A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #13139  by Xylitol
 Thu May 10, 2012 9:36 pm
Admin login: /control.php
The header of razorbladesfuture.ru and regmexicooo1.ru are different "smoke bot"
Code: Select all
http://razorbladesfuture.ru/images/imgs/header.png
this one is a smoke bot:
Code: Select all
http://beaufortseaa139.ru/qad/imgs/header.png
Anyway smoke bot or smoke loader have the same structure, or a difference.. smoke loader have a 'footer.png' when smoke bot don't have one.
 #14016  by Xylitol
 Sat Jun 16, 2012 7:48 am
GET /tmp/index.php?cmd=getload&login=783083C3BA00BE137&file=0&sel=77777
Host: italydveris.eu
• dns: 1 ›› ip: 91.217.162.45 - adresse: ITALYDVERIS.EU

https://www.virustotal.com/file/857fc7a ... /analysis/
Smoke Loader
Attachments
infected
(5.13 KiB) Downloaded 120 times