IOCs 30_6_2021

 






(1)

File Name

PO#EIMG_501367089.pdf.exe

Created process

PO#EIMG_501367089.pdf.exe

Connected (Ip/Dns)

www[.]mortgagemegloans[.]com, www[.]blueathue[.]com, www[.]bexleyheathdmcc[.]xyz, www[.]fourcornersfreight[.]com, www[.]xgegqs[.]com, www[.]beckerconta[.]com

MD5

3844b2ba67af80e3d7d7253122644810

SHA256

93eb2094dae2d9f36e52bc880594818e203973d1e62e2b2db76cd39804ff0323

Family

Formbook

 


(2)

File Name

Sridhar Insurance Broker P LTD Profoma Invoice.exe

Created process

Sridhar Insurance Broker P LTD Profoma Invoice.exe

Connected (Ip/Dns)

www[.]scopio[.]info, www[.]norcalppe[.]net, www[.]juniornesbitt[.]com, www[.]coderoy[.]com, www[.]cotruyenmochoa[.]xyz, www[.]cotruyenmochoa[.]xyz, www[.]penetrationtest[.]pro, www[.]rx-jl[.]com

MD5

27eebb17c78baf4ec67d92802a3b1544

SHA256

9015a3d36c6f378e870487b60ae7854376f55d0959444303691fb4f51d7b7420

Family

Formbook

 

(3)

File Name

Shipping docs 956-09 & Delivery.r00

Created process

Shipping docs 956-09 & Delivery.exe

Connected (Ip/Dns)

www[.]pantheoncases[.]com, www[.]blogafonte[.]com, www[.]eclorui[.]com, www[.]wwwgraciescottage[.]com, www[.]navyugitsolutions[.]com, www[.]angelademarco[.]com, www[.]thecode[.]community, www[.]rhexlux[.]com, www[.]bidatauction[.]net, www[.]hardrock[.]site, www[.]88q858[.]com, www[.]kate[.]chat, www[.]thepassiveincomecreator[.]com

MD5

8c6c7579ec387dd807ff19406fa59b1f

SHA256

8f1b5ca4327254de68549660364615e722dfd1a12f1a101a239fb918d9734dc5

Family

Formbook

 

(4)

File Name

Urgent! confirmation of Invoicepayment.exe

Created process

Urgent! confirmation of Invoicepayment.exe

Connected (Ip/Dns)

www[.]softwarefully[.]com, www[.]burnvioletinternational[.]com, www[.]lessismoreee[.]com, www[.]databolism[.]com, www[.]sneakyhenry[.]com, www[.]x1699[.]com, www[.]sems-iress2016[.]com, www[.]floraseriestrilogy[.]com, www[.]theatricsvirtual[.]com

MD5

5d795e196dd6a162a9316480acff2f6d

SHA256

72c6697907363b49b380a98519bd1301562ed640b1d4d98f5a4bc08cddeb5ab7

Family

Formbook

 

(5)

File Name

facturas y datos bancarios.PDF____________________________________.bat

Created process

facturas y datos bancarios.PDF____________________________________.bat.exe

Connected (Ip/Dns)

63[.]141[.]228[.]141/32[.]php/a1NQk98eWCWX2

MD5

677e43a1196be7e0a774a6745fb411e3

SHA256

aa08b9395415b671ca5c4d36a90bb6b6c241f18ba211f93408c10231c3b04ba6

Family

Lokibot

 

(6)

File Name

RFQ202106VR2.pdf.exe

Created process

RFQ202106VR2.pdf.exe

Connected (Ip/Dns)

apponline97[.]ir

MD5

65de792976737dd35343b2f30ba93dd2

SHA256

0ecc2f2a0346ca13361092909a8587927ab52b9532ae7b6d69367546369b31bd

Family

Lokibot

 

(7)

File Name

Zahtjev za ponudu 29·06·2021·pdf.exe

Created process

Zahtjev za ponudu 29·06·2021·pdf.exe

Connected (Ip/Dns)

63[.]141[.]228[.]141/32.php/S7zr5v1fXI3Rb

MD5

b403a643dc65aa6e5e1a2fede3ceda29

SHA256

c603192b53053eae5e0dbe579efb44d9ede6ff0f6874a7a7586ade0dcffc7072

Family

Lokibot

 

(8)

File Name

EOU907665787754.COM.exe

Created process

EOU907665787754.COM.exe

Connected (Ip/Dns)

pakilogs2020[.]xyz

MD5

b70e5ba1d460943683b625756ca68d64

SHA256

0970bb89de66cfb334d0d4d55f92c0f62aee871728218dd9945454697ba13252

Family

Lokibot

 

(9)

File Name

INV+QUOTATION #1053517.06.2021.jpeg.exe

Created process

INV+QUOTATION #1053517.06.2021.jpeg.exe

Connected (Ip/Dns)

79[.]134[.]225[.]7

MD5

94e7faab20f782e0819089d7493b9f83

SHA256

b00853366a3a3c03d3ba03c880c07e974efbb4525b0967d54cd3295f1d8d46c9

Family

Nanocore

 


(10)

File Name

PROFORMA INVOICE.doc

Created process

PROFORMA INVOICE.doc.exe

Connected (Ip/Dns)

Tzitziklishop[.]ddns[.]net[.]xyz

MD5

ee4f0ee74e0170c7ae1733210d7f1a79

SHA256

dbb9a8d74695467d8275771763de5a45deb0f32d32b107af9c7fd50a0113316e

Family

Nanocore


(11)

File Name

COVID-19-TEST-fdp.scr

Created process

COVID-19-TEST-rcs.pdf.exe

Connected (Ip/Dns)

6[.]tcp[.]ngrok[.]io

MD5

9c460f535bce6d3a8f4775be6e15fe67

SHA256

9ac2eebb6058f29156d1847b34be9a1970df8f45a51c6ee604218ca5171915aa

Family

Quasar RAT


(12)

File Name

60dc99_Outbyte-PC-Repa.zip

Created process

UKuwXoarX5zMhmpHdpqNANFv.exe

Connected (Ip/Dns)

Motiwa[.]xyz, uyg5wye[.]2ihsfa[.]com, rdanoriran[.]xyz, api[.]ip[.]sb, g-partners[.]top, zedaumalev[.]xyz, game2030[.]site

MD5

13cb1e4f2926e4c7665df454e67cb582

SHA256

40a2d7b3a8e780edc2f28414a45f63adaa5481c9cad7d316731c235967179e20

Family

Vidar


(13)

File Name

RFQ-20210629.gz

Created process

RFQ-20210629.exe

Connected (Ip/Dns)

box5363[.]bluehost[.]com

MD5

458673f84273c31c51385239c702baec

SHA256

afa146b598814bc0d04bbea34a992eddd67ff4eac850497e5eb0c1a27a8eb895

Family

Agent Tesla


(14)

File Name/Url

035e286f0b1c50844dcf7dccb7312036.exe

Created process

035e286f0b1c50844dcf7dccb7312036.exe

Connected (Ip/Dns)

Icando[.]ug, nothinglike[.]ac[.]ug, lizzzqua[.]ac[.]ug, lizard[.]ac[.]ug

MD5

035e286f0b1c50844dcf7dccb7312036

SHA256

69e75e57bc4a09c9a3d7726b28423d10df5b0224177ebfa43930668efd0af5da

Family

Azorult


(15)

File Name

3f1eb883bca3190418d1905ed4b017f4.vir

Created process

3f1eb883bca3190418d1905ed4b017f4.vir.exe

Connected (Ip/Dns)

Abemuggs[.]com/forum/viewtopic.php

MD5

3f1eb883bca3190418d1905ed4b017f4

SHA256

ac4662fd3a9989138cdd56723d590b1ae41de9b55e497368d601d9e747fa1a83

Family

Pony


(16)

File Name

3f1eb883bca3190418d1905ed4b017f4.vir

Created process

3f1eb883bca3190418d1905ed4b017f4.vir.exe

Connected (Ip/Dns)

Abemuggs[.]com/forum/viewtopic.php

MD5

3f1eb883bca3190418d1905ed4b017f4

SHA256

ac4662fd3a9989138cdd56723d590b1ae41de9b55e497368d601d9e747fa1a83

Family

Pony

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more