IOCs 29_6_2021
(1)
|
File Name |
sa.exe |
|
Created process |
sa.exe |
|
Connected (Ip/Dns) |
4[.]tcp[.]ngrok[.]io |
|
MD5 |
30b1a6fd0d23ef282bf3ed037a0260e0 |
|
SHA256 |
4996bb255f3e794df30758e1e75fe544abe40aefe7d77a1d777619aa41c1d8d6 |
|
Family |
njRAT |
(2)
|
File Name |
Invoice.exe |
|
Created process |
Invoice.exe |
|
Connected (Ip/Dns) |
www[.]jinshifj[.]com, www[.]rep[.]place, www[.]xn--egegncel-95a.com,
www[.]thehindufestival[.]com, www[.]plny[.]xyz, www[.]23237a2371.info,
www[.]daviddelavariservices[.]space, www[.]ollipsisparents.com |
|
MD5 |
a540145448761c79d6aa512a1db384ad |
|
SHA256 |
b500e490e3aed21ac17d1bd9fe295628a6fc2682613f6971b765373b8ee706f6 |
|
Family |
Formbook |
(3)
|
File Name |
PO_DEA83657-ARF.doc.7z |
|
Created process |
PO_DEA83657-ARF.doc.exe |
|
Connected (Ip/Dns) |
www[.]devastateclo[.]com, www[.]janbosun.com, www[.]keochatluong.com, www[.]420rankings[.]com,
www[.]lindsaysgill[.]com, www[.]heatingandairtulsa[.]com, www[.]secretpal[.]club, www[.]the427group[.]com, |
|
MD5 |
8c6c7579ec387dd807ff19406fa59b1f |
|
SHA256 |
8f1b5ca4327254de68549660364615e722dfd1a12f1a101a239fb918d9734dc5 |
|
Family |
Formbook |
(4)
|
File Name |
Predracun je prilozen.zip |
|
Created process |
Predracun je prilozen.exe |
|
Connected (Ip/Dns) |
www[.]tempestchs[.]com, www[.]garnier.red, www[.]drainthe.com,
www[.]zzful[.]com, www[.]cursosaprovados[.]com, www[.]sumaholesson.com,
www[.]msmenders[.]com, www[.]spacecoasthondaevent[.]com, www.aztecnort[.]com, www[.]rbcoq[.]com, |
|
MD5 |
9edfba1d6330213ca6459f6f6b4da8fa |
|
SHA256 |
23da27bac1030552416242a052e2500e49ffe811a518468126a402cbd48ed1e9 |
|
Family |
Formbook |
(5)
|
File Name |
datos bancarios y
facturaa.pdf____________________________________________________.bat.exe |
|
Created process |
datos bancarios y
facturaa.pdf____________________________________________________.bat.exe |
|
Connected (Ip/Dns) |
63[.]141[.]228[.]141, |
|
MD5 |
f1f1d8afa0035746d2e0b48683d86ba3 |
|
SHA256 |
b633c2d7add6d107541f26935e6a6e864ed9e6ededbab7fd0aedcb7dd3f3bc80 |
|
Family |
Lokibot |
(6)
|
File Name |
FINAL INVOICE.doc |
|
Created process |
FINAL INVOICE.exe |
|
Connected (Ip/Dns) |
katchobinnas[.]duckdns[.]org, zzeroirt[.]duckdns[.]org |
|
MD5 |
beb701c8c9a2a0c6ca4d963ed427de0b |
|
SHA256 |
3f9f1f9f7da54d10ec218399a2e099dca56961d8c01f52e196d0cfd442c2194d |
|
Family |
Nanocore |
(7)
|
File Name |
DHL_PARCEL.exe |
|
Created process |
DHL_PARCEL.exe |
|
Connected (Ip/Dns) |
79[.]134[.]225[.]55 |
|
MD5 |
fedaefc7272e361867145848cb35c246 |
|
SHA256 |
82c4be21fed9665af735f8e13d650bae8fc9c0c59c80535969e8158b9c857d9e |
|
Family |
Nanocore |
(8)
|
File Name |
purchase order.exe |
|
Created process |
purchase order.exe |
|
Connected (Ip/Dns) |
ericfresh[.]duckdns[.]org |
|
MD5 |
83ca7702d915e168ba1d680fbdfa13bf |
|
SHA256 |
1cc4f59fef33a8415be46074aeb2f596c736d26364ef20fa53c6915968c48640 |
|
Family |
Nanocore |
(9)
|
File Name |
Rules & Regulation (IRR)_pdf.exe |
|
Created process |
Rules & Regulation (IRR)_pdf.exe |
|
Connected (Ip/Dns) |
cato[.]fingusti[.]club |
|
MD5 |
21a48450c02033c7ec5c7a689e5b5c63 |
|
SHA256 |
009a336f3bae013c379a21bcfdbbcd9642984cb613dbe59ccff8d2e7c50c32b3 |
|
Family |
Remcos |
(10)
|
File Name |
2trb2FUS3fxN17iYK6_CiJp8.exe |
|
Created process |
2trb2FUS3fxN17iYK6_CiJp8.exe |
|
Connected (Ip/Dns) |
freeprivacytoolsforyou[.]xyz |
|
MD5 |
08ca0e52948460c5c2f82791a1ddb2fc |
|
SHA256 |
6a91a4affa1ec1e4e06492a200ed0365f21a2576f065852944fd7fb362ed1370 |
|
Family |
Vidar |
(11)
|
File Name |
saa.exe |
|
Created process |
saa.exe |
|
Connected (Ip/Dns) |
monoshock[.]ddns[.]net |
|
MD5 |
0bed72242ce8533b9ee47bddc30e568a |
|
SHA256 |
47aff55c9ce118566b557e9866ae0445f90393fb5338886ede0b2fcc0a4d94d7 |
|
Family |
Quasar RAT |
(12)
|
File Name |
AL Naser General Services PO609521.exe |
|
Created process |
AL Naser General Services PO609521.exe |
|
Connected | oksuc[.]com/wp-admin/ncexnq/ |
|
MD5 |
c6099579a1d9cbe8a747a46fce3e0907 |
|
SHA256 |
b6ff5d41d744f289b0e536d5e7c244490ade99fcc44772d645648e6c9f769a6c |
|
Family |
Agent Tesla |
(13)
|
File Name |
Enquiry ref. MMJKM10113691.exe |
|
Created process |
Enquiry ref. MMJKM10113691.exe |
|
Connected (Ip/Dns) |
mail[.]totalkitchensandbathrooms[.]com[.]au |
|
MD5 |
dc3417726e196240cf5b03bb00561e6e |
|
SHA256 |
ebf2bf210764dcaf2ee0019cca80cc1c0f147671635bae9371c421d170794c29 |
|
Family |
Agent Tesla |
(14)
|
File Name/Url |
https://keygenit.com |
|
Created process |
I_O0MPKND84NX5r.exe |
|
Connected (Ip/Dns) |
kvaka[.]li |
|
MD5 |
dc3417726e196240cf5b03bb00561e6e |
|
SHA256 |
ebf2bf210764dcaf2ee0019cca80cc1c0f147671635bae9371c421d170794c29 |
|
Family |
Azorult |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment