IOCs 11_7_2021

 




(1)

File Name

Popis narudzbi.zip

Created process

Popis narudzbi.exe

Connected (Ip/Dns)

www[.]jakesplacebarbers[.]com,

 

MD5

5338e8c6395776095478c8385a40ae8f

SHA256

ae22dc74d8b035a75e80f276d9d443a1a7fb6a4b7654ae5da8a8e1ee95ffec94

Family

Formbook

 

(2)

File Name

UQnTsBsAm.exe

Created process

UQnTsBsAm.exe

Connected (Ip/Dns)

www[.]osanesc[.]com/00k/?pRZxqHVh=0me5wnVIbqnWzKwATdFDQToGfmMOXTPakoRvhcKZq26R4UZ+bLEc46JDj7qBK4nwX38M8g==&3fl=Ib9L_rGp6DtP

MD5

dbbbada5a0b199a47e81d1933896d5ae

SHA256

6ae77d55d60749d8b4eb3bdfcc53975bb3061e41fa67048e7ec500202ff23f3a

Family

Formbook

 

(3)

File Name

8165b1162eb2b4ba988fa313a4c612473b3c8dd20be7d27b6ee81435ed984a7c.zip

Created process

8165b1162eb2b4ba988fa313a4c612473b3c8dd20be7d27b6ee81435ed984a7c.exe

Connected (Ip/Dns)

103[.]114[.]107.28/me/web10/inc/d3808c7188cb55.php

MD5

568d233ba1589de86cfcbd30c3b83dee

SHA256

8165b1162eb2b4ba988fa313a4c612473b3c8dd20be7d27b6ee81435ed984a7c

Family

AgentTesla

 

(4)

File Name

ijccaFkQnS.exe

Created process

ijccaFkQnS.exe

Connected (Ip/Dns)

177[.]242[.]156[.]119/

MD5

1971bd3c2b25ce33550085b93144ebfb

SHA256

d6dd56e7fb1cc71fc37199b60461e657726c3bf8319ce59177ab4be6ed3b9fb4

Family

Emotet

 

(5)

File Name

HYDRA.exe

Created process

HYDRA.exe

Connected (Ip/Dns)

Psix[.]tk

MD5

c52bc39684c52886712971a92f339b23

SHA256

f8c17cb375e8ccad5b0e33dae65694a1bd628f91cac6cf65dd11f50e91130c2d

Family

Smoke Loader

 

(6)

File Name

Endermanch@NoMoreRansom.exe

Created process

Endermanch@NoMoreRansom.exe

Connected (Ip/Dns)

86.59[.]21[.]38

MD5

63210f8f1dde6c40a7f3643ccf0ff313

SHA256

2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

Family

Troldesh
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more