IOCs 28_6_2021

 





(1)

File Name

885a9de3525d6831314160bbe33d838f.exe

Created process

885a9de3525d6831314160bbe33d838f.exe

Connected (Ip/Dns)

sandshoe.myfirewall.org

MD5

885a9de3525d6831314160bbe33d838f

SHA256

2b1e0b1b320aa81b41cf142297135183f00ad695517f12d3f715fd58eaa6a9c2

Family

njRAT

  If you wanna know how to analysis njRAT Malware you can check my analysis in YouTube  njRAT.


(2)

File Name

Trot1212ilr.exe

Created process

Trot1212ilr.exe

Connected (Ip/Dns)

82.202.167.208

MD5

1256bdaae98d0afb15b4f3250c2749f3

SHA256

a2d2e91de232701a0f309f8f1eb894c80a4114beb6cd6f0df02e7bfdcd6c278f

Family

njRAT

  If you wanna know how to analysis njRAT Malware you can check my analysis in YouTube  njRAT.

(3)

File Name

Order=bcm_28062021.exe

Created process

Order=bcm_28062021.exe

Connected (Ip/Dns)

www.imperatrizacam.com, www.culturalinterface.net, www.kosova.one, www.scientificindustrial.com, www.verbalfreedom.com, www.homeanddesignstudio.com, www.financierapoorvenirsas.com

MD5

3bcca69e39060206b9903df14ac37396

SHA256

2ced4843ae81ab8de3e28e481e4865374b67a9b46d0df2dde3af65b50b857c2a

Family

Formbook

 

(4)

File Name

PO KIPO000903 KIND122822.pdf.exe

Created process

PO KIPO000903 KIND122822.pdf.exe

Connected (Ip/Dns)

www.xgegqs.com, www.easydigitalzone.com, www.mamiya-mould.com, www.thehealthyfoodkitchen.com, www.beckerconta.com

MD5

6b107659d7e4b9fc7a1fa1c37b2c26ef

SHA256

940049a73f4604611186b3fe1f93bec8328d4ca2c486499d5be25df5b5d51ca9

Family

Formbook

 

(5)

File Name

IHB2021000000120 - INOUT SPA.gz

Created process

IHB2021000000120 - INOUT SPA.exe

Connected (Ip/Dns)

www.bethhansenfitness.com, www.bethhansenfitness.com, www.virgintv360virtuallaunch.com, www.fortressmd.net, www.sundeepm.com, www.thiccjuice.com, www.radyopoll.com, www.centralridge.partners, www.cryptocoinminingpro.com, www.mylittletailwiggle.com, www.dancingwithmycycle.com, www.jullibe.com, www.mtechpartners.net, www.georgeforeman.productions, www.k-ozashiki.com

MD5

09b8f76a106669094b4c1be56b6ba49c

SHA256

05f7f1cacc9956a182869b7e85e354142b0f7a86ce065403b17643e23f4fbf44

Family

Formbook

 

(6)

File Name

PURCHASE ORDERpdf.exe

Created process

PURCHASE ORDERpdf.exe

Connected (Ip/Dns)

vihaiha.com

MD5

7408d83911eaa6cad502921c66c62aff

SHA256

3c0a74c8ff38f03caebb172d488e84dbb8fe05b45393f8f35c7c356956a210c9

Family

Lokibot

 

(7)

File Name

PROFORMANew PO N. FM 24062021.xlsx

Created process

PROFORMANew PO N. FM 24062021.exe

Connected (Ip/Dns)

dropmyb.in

MD5

7333160e223353c997358d1e7fc689d5

SHA256

4f7b8c29006ef83433912fc5e138c4c970d8a70fae33dd7a73647606ffbd0579

Family

Lokibot

 

(8)

File Name

POEA DELISTED AGENCIES.pdf.uue

Created process

POEA DELISTED AGENCIES.pdf.exe

Connected (Ip/Dns)

shahzad73.casacam.net, shahzad73.ddns.net,

MD5

a98b1b9658f9e1c7f90e72ec4c0aa9d9

SHA256

fda4dbf50f98c632aca2b7aa46f46bfde9f4b006bdbcc51b1940cdb0e021268e

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..  

(9)

File Name

a79f0d15db98765ca104e5b3e2a56785.exe

Created process

a79f0d15db98765ca104e5b3e2a56785.exe

Connected (Ip/Dns)

royalty11.ddns.net

MD5

a79f0d15db98765ca104e5b3e2a56785

SHA256

53a74c28624424292af9e2ceed7da5d53af113cf213e855e5e4421aa60e7901d

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..  

(10)

File Name

main_setup_x86x64.exe

Created process

main_setup_x86x64.exe

Connected (Ip/Dns)

razino.xyz

MD5

08ca0e52948460c5c2f82791a1ddb2fc

SHA256

6a91a4affa1ec1e4e06492a200ed0365f21a2576f065852944fd7fb362ed1370

Family

Vidar


(11)

File Name

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Created process

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Connected (Ip/Dns)

193.23.244.244

MD5

84c82835a5d21bbcf75a61706d8ab549

SHA256

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

Family

WannaCry


(12)

File Name

2fa0b5fec3cfd5ed105928568cd6f57f634667ea9b52ae47a489ea4d304c9b6c

Created process

2fa0b5fec3cfd5ed105928568cd6f57f634667ea9b52ae47a489ea4d304c9b6c.exe

Connected (Ip/Dns)

https://oksuc.com/wp-admin/ncexnq/

http://inscricao.jethrointernational.org/wp-admin/0um0/

http://feichters.net/tmp/tHyg6o/

https://socialmentors.net/cmsc_db/vGQuZXOoi/

https://pdtech2.com/components/Wu4bvUf9KY/'

MD5

2ae469ed7fe1aed1bcede80e1627c3dd

SHA256

2fa0b5fec3cfd5ed105928568cd6f57f634667ea9b52ae47a489ea4d304c9b6c

Family

Emotet


(13)

File Name

Client-built.exe

Created process

Client-built.exe

Connected (Ip/Dns)

dupson123.ddns.net

MD5

a6bd1086c8664009a6405ce8e499a16f

SHA256

84dcdc14e821ff3601a6cf3b80b464ec14c37a09d11ad0c6447c9e9e43ae2e3b

Family

Quasar RAT


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more