt.exe -> Analyzed already ################################################################################################### Payloads (down/not executed) https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw -> Down https://cdn.discordapp.com/attachments/1076564301877354569/1098620905766268933/opo.exe https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe