IOCs 28_6_2021
(1)
File Name |
885a9de3525d6831314160bbe33d838f.exe |
Created process |
885a9de3525d6831314160bbe33d838f.exe |
Connected (Ip/Dns) |
sandshoe.myfirewall.org |
MD5 |
885a9de3525d6831314160bbe33d838f |
SHA256 |
2b1e0b1b320aa81b41cf142297135183f00ad695517f12d3f715fd58eaa6a9c2 |
Family |
njRAT |
(2)
File Name |
Trot1212ilr.exe |
Created process |
Trot1212ilr.exe |
Connected (Ip/Dns) |
82.202.167.208 |
MD5 |
1256bdaae98d0afb15b4f3250c2749f3 |
SHA256 |
a2d2e91de232701a0f309f8f1eb894c80a4114beb6cd6f0df02e7bfdcd6c278f |
Family |
njRAT |
(3)
File Name |
Order=bcm_28062021.exe |
Created process |
Order=bcm_28062021.exe |
Connected (Ip/Dns) |
www.imperatrizacam.com, www.culturalinterface.net, www.kosova.one, www.scientificindustrial.com,
www.verbalfreedom.com, www.homeanddesignstudio.com, www.financierapoorvenirsas.com |
MD5 |
3bcca69e39060206b9903df14ac37396 |
SHA256 |
2ced4843ae81ab8de3e28e481e4865374b67a9b46d0df2dde3af65b50b857c2a |
Family |
Formbook |
(4)
File Name |
PO KIPO000903 KIND122822.pdf.exe |
Created process |
PO KIPO000903 KIND122822.pdf.exe |
Connected (Ip/Dns) |
www.xgegqs.com, www.easydigitalzone.com, www.mamiya-mould.com, www.thehealthyfoodkitchen.com, www.beckerconta.com |
MD5 |
6b107659d7e4b9fc7a1fa1c37b2c26ef |
SHA256 |
940049a73f4604611186b3fe1f93bec8328d4ca2c486499d5be25df5b5d51ca9 |
Family |
Formbook |
(5)
File Name |
IHB2021000000120 - INOUT SPA.gz |
Created process |
IHB2021000000120 - INOUT SPA.exe |
Connected (Ip/Dns) |
www.bethhansenfitness.com, www.bethhansenfitness.com, www.virgintv360virtuallaunch.com, www.fortressmd.net, www.sundeepm.com, www.thiccjuice.com,
www.radyopoll.com, www.centralridge.partners, www.cryptocoinminingpro.com, www.mylittletailwiggle.com, www.dancingwithmycycle.com, www.jullibe.com, www.mtechpartners.net,
www.georgeforeman.productions, www.k-ozashiki.com |
MD5 |
09b8f76a106669094b4c1be56b6ba49c |
SHA256 |
05f7f1cacc9956a182869b7e85e354142b0f7a86ce065403b17643e23f4fbf44 |
Family |
Formbook |
(6)
File Name |
PURCHASE ORDERpdf.exe |
Created process |
PURCHASE ORDERpdf.exe |
Connected (Ip/Dns) |
vihaiha.com |
MD5 |
7408d83911eaa6cad502921c66c62aff |
SHA256 |
3c0a74c8ff38f03caebb172d488e84dbb8fe05b45393f8f35c7c356956a210c9 |
Family |
Lokibot |
(7)
File Name |
PROFORMANew PO N. FM 24062021.xlsx |
Created process |
PROFORMANew PO N. FM 24062021.exe |
Connected (Ip/Dns) |
dropmyb.in |
MD5 |
7333160e223353c997358d1e7fc689d5 |
SHA256 |
4f7b8c29006ef83433912fc5e138c4c970d8a70fae33dd7a73647606ffbd0579 |
Family |
Lokibot |
(8)
File Name |
POEA DELISTED AGENCIES.pdf.uue |
Created process |
POEA DELISTED AGENCIES.pdf.exe |
Connected (Ip/Dns) |
shahzad73.casacam.net, shahzad73.ddns.net, |
MD5 |
a98b1b9658f9e1c7f90e72ec4c0aa9d9 |
SHA256 |
fda4dbf50f98c632aca2b7aa46f46bfde9f4b006bdbcc51b1940cdb0e021268e |
Family |
Nanocore |
(9)
File Name |
a79f0d15db98765ca104e5b3e2a56785.exe |
Created process |
a79f0d15db98765ca104e5b3e2a56785.exe |
Connected (Ip/Dns) |
royalty11.ddns.net |
MD5 |
a79f0d15db98765ca104e5b3e2a56785 |
SHA256 |
53a74c28624424292af9e2ceed7da5d53af113cf213e855e5e4421aa60e7901d |
Family |
Nanocore |
(10)
File Name |
main_setup_x86x64.exe |
Created process |
main_setup_x86x64.exe |
Connected (Ip/Dns) |
razino.xyz |
MD5 |
08ca0e52948460c5c2f82791a1ddb2fc |
SHA256 |
6a91a4affa1ec1e4e06492a200ed0365f21a2576f065852944fd7fb362ed1370 |
Family |
Vidar |
(11)
File Name |
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe |
Created process |
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe |
Connected (Ip/Dns) |
193.23.244.244 |
MD5 |
84c82835a5d21bbcf75a61706d8ab549 |
SHA256 |
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
Family |
WannaCry |
(12)
File Name |
2fa0b5fec3cfd5ed105928568cd6f57f634667ea9b52ae47a489ea4d304c9b6c |
Created process |
2fa0b5fec3cfd5ed105928568cd6f57f634667ea9b52ae47a489ea4d304c9b6c.exe |
Connected (Ip/Dns) |
https://oksuc.com/wp-admin/ncexnq/ http://inscricao.jethrointernational.org/wp-admin/0um0/ http://feichters.net/tmp/tHyg6o/ https://socialmentors.net/cmsc_db/vGQuZXOoi/ https://pdtech2.com/components/Wu4bvUf9KY/' |
MD5 |
2ae469ed7fe1aed1bcede80e1627c3dd |
SHA256 |
2fa0b5fec3cfd5ed105928568cd6f57f634667ea9b52ae47a489ea4d304c9b6c |
Family |
Emotet |
(13)
File Name |
Client-built.exe |
Created process |
Client-built.exe |
Connected (Ip/Dns) |
dupson123.ddns.net |
MD5 |
a6bd1086c8664009a6405ce8e499a16f |
SHA256 |
84dcdc14e821ff3601a6cf3b80b464ec14c37a09d11ad0c6447c9e9e43ae2e3b |
Family |
Quasar RAT |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment