IOCs 23_5_2021
(1)
File Name |
Slayeer_Leecher.exe |
Created process |
server.exe |
Connected (Ip/Dns) |
194[.]62[.]157[.]251 |
MD5 |
59e73fcfe28d91e4eb1da2ae13842fd1 |
SHA256 |
ce63198ca5c8930431d633e95bf6332ead55611582c2261e767ad906cc958726 |
Family |
AgentTesla |
(2)
File Name |
FiveM_1.zip |
Created process |
server.exe |
Connected (Ip/Dns) |
errorsx[.]ddns[.]net |
MD5 |
c7c7dabd4f28ad85fa9d2749153e8b77 |
SHA256 |
f9fd309aa62740d1c935eaa402302ce4af58d0fa11a82b334d7497b1c4e9cb6c |
Family |
njRAT |
(3)
File Name |
moresamples.7z |
Created process |
DllHost.exe |
Connected (Ip/Dns) |
zahlung[.]name, users[.]qzone[.]qq[.]com, users[.]qzone[.]qq.com, zahlung[.]name,
i[.]kpzip[.]com, g[.]azmagis[.]ru, verybigloan[.]com, allescorts4u[.]com, tugay[.]com[.]tr |
MD5 |
24d0089f0cc1744a45dc3adaf89ccfd2 |
SHA256 |
71a4f60b1131eb288591fee713d8790b09a0ade44f19df5d376ec3434cf178f2 |
Family |
njRAT |
(4)
File Name |
Server.exe |
Created process |
svhost.exe |
Connected (Ip/Dns) |
4[.]tcp[.]ngrok[.]io |
MD5 |
52cbc90d6dc88190c9f879fc9c1f5e6f |
SHA256 |
41e34ede51a8105612c995df2742727e00548c482a50be2aa33f439061a09f27 |
Family |
njRAT |
(5)
File Name |
GERADOR DE NITROS 2021.exe |
Created process |
WindowsUpdate.exe |
Connected (Ip/Dns) |
windowsupdated[.]duckdns[.]org |
MD5 |
31c32764c54f3cd234b650d068b74989 |
SHA256 |
ee0c5f94602c7acf2eb4c0305934dc63f473aabb37a308cf984a00c33629e939 |
Family |
njRAT |
(6)
File Name |
sample(1).zip |
Created process |
MyTrayApp.exe |
Connected (Ip/Dns) |
zahlung[.]name, users[.]qzone[.]qq[.]com, users[.]qzone[.]qq[.]com, zahlung[.]name |
MD5 |
142133008fdbda210e7818ddeab583fe |
SHA256 |
c22eccc78ca522b87a16a54d5907bef155a0d43be4c0eb778d3d769719786d36 |
Family |
njRAT |
(7)
File Name |
Beta 11111.exe |
Created process |
Beta 11111.exe |
Connected (Ip/Dns) |
ei[.]phncdn[.]com, ht-cdn[.]trafficjunky[.]net, ht-cdn2[.]trafficjunky[.]net |
MD5 |
17d0637e603726e10fc30310bf1f8ad0 |
SHA256 |
f550b36b33e70196db13e2105560cb690489bac3d5083cee0415133b25340735 |
Family |
Nanocore |
(8)
File Name |
10f697d3f0bd1656a58045faf093d2cc.exe |
Created process |
10f697d3f0bd1656a58045faf093d2cc.exe |
Connected (Ip/Dns) |
jeffserver[.]duckdns[.]org |
MD5 |
10f697d3f0bd1656a58045faf093d2cc |
SHA256 |
211e24652cbe76de799a0748dd0643c94d0b6ea4702b1eecef3ec341aebfac31 |
Family |
Nanocore |
(9)
File Name |
virus.exe |
Created process |
virus.exe |
Connected (Ip/Dns) |
nanocore[.]myftp[.]biz |
MD5 |
97c16b9f4a1814720cb13fa27c780dc7 |
SHA256 |
6b010f4db9afce4d5121e1e6c8d9f964a98a76f93b1281d60d229c77f418985c |
Family |
Nanocore |
(10)
File Name |
a816c00bdb4bd6b9cd94c35c476399a7.exe |
Created process |
a816c00bdb4bd6b9cd94c35c476399a7.exe |
Connected (Ip/Dns) |
believe2021[.]ddns[.]net |
MD5 |
a816c00bdb4bd6b9cd94c35c476399a7 |
SHA256 |
02406289cc1ddef9b934fae8ccbb5ad518204950a488018792a89328bb4fefa8 |
Family |
Nanocore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore.
(11)
File Name |
Backdoor.exe |
Created process |
Dwm.exe |
Connected (Ip/Dns) |
78[.]198[.]121[.]158 |
MD5 |
9c62a1cb321161298eaae99fae66b1c1 |
SHA256 |
168e0112279829fb625462de15ac279dd703b5bbe36ec539f98f9fba492e3fe2 |
Family |
Remcos |
(12)
File Name |
kk.EXE |
Created process |
kk.EXE |
Connected (Ip/Dns) |
www[.]nihongo[.]school, www[.]aryadata[.]com, www[.]tacomawageneralcontractor[.]com, www[.]bigfacecoffees[.]com, www[.]cozinhablog[.]com,
www[.]sportdeed[.]com, www[.]secure-apps[.]info, www[.]stmconstructlonllc[.]com, www[.]levelsautoltd[.]com |
MD5 |
87df8bdd3c538665b8b0591ef28e9d21 |
SHA256 |
1265cd7cd52561d0e688f2ea1a8a9c8ed712b4f6fb82e253424f9a6cdad5d995 |
Family |
Formbook |
(13)
File Name |
kk.EXE |
Created process |
kk.EXE |
Connected (Ip/Dns) |
www[.]nihongo[.]school, www[.]aryadata[.]com, www[.]tacomawageneralcontractor[.]com, www[.]bigfacecoffees[.]com, www[.]cozinhablog[.]com,
www[.]sportdeed[.]com, www[.]secure-apps[.]info, www[.]stmconstructlonllc[.]com, www[.]levelsautoltd[.]com |
MD5 |
87df8bdd3c538665b8b0591ef28e9d21 |
SHA256 |
1265cd7cd52561d0e688f2ea1a8a9c8ed712b4f6fb82e253424f9a6cdad5d995 |
Family |
Formbook |
(14)
File Name |
Payment Copy.exe |
Created process |
Payment Copy.exe |
Connected (Ip/Dns) |
www[.]updatesz[.]com, www[.]alcargomoversllc[.]com, www[.]centerstageacademyaz[.]com, www[.]mcgdinner[.]com, www[.]unmeasured-grace[.]com |
MD5 |
55c4259949b8613e5e762341c226397d |
SHA256 |
68fd922afd4b980e00af527f2e2d6bbeed59ec1508c089370d64081a5532f3f2 |
Family |
Formbook |
(15)
File Name |
PO 210521-0012.exe |
Created process |
PO 210521-0012.exe |
Connected (Ip/Dns) |
non |
MD5 |
1df320abe6f448155c60a88a4718c40c |
SHA256 |
4760c7a98d84bb9ee27ed44258109974451624c590b635f0e8ba332653b4149e |
Family |
Lokibot |
(16)
File Name |
k.dot |
Created process |
vbc.exe |
Connected (Ip/Dns) |
eyecos[.]ga, zxcvbnmlkjhgfdsaqwertyuioppoiuytrewqasdg[.]ydns.eu |
MD5 |
f5648a200cb943e2e11a09d6c7343317 |
SHA256 |
09552d558192296ebb71772495032fd4755885cfc96f67252bb830817b04178c |
Family |
Lokibot |
(17)
File Name |
19E99F2ECABFEDF0C976B0EA0D466714.exe |
Created process |
run2.exe |
Connected (Ip/Dns) |
professorlog[.]xyz |
MD5 |
19e99f2ecabfedf0c976b0ea0d466714 |
SHA256 |
8358e817e423f16dcdcd3f213229f7b7b63de4a1ccce5f7ab07997a57183f758 |
Family |
Vidar |
(18)
File Name |
Loader.exe |
Created process |
Loader.exe |
Connected (Ip/Dns) |
file[.]ekkggr3.com, bandshoo[.]info, privacytools[.]xyz,
moonlabmediacompany[.]com, 38xl[.]pycharm3[.]ru, www[.]wws23dfwe[.]com, gclean[.]biz,
bukkva[.]best, douwma09[.]top, uyg5wye[.]2ihsfa[.]com |
MD5 |
eca2156de666662ddfb440ecad3f3eff |
SHA256 |
330108a71779bec4698652f25c1af0d546ecd80037f7159350e8b0447baecc44 |
Family |
Vidar |
(19)
File Name |
Client-built.exe |
Created process |
Client-built.exe |
Connected (Ip/Dns) |
77[.]29[.]72[.]108 ( Clean) |
MD5 |
f0f606fbbabc8819f7240f6a2e1040ec |
SHA256 |
15bf332c4d7e736c2380ba7a641c22a8c03b943afbf62f2d8ec1e237624d5891 |
Family |
Quasar RAT |
(20)
File Name |
1word.doc |
Created process |
1word.doc |
Connected (Ip/Dns) |
fortcollinsathletefactory[.]com, getming[.]com, grml[.]net,
gaffa-music[.]com |
MD5 |
349d13ca99ab03869548d75b99e5a1d0 |
SHA256 |
d34849e1c97f9e615b3a9b800ca1f11ed04a92b1014f55aa0158e3fffc22d78f |
Family |
Emotet |
(21)
File Name |
5814 N 17ST.doc |
Created process |
POwersheLL.exe |
Connected (Ip/Dns) |
www[.]theaffiliateincome.com, luandasoft[.]com, baangnews[.]com,
arthurjacksonctc[.]com |
MD5 |
d44eab3f49c70836c4f7b9524a343f31 |
SHA256 |
57e3a37bdfd74ce08a628a341defd030d4f637f4033ab95d11aaaa807a831c62 |
Family |
Emotet |
(22)
File Name |
0520_656407893761.doc |
Created process |
rundll32.exe |
Connected (Ip/Dns) |
vaethemanic[.]com |
MD5 |
632c214b5a3f8bdfa91197e121f41db1 |
SHA256 |
d43ec0226fd6af4d0848cd1fa2329b93fb73341814dd8536c53b6da0e31b3844 |
Family |
Hancitor |
(23)
File Name |
1.exe |
Created process |
5.exe |
Connected (Ip/Dns) |
asvb[.]top |
MD5 |
97a4937242ecf81afac5f24bf3e2a828 |
SHA256 |
db8743187bfe5c0943cc466c56bb368201a7b4ef2dfc832672ab51dc2c367957 |
Family |
Raccoon |
(24)
File Name |
a6b77177d4e4bb966466c65c82f7428b.exe |
Created process |
AddInProcess32.exe |
Connected (Ip/Dns) |
youwebmaster[.]com, download2[.]info, u1y[.]pycharm3[.]ru,
tstamore[.]info, api[.]ip[.]sb |
MD5 |
a6b77177d4e4bb966466c65c82f7428b |
SHA256 |
bf864ffc01766f30758d5503ee51d15e0e1349cd9bff9b4f90ad775dcb7950c2 |
Family |
Raccoon |
(25)
File Name |
AC30150A3E5AFB12A5BE4E656C982211.exe |
Created process |
AC30150A3E5AFB12A5BE4E656C982211.exe |
Connected (Ip/Dns) |
162[.]0[.]223[.]248 |
MD5 |
ac30150a3e5afb12a5be4e656c982211 |
SHA256 |
fa9d93120859ab98f0f088f3e651360fbecb2c11d216597a5ea7da34debc020c |
Family |
Raccoon |
(26)
File Name |
keygen.exe |
Created process |
InstallUtil.exe |
Connected (Ip/Dns) |
haija[.]mine[.]nu |
MD5 |
63121aa148b89c283bc29c8e9359d3b0 |
SHA256 |
14b604df05e37b6dbadba8a6e010870083d6ef961cb983d1e2afcf228c0bf61a |
Family |
Netwire |
(27)
File Name |
Client.exe |
Created process |
Client.exe |
Connected (Ip/Dns) |
mehack1234567[.]ddns[.]net |
MD5 |
54e779ec5c88aea659f062c7e538577d |
SHA256 |
1eb4b1682ee4d9e438134c3ab319dac1ac38e1ada272f2c12aa8d06de5889a88 |
Family |
Revenge |
(28)
File Name |
trickbot.zip |
Created process |
Client.exe |
Connected (Ip/Dns) |
89[.]105[.]203[.]180 |
MD5 |
0494f6c3c9f11a26cdebca62914d517e |
SHA256 |
e1382889e918bd1f2f87f5c13a1a2ebe5fa1a0cc89740c80683fefec81ff7097 |
Family |
Trickbot |
(29)
File Name |
maze.exe |
Created process |
maze.exe |
Connected (Ip/Dns) |
91[.]218[.]114[.]4, 91[.]218[.]114[.]11 |
MD5 |
21a563f958b73d453ad91e251b11855c |
SHA256 |
067f1b8f1e0b2bfe286f5169e17834e8cf7f4266b8d97f28ea78995dc81b0e7b |
Family |
Maze |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment