IOCs 23_6_2021
(1)
File Name |
0f8609078a9272e31b63286cef8bf754.vir.exe |
Created process |
0f8609078a9272e31b63286cef8bf754.vir.exe |
Connected (Ip/Dns) |
192.168.100.206 |
MD5 |
0f8609078a9272e31b63286cef8bf754 |
SHA256 |
0034b1a4639a1f03c6733ea73b0a52f4f013d9fb15a56d5468432088112447d0 |
Family |
njRAT |
(2)
File Name |
6207081845391360.zip |
Created process |
vbc.exe |
Connected (Ip/Dns) |
manvim.co |
MD5 |
9aea63b138dc1b70cdd6cad0bd3a81df |
SHA256 |
5da922255fb5ba2d8ee5493c6a0a7bf2dc545465968799af8e6b3f96506fcbb3 |
Family |
Lokibot |
(3)
File Name |
No. ATOMYU14.21.jpg.exe |
Created process |
No. ATOMYU14.21.jpg.exe |
Connected (Ip/Dns) |
63.141.228.141 |
MD5 |
aa2bd93add61460d059367e41d89195c |
SHA256 |
7f347545daf832b84a0cb2d823af46e874cb7c69f436814c58355262e594c4d3 |
Family |
Lokibot |
(4)
File Name |
INV2021-20800.docx |
Created process |
taskmgr.exe |
Connected (Ip/Dns) |
www.yonibymina.com, www.yonibymina.com, www.maimaixiu.club |
MD5 |
6c1c7232217cf3ac24711d9d5588126d |
SHA256 |
040ce819e4f59dd7803e3c75da71048dd8fcf3b28f840889562fd55b6e3f74f2 |
Family |
Formbook |
(5)
File Name |
INV&PL.pdf.exe |
Created process |
INV&PL.pdf.exe |
Connected (Ip/Dns) |
www.5percentforex.com, www.neighborlyrepairman.com, www.rsandisforbiden.com |
MD5 |
91c4408c6440c8abd884d5f795a69d93 |
SHA256 |
6d84d64d53496e0edfbbafd80efd37be254a071c30dab6aa3708d064bfb1758e |
Family |
Formbook |
(6)
File Name |
RFQPDF.exe |
Created process |
RFQPDF.exe |
Connected (Ip/Dns) |
dubby2021.duckdns.org |
MD5 |
1144f85b53538c9d39e5dfc248db4254 |
SHA256 |
05a3a51d5a27c9c2552704ea12c56bf72b689584cd237733960861c83a35d331 |
Family |
Nanocore |
(7)
File Name |
New order - QuoteO11190EU,pdf.exe |
Created process |
New order - QuoteO11190EU,pdf.exe |
Connected (Ip/Dns) |
goddywin.freedynamicdns.net |
MD5 |
07ec864cd77a8ce91ffdc0e592704a20 |
SHA256 |
8e985c697669e0cf36580c49eba3a53e285e19c907bf70ed600af2e3cb26d052 |
Family |
Nanocore |
(8)
File Name |
loololol_hub.exe |
Created process |
loololol_hub.exe |
Connected (Ip/Dns) |
lildawg221111.mynetgear.com |
MD5 |
629a5086da678dfd783cabf1d5ddaec9 |
SHA256 |
c65e2ece64ce4358f31e76218e0b3facef26a10bd849ac8b4a157d455e8d40ff |
Family |
Orcus RAT |
(9)
File Name |
https://oxy.name/d/SKUd |
Created process |
orcustop4ik.duckdns.org, outputlead.info |
Connected (Ip/Dns) |
nanocore.myftp.biz |
MD5 |
97c16b9f4a1814720cb13fa27c780dc7 |
SHA256 |
6b010f4db9afce4d5121e1e6c8d9f964a98a76f93b1281d60d229c77f418985c |
Family |
Orcus RAT |
(10)
File Name |
neti.exe |
Created process |
neti.exe |
Connected (Ip/Dns) |
194.87.111.188 |
MD5 |
515074db9c35d1bb7e84fbc597066247 |
SHA256 |
033741ca568e4e71a586be960e503415579b0520d2c9ecd298ed03becf406b9c |
Family |
Vidar |
(11)
File Name |
Oski_Cracked_mcserver5757.ddns.net.exe |
Created process |
Oski_Cracked_mcserver5757.ddns.net.exe |
Connected (Ip/Dns) |
mcserver5757.ddns.net |
MD5 |
986cba7e72fc85a6779d4c01d0388e49 |
SHA256 |
e37cd1a0f9703ec045c7c467973954380e49444dcabafcb0bf0be9e2fc78f66c |
Family |
Vidar |
(12)
File Name |
INQUIRY LIST ITEMS.exe |
Created process |
INQUIRY LIST ITEMS.exe |
Connected (Ip/Dns) |
kashbilly.ddns.net |
MD5 |
b462baa7065d8d16821794a2f179464b |
SHA256 |
ba410d1931172915171c7769f798d6aaa1eab9f923c98f178f615ad75a6544f2 |
Family |
Remcos |
(13)
File Name |
HOJA DE PROCESO FISCAL EN CURSO
(REVISION INMEDIATA).eml |
Created process |
DOCUMENTO_ad002126111561414158-N39120.exe |
Connected (Ip/Dns) |
dominoduck2113.duckdns.org |
MD5 |
131145147c1718306f293b9156c03aec |
SHA256 |
84bfd520ec912519d0962dfc444d7f1ce577cd9b61f78209f8badac7bb4d06f5 |
Family |
Remcos |
(14)
File Name |
emotet.doc |
Created process |
powershell.exe |
Connected (Ip/Dns) |
blockchainjoblist.com, womenempowermentpakistan.com, atnimanvilla.com, |
MD5 |
b92021ca10aed3046fc3be5ac1c2a094 |
SHA256 |
c378387344e0a552dc065de6bfa607fd26e0b5c569751c79fbf9c6f2e91c9807 |
Family |
Emotet |
(15)
File Name |
emotet.doc |
Created process |
PO 210521-0012.exe |
Connected (Ip/Dns) |
blockchainjoblist.com, womenempowermentpakistan.com, atnimanvilla.com |
MD5 |
b92021ca10aed3046fc3be5ac1c2a094 |
SHA256 |
c378387344e0a552dc065de6bfa607fd26e0b5c569751c79fbf9c6f2e91c9807 |
Family |
Emotet |
(16)
File Name |
http://example.com |
Created process |
hussanx.exe |
Connected (Ip/Dns) |
newanonjoe.ddns.net, uehge4g6gh.2ihsfa.com, newanonjoe.ddns.net, |
MD5 |
f5648a200cb943e2e11a09d6c7343317 |
SHA256 |
09552d558192296ebb71772495032fd4755885cfc96f67252bb830817b04178c |
Family |
Danabot |
(17)
File Name |
file |
Created process |
run2.exe |
Connected (Ip/Dns) |
extilivelly.com, cludimetifte.ru |
MD5 |
3a492d3738886c56aeea2fd6cc1fb178 |
SHA256 |
a7170d048319be6f343f6378cd6ea83660bab8489cdbcda6b243b448c5e275ef |
Family |
Hancitor |
(18)
File Name |
Agent_Tesla_Dumped-cleaned.exe |
Created process |
Agent_Tesla_Dumped-cleaned.exe |
Connected (Ip/Dns) |
gmicaprelam.in |
MD5 |
23d981f4d662ae374df7c78686ecedf9 |
SHA256 |
43b4b0dcf83532473c4bda12ba532c76a15a46e218cc5b6c6420fb3ca826ce26 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(19)
File Name |
Client-built.exe |
Created process |
Client-built.exe |
Connected (Ip/Dns) |
77.29.72.108 ( Clean) |
MD5 |
f0f606fbbabc8819f7240f6a2e1040ec |
SHA256 |
15bf332c4d7e736c2380ba7a641c22a8c03b943afbf62f2d8ec1e237624d5891 |
Family |
Quasar RAT |
(20)
File Name |
1word.doc |
Created process |
1word.doc |
Connected (Ip/Dns) |
fortcollinsathletefactory.com, getming.com, grml.net,
gaffa-music.com |
MD5 |
349d13ca99ab03869548d75b99e5a1d0 |
SHA256 |
d34849e1c97f9e615b3a9b800ca1f11ed04a92b1014f55aa0158e3fffc22d78f |
Family |
Emotet |
(21)
File Name |
5814 N 17ST.doc |
Created process |
POwersheLL.exe |
Connected (Ip/Dns) |
www.theaffiliateincome.com, luandasoft.com, baangnews.com,
arthurjacksonctc.com |
MD5 |
d44eab3f49c70836c4f7b9524a343f31 |
SHA256 |
57e3a37bdfd74ce08a628a341defd030d4f637f4033ab95d11aaaa807a831c62 |
Family |
Emotet |
(22)
File Name |
0520_656407893761.doc |
Created process |
rundll32.exe |
Connected (Ip/Dns) |
vaethemanic.com |
MD5 |
632c214b5a3f8bdfa91197e121f41db1 |
SHA256 |
d43ec0226fd6af4d0848cd1fa2329b93fb73341814dd8536c53b6da0e31b3844 |
Family |
Hancitor |
(23)
File Name |
1.exe |
Created process |
5.exe |
Connected (Ip/Dns) |
asvb.top |
MD5 |
97a4937242ecf81afac5f24bf3e2a828 |
SHA256 |
db8743187bfe5c0943cc466c56bb368201a7b4ef2dfc832672ab51dc2c367957 |
Family |
Raccoon |
(24)
File Name |
a6b77177d4e4bb966466c65c82f7428b.exe |
Created process |
AddInProcess32.exe |
Connected (Ip/Dns) |
youwebmaster.com, download2.info, u1y.pycharm3.ru,
tstamore.info, api.ip.sb |
MD5 |
a6b77177d4e4bb966466c65c82f7428b |
SHA256 |
bf864ffc01766f30758d5503ee51d15e0e1349cd9bff9b4f90ad775dcb7950c2 |
Family |
Raccoon |
(25)
File Name |
AC30150A3E5AFB12A5BE4E656C982211.exe |
Created process |
AC30150A3E5AFB12A5BE4E656C982211.exe |
Connected (Ip/Dns) |
162.0.223.248 |
MD5 |
ac30150a3e5afb12a5be4e656c982211 |
SHA256 |
fa9d93120859ab98f0f088f3e651360fbecb2c11d216597a5ea7da34debc020c |
Family |
Raccoon |
(26)
File Name |
keygen.exe |
Created process |
InstallUtil.exe |
Connected (Ip/Dns) |
haija.mine.nu |
MD5 |
63121aa148b89c283bc29c8e9359d3b0 |
SHA256 |
14b604df05e37b6dbadba8a6e010870083d6ef961cb983d1e2afcf228c0bf61a |
Family |
Netwire |
(27)
File Name |
Client.exe |
Created process |
Client.exe |
Connected (Ip/Dns) |
mehack1234567.ddns.net |
MD5 |
54e779ec5c88aea659f062c7e538577d |
SHA256 |
1eb4b1682ee4d9e438134c3ab319dac1ac38e1ada272f2c12aa8d06de5889a88 |
Family |
Revenge |
(28)
File Name |
trickbot.zip |
Created process |
Client.exe |
Connected (Ip/Dns) |
89.105.203.180 |
MD5 |
0494f6c3c9f11a26cdebca62914d517e |
SHA256 |
e1382889e918bd1f2f87f5c13a1a2ebe5fa1a0cc89740c80683fefec81ff7097 |
Family |
Trickbot |
(29)
File Name |
maze.exe |
Created process |
maze.exe |
Connected (Ip/Dns) |
91.218.114.4, 91.218.114.11 |
MD5 |
21a563f958b73d453ad91e251b11855c |
SHA256 |
067f1b8f1e0b2bfe286f5169e17834e8cf7f4266b8d97f28ea78995dc81b0e7b |
Family |
Maze |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment