IOCs 28_6_2021

 





(1)

File Name

885a9de3525d6831314160bbe33d838f.exe

Created process

885a9de3525d6831314160bbe33d838f.exe

Connected (Ip/Dns)

sandshoe.myfirewall.org

MD5

885a9de3525d6831314160bbe33d838f

SHA256

2b1e0b1b320aa81b41cf142297135183f00ad695517f12d3f715fd58eaa6a9c2

Family

njRAT

  If you wanna know how to analysis njRAT Malware you can check my analysis in YouTube  njRAT.


(2)

File Name

Trot1212ilr.exe

Created process

Trot1212ilr.exe

Connected (Ip/Dns)

82.202.167.208

MD5

1256bdaae98d0afb15b4f3250c2749f3

SHA256

a2d2e91de232701a0f309f8f1eb894c80a4114beb6cd6f0df02e7bfdcd6c278f

Family

njRAT

  If you wanna know how to analysis njRAT Malware you can check my analysis in YouTube  njRAT.

(3)

File Name

Order=bcm_28062021.exe

Created process

Order=bcm_28062021.exe

Connected (Ip/Dns)

www.imperatrizacam.com, www.culturalinterface.net, www.kosova.one, www.scientificindustrial.com, www.verbalfreedom.com, www.homeanddesignstudio.com, www.financierapoorvenirsas.com

MD5

3bcca69e39060206b9903df14ac37396

SHA256

2ced4843ae81ab8de3e28e481e4865374b67a9b46d0df2dde3af65b50b857c2a

Family

Formbook

 

(4)

File Name

PO KIPO000903 KIND122822.pdf.exe

Created process

PO KIPO000903 KIND122822.pdf.exe

Connected (Ip/Dns)

www.xgegqs.com, www.easydigitalzone.com, www.mamiya-mould.com, www.thehealthyfoodkitchen.com, www.beckerconta.com

MD5

6b107659d7e4b9fc7a1fa1c37b2c26ef

SHA256

940049a73f4604611186b3fe1f93bec8328d4ca2c486499d5be25df5b5d51ca9

Family

Formbook

 

(5)

File Name

IHB2021000000120 - INOUT SPA.gz

Created process

IHB2021000000120 - INOUT SPA.exe

Connected (Ip/Dns)

www.bethhansenfitness.com, www.bethhansenfitness.com, www.virgintv360virtuallaunch.com, www.fortressmd.net, www.sundeepm.com, www.thiccjuice.com, www.radyopoll.com, www.centralridge.partners, www.cryptocoinminingpro.com, www.mylittletailwiggle.com, www.dancingwithmycycle.com, www.jullibe.com, www.mtechpartners.net, www.georgeforeman.productions, www.k-ozashiki.com

MD5

09b8f76a106669094b4c1be56b6ba49c

SHA256

05f7f1cacc9956a182869b7e85e354142b0f7a86ce065403b17643e23f4fbf44

Family

Formbook

 

(6)

File Name

PURCHASE ORDERpdf.exe

Created process

PURCHASE ORDERpdf.exe

Connected (Ip/Dns)

vihaiha.com

MD5

7408d83911eaa6cad502921c66c62aff

SHA256

3c0a74c8ff38f03caebb172d488e84dbb8fe05b45393f8f35c7c356956a210c9

Family

Lokibot

 

(7)

File Name

PROFORMANew PO N. FM 24062021.xlsx

Created process

PROFORMANew PO N. FM 24062021.exe

Connected (Ip/Dns)

dropmyb.in

MD5

7333160e223353c997358d1e7fc689d5

SHA256

4f7b8c29006ef83433912fc5e138c4c970d8a70fae33dd7a73647606ffbd0579

Family

Lokibot

 

(8)

File Name

POEA DELISTED AGENCIES.pdf.uue

Created process

POEA DELISTED AGENCIES.pdf.exe

Connected (Ip/Dns)

shahzad73.casacam.net, shahzad73.ddns.net,

MD5

a98b1b9658f9e1c7f90e72ec4c0aa9d9

SHA256

fda4dbf50f98c632aca2b7aa46f46bfde9f4b006bdbcc51b1940cdb0e021268e

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..  

(9)

File Name

a79f0d15db98765ca104e5b3e2a56785.exe

Created process

a79f0d15db98765ca104e5b3e2a56785.exe

Connected (Ip/Dns)

royalty11.ddns.net

MD5

a79f0d15db98765ca104e5b3e2a56785

SHA256

53a74c28624424292af9e2ceed7da5d53af113cf213e855e5e4421aa60e7901d

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..  

(10)

File Name

main_setup_x86x64.exe

Created process

main_setup_x86x64.exe

Connected (Ip/Dns)

razino.xyz

MD5

08ca0e52948460c5c2f82791a1ddb2fc

SHA256

6a91a4affa1ec1e4e06492a200ed0365f21a2576f065852944fd7fb362ed1370

Family

Vidar


(11)

File Name

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Created process

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Connected (Ip/Dns)

193.23.244.244

MD5

84c82835a5d21bbcf75a61706d8ab549

SHA256

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

Family

WannaCry


(12)

File Name

2fa0b5fec3cfd5ed105928568cd6f57f634667ea9b52ae47a489ea4d304c9b6c

Created process

2fa0b5fec3cfd5ed105928568cd6f57f634667ea9b52ae47a489ea4d304c9b6c.exe

Connected (Ip/Dns)

https://oksuc.com/wp-admin/ncexnq/

http://inscricao.jethrointernational.org/wp-admin/0um0/

http://feichters.net/tmp/tHyg6o/

https://socialmentors.net/cmsc_db/vGQuZXOoi/

https://pdtech2.com/components/Wu4bvUf9KY/'

MD5

2ae469ed7fe1aed1bcede80e1627c3dd

SHA256

2fa0b5fec3cfd5ed105928568cd6f57f634667ea9b52ae47a489ea4d304c9b6c

Family

Emotet


(13)

File Name

Client-built.exe

Created process

Client-built.exe

Connected (Ip/Dns)

dupson123.ddns.net

MD5

a6bd1086c8664009a6405ce8e499a16f

SHA256

84dcdc14e821ff3601a6cf3b80b464ec14c37a09d11ad0c6447c9e9e43ae2e3b

Family

Quasar RAT



If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware