IOCs 11_7_2021

 




(1)

File Name

Popis narudzbi.zip

Created process

Popis narudzbi.exe

Connected (Ip/Dns)

www[.]jakesplacebarbers[.]com,

 

MD5

5338e8c6395776095478c8385a40ae8f

SHA256

ae22dc74d8b035a75e80f276d9d443a1a7fb6a4b7654ae5da8a8e1ee95ffec94

Family

Formbook

 

(2)

File Name

UQnTsBsAm.exe

Created process

UQnTsBsAm.exe

Connected (Ip/Dns)

www[.]osanesc[.]com/00k/?pRZxqHVh=0me5wnVIbqnWzKwATdFDQToGfmMOXTPakoRvhcKZq26R4UZ+bLEc46JDj7qBK4nwX38M8g==&3fl=Ib9L_rGp6DtP

MD5

dbbbada5a0b199a47e81d1933896d5ae

SHA256

6ae77d55d60749d8b4eb3bdfcc53975bb3061e41fa67048e7ec500202ff23f3a

Family

Formbook

 

(3)

File Name

8165b1162eb2b4ba988fa313a4c612473b3c8dd20be7d27b6ee81435ed984a7c.zip

Created process

8165b1162eb2b4ba988fa313a4c612473b3c8dd20be7d27b6ee81435ed984a7c.exe

Connected (Ip/Dns)

103[.]114[.]107.28/me/web10/inc/d3808c7188cb55.php

MD5

568d233ba1589de86cfcbd30c3b83dee

SHA256

8165b1162eb2b4ba988fa313a4c612473b3c8dd20be7d27b6ee81435ed984a7c

Family

AgentTesla

 

(4)

File Name

ijccaFkQnS.exe

Created process

ijccaFkQnS.exe

Connected (Ip/Dns)

177[.]242[.]156[.]119/

MD5

1971bd3c2b25ce33550085b93144ebfb

SHA256

d6dd56e7fb1cc71fc37199b60461e657726c3bf8319ce59177ab4be6ed3b9fb4

Family

Emotet

 

(5)

File Name

HYDRA.exe

Created process

HYDRA.exe

Connected (Ip/Dns)

Psix[.]tk

MD5

c52bc39684c52886712971a92f339b23

SHA256

f8c17cb375e8ccad5b0e33dae65694a1bd628f91cac6cf65dd11f50e91130c2d

Family

Smoke Loader

 

(6)

File Name

Endermanch@NoMoreRansom.exe

Created process

Endermanch@NoMoreRansom.exe

Connected (Ip/Dns)

86.59[.]21[.]38

MD5

63210f8f1dde6c40a7f3643ccf0ff313

SHA256

2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

Family

Troldesh

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware