IOCs 1_7_2021

 




(1)

File Name

4f4f40b9a8984267f8bcb1d9f4ad10c76dd2e9d5461bfc9509da014c426b359f.exe

Created process

4f4f40b9a8984267f8bcb1d9f4ad10c76dd2e9d5461bfc9509da014c426b359f.exe

Connected (Ip/Dns)

Coroteblue[.]duckdns[.]org

MD5

6e67389af17b30df470ee353694d334b

SHA256

4f4f40b9a8984267f8bcb1d9f4ad10c76dd2e9d5461bfc9509da014c426b359f

Family

njRAT

 


(2)

File Name

MwGGI872VsQ4Vw.exe

Created process

MwGGI872VsQ4Vw.exe

Connected (Ip/Dns)

Dsfsdfsdfsdfsdfsff[0].ddns[.]net

MD5

3569d225fabd9c32438464f9b387ebea

SHA256

51339a3256d483db70ac04682e10dd44b5b103ed1e812b09fa763cf1fc51827e

Family

njRAT

 

(3)

File Name

Invoice..exe

Created process

Invoice..exe

Connected (Ip/Dns)

www[.]mutieudao[.]online, www[.]fluatrec[.]com, www[.]veritasfertilityandsurgery[.]com, www[.]freeagencevoyage[.]com, www[.]cn-liangyu[.]com, www[.]americanprimativeguitar[.]com, www[.]rep[.]place, www[.]homefittness[.]com, www[.]eggbeaterhub[.]xyz

MD5

a2720e17c54697f94a6fc28a3b505cfc

SHA256

c5b56bcdb7672777ac9f2ed52d73eb7645310d54d93582f48296277efa006561

Family

Formbook

 

(4)

File Name

Documents - V-21-170-090-E04.pdf.exe

Created process

Documents - V-21-170-090-E04.pdf.exe

Connected (Ip/Dns)

www[.]sat-lite[.]com

MD5

46f88471151a0c69481bfa77f60aa1ba

SHA256

3506ed727e44f3c97a0b9eb31f6c9d06d44c84fc4898e7f65d4d1cede84a2e00

Family

Formbook

 

(5)

File Name

cotización.pdf.exe

Created process

cotización.pdf.exe

Connected (Ip/Dns)

63[.]141[.]228[.]141/32[.]php/ocGTdeFq2SWdX

MD5

38a303790a8133746a7c6662615ca5bc

SHA256

bb5df503b48b02b896b19231964a2aa53e48f2f1bf4e0abadf69dc1cfe1f6427

Family

Lokibot

 

(6)

File Name

4b96dba8c6dcc5e1d17cd816f9e017fe.exe

Created process

4b96dba8c6dcc5e1d17cd816f9e017fe.exe

Connected (Ip/Dns)

185[.]110[.]190[.]5/gugufdre[.]php/NHNmTUOdS6fzz

MD5

4b96dba8c6dcc5e1d17cd816f9e017fe

SHA256

8bc25adb8d1b8d86275ab9c85cb619deae71b1694809ee9f14f11a03dd6b739a

Family

Lokibot

 

(7)

File Name

IMG.09949030049.PNG.scr

Created process

jsns.pif

Connected (Ip/Dns)

Strongodss[.]ddns[.]net

MD5

ad0c72111abc4983dc9281668fe04054

SHA256

1d8d1ed93e2bb02931e7184988ad25b149d75beaaf5c4604144aef7981352109

Family

Nanocore

 

(8)

File Name

c0e0c339e6dbbd1d1565de4da39e4925.exe

Created process

c0e0c339e6dbbd1d1565de4da39e4925.exe

Connected (Ip/Dns)

Luda[.]ydns[.]eu

MD5

c0e0c339e6dbbd1d1565de4da39e4925

SHA256

42d293cf86f774218bf7751f1001e0a57883a1c7c90c6c1e8803a061094860cf

Family

NanoCore

 

(9)

File Name

INVOICE-COVID-fdp.com

Created process

INVOICE-COVID-fdp.com

Connected (Ip/Dns)

4[.]tcp[.]ngrok[.]io

MD5

b5e438833c0851e71b590f409d4bf164

SHA256

7c6ffc841e4a737e7ed7ef534f531b71b952c082372eff2d5e65f721de4750c0

Family

Orcus RAT

 


(10)

File Name

ajhvxcgdfsd.exe

Created process

ajhvxcgdfsd.exe

Connected (Ip/Dns)

Lizzzqua[.]ac[.]ug, lizard[.]ac[.]ug

MD5

182d417728e3b8da39249e7691bdef16

SHA256

44205e4cf223ec528c507423db81ea8dce460b243e4dfa14088c5686b78590b3

Family

Vidar


(11)

File Name

ALCALINFPROVINCPDF46983638950001 ALCALINFPROVINCPDF46983638950003.exe

Created process

ALCALINFPROVINCPDF46983638950001 ALCALINFPROVINCPDF46983638950003.exe

Connected (Ip/Dns)

suiza762[.]duckdns[.]org

MD5

e222b49d8382076064c0268b0635f75b

SHA256

d70782171c4d41a10a0fb684dbe71656f1195bbaca2c8f33deb868f1ec4a40c9

Family

Remcos


(12)

File Name

FA_KLJOL40SFTHFV_01102019.doc.zip

Created process

FA_KLJOL40SFTHFV_01102019.doc.exe

Connected (Ip/Dns)

escs-sarl[.]com

MD5

fb0eb780163627a693acd46cdfcece6c

SHA256

5e6f2aeb04e0aba892350d1fdae4b6063f1500aaa28f8472f4ab7ab61e621afe

Family

Emotet


(13)

File Name

ajhvxcgdfsd.exe

Created process

ajhvxcgdfsd.exe

Connected (Ip/Dns)

Lizzzqua[.]ac[.]ug, lizard[.]ac[.]ug

MD5

182d417728e3b8da39249e7691bdef16

SHA256

44205e4cf223ec528c507423db81ea8dce460b243e4dfa14088c5686b78590b3

Family

Vidar


(14)

File Name/Url

0701_1321069402195.doc

Created process

0701_1321069402195.exe

Connected (Ip/Dns)

Raeonoran[.]com, pospvisis[.]com

MD5

8d6bb87ed6f61dd8759adea2392b21b3

SHA256

14aee46fedef47b7aad209e05e3afc76c9e197b604cf29c7e51003fbebce3afe

Family

Hancitor


(15)

File Name

C5A6211FE9AB12EB4D85BFB61E9495F5.exe

Created process

C5A6211FE9AB12EB4D85BFB61E9495F5.exe

Connected (Ip/Dns)

Netno[.]ddns[.]net

MD5

c5a6211fe9ab12eb4d85bfb61e9495f5

SHA256

cbf703cf139fbeffc482036fed72e4bcae042a92c769cbb3de5219209b56553f

Family

Netwire


(16)

File Name

3f1eb883bca3190418d1905ed4b017f4.vir

Created process

3f1eb883bca3190418d1905ed4b017f4.vir.exe

Connected (Ip/Dns)

Abemuggs[.]com/forum/viewtopic.php

MD5

3f1eb883bca3190418d1905ed4b017f4

SHA256

ac4662fd3a9989138cdd56723d590b1ae41de9b55e497368d601d9e747fa1a83

Family

Pony


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more