IOCs 23_5_2021







(1)

File Name

Slayeer_Leecher.exe

Created process

server.exe

Connected (Ip/Dns)

194[.]62[.]157[.]251

MD5

59e73fcfe28d91e4eb1da2ae13842fd1

SHA256

ce63198ca5c8930431d633e95bf6332ead55611582c2261e767ad906cc958726

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(2)

File Name

FiveM_1.zip

Created process

server.exe

Connected (Ip/Dns)

errorsx[.]ddns[.]net

MD5

c7c7dabd4f28ad85fa9d2749153e8b77

SHA256

f9fd309aa62740d1c935eaa402302ce4af58d0fa11a82b334d7497b1c4e9cb6c

Family

njRAT

 If you wanna know how to analysis njRAT Malware you can check my analysis in YouTube  njRAT.

(3)

File Name

moresamples.7z

Created process

DllHost.exe

Connected (Ip/Dns)

zahlung[.]name, users[.]qzone[.]qq[.]com, users[.]qzone[.]qq.com, zahlung[.]name, i[.]kpzip[.]com, g[.]azmagis[.]ru, verybigloan[.]com, allescorts4u[.]com, tugay[.]com[.]tr

MD5

24d0089f0cc1744a45dc3adaf89ccfd2

SHA256

71a4f60b1131eb288591fee713d8790b09a0ade44f19df5d376ec3434cf178f2

Family

njRAT

 If you wanna know how to analysis njRAT Malware you can check my analysis in YouTube  njRAT. 

(4)

File Name

Server.exe

Created process

svhost.exe

Connected (Ip/Dns)

4[.]tcp[.]ngrok[.]io

MD5

52cbc90d6dc88190c9f879fc9c1f5e6f

SHA256

41e34ede51a8105612c995df2742727e00548c482a50be2aa33f439061a09f27

Family

njRAT

  If you wanna know how to analysis njRAT Malware you can check my analysis in YouTube  njRAT.

(5)

File Name

GERADOR DE NITROS 2021.exe

Created process

WindowsUpdate.exe

Connected (Ip/Dns)

windowsupdated[.]duckdns[.]org

MD5

31c32764c54f3cd234b650d068b74989

SHA256

ee0c5f94602c7acf2eb4c0305934dc63f473aabb37a308cf984a00c33629e939

Family

njRAT

 If you wanna know how to analysis njRAT Malware you can check my analysis in YouTube  njRAT. 

(6)

File Name

sample(1).zip

Created process

MyTrayApp.exe

Connected (Ip/Dns)

zahlung[.]name, users[.]qzone[.]qq[.]com, users[.]qzone[.]qq[.]com, zahlung[.]name

MD5

142133008fdbda210e7818ddeab583fe

SHA256

c22eccc78ca522b87a16a54d5907bef155a0d43be4c0eb778d3d769719786d36

Family

njRAT

 If you wanna know how to analysis njRAT Malware you can check my analysis in YouTube  njRAT. 

(7)

File Name

Beta 11111.exe

Created process

Beta 11111.exe

Connected (Ip/Dns)

ei[.]phncdn[.]com, 

ht-cdn[.]trafficjunky[.]net, ht-cdn2[.]trafficjunky[.]net

MD5

17d0637e603726e10fc30310bf1f8ad0

SHA256

f550b36b33e70196db13e2105560cb690489bac3d5083cee0415133b25340735

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore.. 

(8)

File Name

10f697d3f0bd1656a58045faf093d2cc.exe

Created process

10f697d3f0bd1656a58045faf093d2cc.exe

Connected (Ip/Dns)

jeffserver[.]duckdns[.]org

MD5

10f697d3f0bd1656a58045faf093d2cc

SHA256

211e24652cbe76de799a0748dd0643c94d0b6ea4702b1eecef3ec341aebfac31

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..  

(9)

File Name

virus.exe

Created process

virus.exe

Connected (Ip/Dns)

nanocore[.]myftp[.]biz

MD5

97c16b9f4a1814720cb13fa27c780dc7

SHA256

6b010f4db9afce4d5121e1e6c8d9f964a98a76f93b1281d60d229c77f418985c

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..  

(10)

File Name

a816c00bdb4bd6b9cd94c35c476399a7.exe

Created process

a816c00bdb4bd6b9cd94c35c476399a7.exe

Connected (Ip/Dns)

believe2021[.]ddns[.]net

MD5

a816c00bdb4bd6b9cd94c35c476399a7

SHA256

02406289cc1ddef9b934fae8ccbb5ad518204950a488018792a89328bb4fefa8

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore.

(11)

File Name

Backdoor.exe

Created process

Dwm.exe

Connected (Ip/Dns)

78[.]198[.]121[.]158

MD5

9c62a1cb321161298eaae99fae66b1c1

SHA256

168e0112279829fb625462de15ac279dd703b5bbe36ec539f98f9fba492e3fe2

Family

Remcos


(12)

File Name

kk.EXE

Created process

kk.EXE

Connected (Ip/Dns)

www[.]nihongo[.]school, www[.]aryadata[.]com, www[.]tacomawageneralcontractor[.]com, www[.]bigfacecoffees[.]com, www[.]cozinhablog[.]com, www[.]sportdeed[.]com, www[.]secure-apps[.]info, www[.]stmconstructlonllc[.]com, www[.]levelsautoltd[.]com

MD5

87df8bdd3c538665b8b0591ef28e9d21

SHA256

1265cd7cd52561d0e688f2ea1a8a9c8ed712b4f6fb82e253424f9a6cdad5d995

Family

Formbook


(13)

File Name

kk.EXE

Created process

kk.EXE

Connected (Ip/Dns)

www[.]nihongo[.]school, www[.]aryadata[.]com, www[.]tacomawageneralcontractor[.]com, www[.]bigfacecoffees[.]com, www[.]cozinhablog[.]com, www[.]sportdeed[.]com, www[.]secure-apps[.]info, www[.]stmconstructlonllc[.]com, www[.]levelsautoltd[.]com

MD5

87df8bdd3c538665b8b0591ef28e9d21

SHA256

1265cd7cd52561d0e688f2ea1a8a9c8ed712b4f6fb82e253424f9a6cdad5d995

Family

Formbook


(14)

File Name

Payment Copy.exe

Created process

Payment Copy.exe

Connected (Ip/Dns)

www[.]updatesz[.]com, www[.]alcargomoversllc[.]com, www[.]centerstageacademyaz[.]com, www[.]mcgdinner[.]com, www[.]unmeasured-grace[.]com

MD5

55c4259949b8613e5e762341c226397d

SHA256

68fd922afd4b980e00af527f2e2d6bbeed59ec1508c089370d64081a5532f3f2

Family

Formbook

(15)

File Name

PO 210521-0012.exe

Created process

PO 210521-0012.exe

Connected (Ip/Dns)

non

MD5

1df320abe6f448155c60a88a4718c40c

SHA256

4760c7a98d84bb9ee27ed44258109974451624c590b635f0e8ba332653b4149e

Family

Lokibot


(16)

File Name

k.dot

Created process

vbc.exe

Connected (Ip/Dns)

eyecos[.]ga, zxcvbnmlkjhgfdsaqwertyuioppoiuytrewqasdg[.]ydns.eu

MD5

f5648a200cb943e2e11a09d6c7343317

SHA256

09552d558192296ebb71772495032fd4755885cfc96f67252bb830817b04178c

Family

Lokibot


(17)

File Name

19E99F2ECABFEDF0C976B0EA0D466714.exe

Created process

run2.exe

Connected (Ip/Dns)

professorlog[.]xyz

MD5

19e99f2ecabfedf0c976b0ea0d466714

SHA256

8358e817e423f16dcdcd3f213229f7b7b63de4a1ccce5f7ab07997a57183f758

Family

Vidar


(18)

File Name

Loader.exe

Created process

Loader.exe

Connected (Ip/Dns)

file[.]ekkggr3.com, bandshoo[.]info, privacytools[.]xyz, moonlabmediacompany[.]com, 38xl[.]pycharm3[.]ru, www[.]wws23dfwe[.]com, gclean[.]biz, bukkva[.]best, douwma09[.]top, uyg5wye[.]2ihsfa[.]com

MD5

eca2156de666662ddfb440ecad3f3eff

SHA256

330108a71779bec4698652f25c1af0d546ecd80037f7159350e8b0447baecc44

Family

Vidar


(19)

File Name

Client-built.exe

Created process

Client-built.exe

Connected (Ip/Dns)

77[.]29[.]72[.]108 ( Clean)

MD5

f0f606fbbabc8819f7240f6a2e1040ec

SHA256

15bf332c4d7e736c2380ba7a641c22a8c03b943afbf62f2d8ec1e237624d5891

Family

Quasar RAT


(20)

File Name

1word.doc

Created process

1word.doc

Connected (Ip/Dns)

fortcollinsathletefactory[.]com, getming[.]com, grml[.]net, gaffa-music[.]com

MD5

349d13ca99ab03869548d75b99e5a1d0

SHA256

d34849e1c97f9e615b3a9b800ca1f11ed04a92b1014f55aa0158e3fffc22d78f

Family

Emotet


(21)

File Name

5814 N 17ST.doc

Created process

POwersheLL.exe

Connected (Ip/Dns)

www[.]theaffiliateincome.com, luandasoft[.]com, baangnews[.]com, arthurjacksonctc[.]com

MD5

d44eab3f49c70836c4f7b9524a343f31

SHA256

57e3a37bdfd74ce08a628a341defd030d4f637f4033ab95d11aaaa807a831c62

Family

Emotet


(22)

File Name

0520_656407893761.doc

Created process

rundll32.exe

Connected (Ip/Dns)

vaethemanic[.]com

MD5

632c214b5a3f8bdfa91197e121f41db1

SHA256

d43ec0226fd6af4d0848cd1fa2329b93fb73341814dd8536c53b6da0e31b3844

Family

Hancitor


(23)

File Name

1.exe

Created process

5.exe

Connected (Ip/Dns)

asvb[.]top

MD5

97a4937242ecf81afac5f24bf3e2a828

SHA256

db8743187bfe5c0943cc466c56bb368201a7b4ef2dfc832672ab51dc2c367957

Family

Raccoon


(24)

File Name

a6b77177d4e4bb966466c65c82f7428b.exe

Created process

AddInProcess32.exe

Connected (Ip/Dns)

youwebmaster[.]com, download2[.]info, u1y[.]pycharm3[.]ru, tstamore[.]info, api[.]ip[.]sb

MD5

a6b77177d4e4bb966466c65c82f7428b

SHA256

bf864ffc01766f30758d5503ee51d15e0e1349cd9bff9b4f90ad775dcb7950c2

Family

Raccoon


(25)

File Name

AC30150A3E5AFB12A5BE4E656C982211.exe

Created process

AC30150A3E5AFB12A5BE4E656C982211.exe

Connected (Ip/Dns)

162[.]0[.]223[.]248

MD5

ac30150a3e5afb12a5be4e656c982211

SHA256

fa9d93120859ab98f0f088f3e651360fbecb2c11d216597a5ea7da34debc020c

Family

Raccoon


(26)

File Name

keygen.exe

Created process

InstallUtil.exe

Connected (Ip/Dns)

haija[.]mine[.]nu

MD5

63121aa148b89c283bc29c8e9359d3b0

SHA256

14b604df05e37b6dbadba8a6e010870083d6ef961cb983d1e2afcf228c0bf61a

Family

Netwire


(27)

File Name

Client.exe

Created process

Client.exe

Connected (Ip/Dns)

mehack1234567[.]ddns[.]net

MD5

54e779ec5c88aea659f062c7e538577d

SHA256

1eb4b1682ee4d9e438134c3ab319dac1ac38e1ada272f2c12aa8d06de5889a88

Family

Revenge


(28)

File Name

trickbot.zip

Created process

Client.exe

Connected (Ip/Dns)

89[.]105[.]203[.]180

MD5

0494f6c3c9f11a26cdebca62914d517e

SHA256

e1382889e918bd1f2f87f5c13a1a2ebe5fa1a0cc89740c80683fefec81ff7097

Family

Trickbot


(29)

File Name

maze.exe

Created process

maze.exe

Connected (Ip/Dns)

91[.]218[.]114[.]4, 91[.]218[.]114[.]11

MD5

21a563f958b73d453ad91e251b11855c

SHA256

067f1b8f1e0b2bfe286f5169e17834e8cf7f4266b8d97f28ea78995dc81b0e7b

Family

Maze


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more