IOCs 23_6_2021

 



(1)

File Name

0f8609078a9272e31b63286cef8bf754.vir.exe

Created process

0f8609078a9272e31b63286cef8bf754.vir.exe

Connected (Ip/Dns)

192.168.100.206

MD5

0f8609078a9272e31b63286cef8bf754

SHA256

0034b1a4639a1f03c6733ea73b0a52f4f013d9fb15a56d5468432088112447d0

Family

njRAT

   If you wanna know how to analysis njRAT Malware you can check my analysis in YouTube  njRAT.


(2)

File Name

6207081845391360.zip

Created process

vbc.exe

Connected (Ip/Dns)

manvim.co

MD5

9aea63b138dc1b70cdd6cad0bd3a81df

SHA256

5da922255fb5ba2d8ee5493c6a0a7bf2dc545465968799af8e6b3f96506fcbb3

Family

Lokibot

 

(3)

File Name

No. ATOMYU14.21.jpg.exe

Created process

No. ATOMYU14.21.jpg.exe

Connected (Ip/Dns)

63.141.228.141

MD5

aa2bd93add61460d059367e41d89195c

SHA256

7f347545daf832b84a0cb2d823af46e874cb7c69f436814c58355262e594c4d3

Family

Lokibot

 

(4)

File Name

INV2021-20800.docx

Created process

taskmgr.exe

Connected (Ip/Dns)

www.yonibymina.com, www.yonibymina.com, www.maimaixiu.club

MD5

6c1c7232217cf3ac24711d9d5588126d

SHA256

040ce819e4f59dd7803e3c75da71048dd8fcf3b28f840889562fd55b6e3f74f2

Family

Formbook

 

(5)

File Name

INV&PL.pdf.exe

Created process

INV&PL.pdf.exe

Connected (Ip/Dns)

www.5percentforex.com, www.neighborlyrepairman.com, www.rsandisforbiden.com

MD5

91c4408c6440c8abd884d5f795a69d93

SHA256

6d84d64d53496e0edfbbafd80efd37be254a071c30dab6aa3708d064bfb1758e

Family

Formbook

 

(6)

File Name

RFQPDF.exe

Created process

RFQPDF.exe

Connected (Ip/Dns)

dubby2021.duckdns.org

MD5

1144f85b53538c9d39e5dfc248db4254

SHA256

05a3a51d5a27c9c2552704ea12c56bf72b689584cd237733960861c83a35d331

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..  

(7)

File Name

New order - QuoteO11190EU,pdf.exe

Created process

New order - QuoteO11190EU,pdf.exe

Connected (Ip/Dns)

goddywin.freedynamicdns.net

MD5

07ec864cd77a8ce91ffdc0e592704a20

SHA256

8e985c697669e0cf36580c49eba3a53e285e19c907bf70ed600af2e3cb26d052

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..  

(8)

File Name

loololol_hub.exe

Created process

loololol_hub.exe

Connected (Ip/Dns)

lildawg221111.mynetgear.com

MD5

629a5086da678dfd783cabf1d5ddaec9

SHA256

c65e2ece64ce4358f31e76218e0b3facef26a10bd849ac8b4a157d455e8d40ff

Family

Orcus RAT

 

(9)

File Name

https://oxy.name/d/SKUd

Created process

orcustop4ik.duckdns.org, outputlead.info

Connected (Ip/Dns)

nanocore.myftp.biz

MD5

97c16b9f4a1814720cb13fa27c780dc7

SHA256

6b010f4db9afce4d5121e1e6c8d9f964a98a76f93b1281d60d229c77f418985c

Family

Orcus RAT

 

(10)

File Name

neti.exe

Created process

neti.exe

Connected (Ip/Dns)

194.87.111.188

MD5

515074db9c35d1bb7e84fbc597066247

SHA256

033741ca568e4e71a586be960e503415579b0520d2c9ecd298ed03becf406b9c

Family

Vidar


(11)

File Name

Oski_Cracked_mcserver5757.ddns.net.exe

Created process

Oski_Cracked_mcserver5757.ddns.net.exe

Connected (Ip/Dns)

mcserver5757.ddns.net

MD5

986cba7e72fc85a6779d4c01d0388e49

SHA256

e37cd1a0f9703ec045c7c467973954380e49444dcabafcb0bf0be9e2fc78f66c

Family

Vidar


(12)

File Name

INQUIRY LIST ITEMS.exe

Created process

INQUIRY LIST ITEMS.exe

Connected (Ip/Dns)

kashbilly.ddns.net

MD5

b462baa7065d8d16821794a2f179464b

SHA256

ba410d1931172915171c7769f798d6aaa1eab9f923c98f178f615ad75a6544f2

Family

Remcos


(13)

File Name

HOJA DE PROCESO FISCAL EN CURSO (REVISION INMEDIATA).eml

Created process

DOCUMENTO_ad002126111561414158-N39120.exe

Connected (Ip/Dns)

dominoduck2113.duckdns.org

MD5

131145147c1718306f293b9156c03aec

SHA256

84bfd520ec912519d0962dfc444d7f1ce577cd9b61f78209f8badac7bb4d06f5

Family

Remcos


(14)

File Name

emotet.doc

Created process

powershell.exe

Connected (Ip/Dns)

blockchainjoblist.com, womenempowermentpakistan.com, atnimanvilla.com,

MD5

b92021ca10aed3046fc3be5ac1c2a094

SHA256

c378387344e0a552dc065de6bfa607fd26e0b5c569751c79fbf9c6f2e91c9807

Family

Emotet


(15)

File Name

emotet.doc

Created process

PO 210521-0012.exe

Connected (Ip/Dns)

blockchainjoblist.com, womenempowermentpakistan.com, atnimanvilla.com

MD5

b92021ca10aed3046fc3be5ac1c2a094

SHA256

c378387344e0a552dc065de6bfa607fd26e0b5c569751c79fbf9c6f2e91c9807

Family

Emotet


(16)

File Name

http://example.com

Created process

hussanx.exe

Connected (Ip/Dns)

newanonjoe.ddns.net, uehge4g6gh.2ihsfa.com, newanonjoe.ddns.net,

MD5

f5648a200cb943e2e11a09d6c7343317

SHA256

09552d558192296ebb71772495032fd4755885cfc96f67252bb830817b04178c

Family

Danabot


(17)

File Name

file

Created process

run2.exe

Connected (Ip/Dns)

extilivelly.com, cludimetifte.ru

MD5

3a492d3738886c56aeea2fd6cc1fb178

SHA256

a7170d048319be6f343f6378cd6ea83660bab8489cdbcda6b243b448c5e275ef

Family

Hancitor


(18)

File Name

Agent_Tesla_Dumped-cleaned.exe

Created process

Agent_Tesla_Dumped-cleaned.exe

Connected (Ip/Dns)

gmicaprelam.in

MD5

23d981f4d662ae374df7c78686ecedf9

SHA256

43b4b0dcf83532473c4bda12ba532c76a15a46e218cc5b6c6420fb3ca826ce26

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(19)

File Name

Client-built.exe

Created process

Client-built.exe

Connected (Ip/Dns)

77.29.72.108 ( Clean)

MD5

f0f606fbbabc8819f7240f6a2e1040ec

SHA256

15bf332c4d7e736c2380ba7a641c22a8c03b943afbf62f2d8ec1e237624d5891

Family

Quasar RAT


(20)

File Name

1word.doc

Created process

1word.doc

Connected (Ip/Dns)

fortcollinsathletefactory.com, getming.com, grml.net, gaffa-music.com

MD5

349d13ca99ab03869548d75b99e5a1d0

SHA256

d34849e1c97f9e615b3a9b800ca1f11ed04a92b1014f55aa0158e3fffc22d78f

Family

Emotet


(21)

File Name

5814 N 17ST.doc

Created process

POwersheLL.exe

Connected (Ip/Dns)

www.theaffiliateincome.com, luandasoft.com, baangnews.com, arthurjacksonctc.com

MD5

d44eab3f49c70836c4f7b9524a343f31

SHA256

57e3a37bdfd74ce08a628a341defd030d4f637f4033ab95d11aaaa807a831c62

Family

Emotet


(22)

File Name

0520_656407893761.doc

Created process

rundll32.exe

Connected (Ip/Dns)

vaethemanic.com

MD5

632c214b5a3f8bdfa91197e121f41db1

SHA256

d43ec0226fd6af4d0848cd1fa2329b93fb73341814dd8536c53b6da0e31b3844

Family

Hancitor


(23)

File Name

1.exe

Created process

5.exe

Connected (Ip/Dns)

asvb.top

MD5

97a4937242ecf81afac5f24bf3e2a828

SHA256

db8743187bfe5c0943cc466c56bb368201a7b4ef2dfc832672ab51dc2c367957

Family

Raccoon


(24)

File Name

a6b77177d4e4bb966466c65c82f7428b.exe

Created process

AddInProcess32.exe

Connected (Ip/Dns)

youwebmaster.com, download2.info, u1y.pycharm3.ru, tstamore.info, api.ip.sb

MD5

a6b77177d4e4bb966466c65c82f7428b

SHA256

bf864ffc01766f30758d5503ee51d15e0e1349cd9bff9b4f90ad775dcb7950c2

Family

Raccoon


(25)

File Name

AC30150A3E5AFB12A5BE4E656C982211.exe

Created process

AC30150A3E5AFB12A5BE4E656C982211.exe

Connected (Ip/Dns)

162.0.223.248

MD5

ac30150a3e5afb12a5be4e656c982211

SHA256

fa9d93120859ab98f0f088f3e651360fbecb2c11d216597a5ea7da34debc020c

Family

Raccoon


(26)

File Name

keygen.exe

Created process

InstallUtil.exe

Connected (Ip/Dns)

haija.mine.nu

MD5

63121aa148b89c283bc29c8e9359d3b0

SHA256

14b604df05e37b6dbadba8a6e010870083d6ef961cb983d1e2afcf228c0bf61a

Family

Netwire


(27)

File Name

Client.exe

Created process

Client.exe

Connected (Ip/Dns)

mehack1234567.ddns.net

MD5

54e779ec5c88aea659f062c7e538577d

SHA256

1eb4b1682ee4d9e438134c3ab319dac1ac38e1ada272f2c12aa8d06de5889a88

Family

Revenge


(28)

File Name

trickbot.zip

Created process

Client.exe

Connected (Ip/Dns)

89.105.203.180

MD5

0494f6c3c9f11a26cdebca62914d517e

SHA256

e1382889e918bd1f2f87f5c13a1a2ebe5fa1a0cc89740c80683fefec81ff7097

Family

Trickbot


(29)

File Name

maze.exe

Created process

maze.exe

Connected (Ip/Dns)

91.218.114.4, 91.218.114.11

MD5

21a563f958b73d453ad91e251b11855c

SHA256

067f1b8f1e0b2bfe286f5169e17834e8cf7f4266b8d97f28ea78995dc81b0e7b

Family

Maze



If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware