IOCs 20_6_2021

 



(1)

File Name

Client.exe

Created process

Sas.exe

Connected (Ip/Dns)

82.202.167.212

MD5

8263e9fcb4a5fe8529561d4e592b79ad

SHA256

a15aa328bbad2fe3b41cca33bd24151efd8a901066f2e59626bd2f9bb2e2761a

Family

njRAT

 

 

 

(2)

File Name

NeverloseLoaderCrack.exe

Created process

NeverloseLoaderCrack.exe

Connected (Ip/Dns)

0.tcp.ngrok.io

MD5

b00b7f441c1bca4d9f65c6dd2eb36c76

SHA256

c087cc384485e2ff854427095481d22929a661f2ffb1580d10facf70685cfe47

Family

njRAT

 

(3)

File Name

xZezXtb9N6sKgxm.exe

Created process

xZezXtb9N6sKgxm.exe

Connected (Ip/Dns)

www.partycc.com, www.sustainablemedia.global, www.rjuanca.com, www.rjuanca.com, www.for-all-dream.com, www.gosleep-vietnam.com, www.dofreemovies.com, www.plafon.one, www.x1699.com

MD5

f54b956607d0370e0ad3084242712bb0

SHA256

59926e3453980c8bf4cfb466d00770fad47f05cd9c9e2a1ec7a25da16b38ebed

Family

Formbook

 

(4)

File Name

RFQCei20062021.exe

Created process

RFQCei20062021.exe

Connected (Ip/Dns)

63.141.228.141

MD5

0c1a9c5200dd6ad9e9adc3d2b23810fd

SHA256

8487616e993913211f1c1d1888b24697f40132eed17e4f5ca2bf44b0edf036b7

Family

Lokibot

 

(5)

File Name

QATAR 2022 STADIUM PROJECT ONGOING PR0JECT.e.exe

Created process

QATAR 2022 STADIUM PROJECT ONGOING PR0JECT.e.exe

Connected (Ip/Dns)

63.141.228.141

MD5

50927aa0cc8bbc3b41c84998b6d500c8

SHA256

80b5c587184821cdbab152fac30a7c898e19f75cdf2f9ed0d471535a3acf94a5

Family

Lokibot

 

(6)

File Name

build.exe

Created process

build.exe

Connected (Ip/Dns)

fakeme.us

MD5

a40b4c6e2d94b37bd0bad1467044763d

SHA256

e879efcbe935e83c3d1e4ac3376b3efab25e9e388b0f86395df79e6fb34e1e03

Family

Lokibot

 

(7)

File Name

HSBC 11223886.docx

Created process

HSBC 11223886.docx

Connected (Ip/Dns)

bnbrokenskull.ml

MD5

dba3c3acd6bea937398dc9d28e664bfa

SHA256

9e7142e95fc9ef6d38c0e10ee0007c600e941353ab29a73e8bfd02da7c27eb24

Family

Lokibot

 

(8)

File Name

Nbnb_Sub2 (3).docx

Created process

Nbnb_Sub2 (3).docx

Connected (Ip/Dns)

bnbrokenskull.ml, bnbrokenskull.ml

MD5

dba3c3acd6bea937398dc9d28e664bfa

SHA256

9e7142e95fc9ef6d38c0e10ee0007c600e941353ab29a73e8bfd02da7c27eb24

Family

Lokibot

 


(9)

File Name

Keygen.exe

Created process

Keygen.exe

Connected (Ip/Dns)

jordanianggs.hopto.org

MD5

e8e6d78a27ce469b5f21e1c9b734cdb3

SHA256

07710ae4f5c8ee9557bd4c937f988b6d129cea43791c403c69dbd92e02d90c3d

Family

Nanocore

 

(10)

File Name

0adf6b230a5601fc87c2e7dacff386cf.exe

Created process

0adf6b230a5601fc87c2e7dacff386cf.exe

Connected (Ip/Dns)

wekeepworking.sytes.net

MD5

0adf6b230a5601fc87c2e7dacff386cf

SHA256

437c9421ae36bc19198438f86b86a39de0d207449abef097eb9656743823c256

Family

Nanocore


(11)

File Name

passive auto typer v4.bat

Created process

passive auto typer v4.bat

Connected (Ip/Dns)

ip4.seeip.org

MD5

31a70ae19102cbdb86ae9f08a48d78cf

SHA256

e260c6a678197d65f2cf38fb65cbda19be3f09cbcf0ed9b4f570a82fb55e8e11

Family

Nanocore


(12)

File Name

REMITTANCE DETAILES..exe

Created process

REMITTANCE DETAILES..exe

Connected (Ip/Dns)

ifybest85fff.ddns.net

MD5

142e1f1618c33e5a63cdeeca99f7e1e4

SHA256

b8abcc5499d5612a6e42f5c0b1c72e288ea6cbb3a8ddeb1d122f0275a82e4b84

Family

Nanocore


(13)

File Name

C3E47807F3E8ECA79930D5BE045389E36AD44650AB618.exe

Created process

C3E47807F3E8ECA79930D5BE045389E36AD44650AB618.exe

Connected (Ip/Dns)

r6d6.zapto.org

MD5

263030a0e4c9046d78e1fb06660ddc7e

SHA256

c3e47807f3e8eca79930d5be045389e36ad44650ab618d234ce986949a5b2eb1

Family

Nanocore


(14)

File Name

Malwarebytes_Keygen.rar

Created process

Malwarebytes_Keygen.rar

Connected (Ip/Dns)

jordanianggs.hopto.org

MD5

4bca69196cdcea95a67dccfae0d9c2dd

SHA256

a3673059b538c641b78783882e8e6813c538c072124689e5151514277e391d01

Family

Nanocore




If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware