IOCs 21_7_2021
(1)
File Name |
slip.bat |
Created process |
slip.bat.exe |
Connected (Ip/Dns) |
www[.]houseofsisson[.]com |
MD5 |
0b2d200b5f2dfc4e8f23fb1e93b9073f |
SHA256 |
bfcda678eede144bcbb62d4c257ed2e05a26a5087893f3dfb62273bace6fe872 |
Family |
Formbook |
(2)
File Name |
PROFORMA INVIOCE.docx |
Created process |
PROFORMA INVIOCE.exe |
Connected (Ip/Dns) |
www[.]icimsoy[.]net, www[.]nekomego[.]com, www[.]winscat[.]com, www[.]annerobertsla[.]com |
MD5 |
9f892ee79fcbe6301a6832b803d20d4c |
SHA256 |
b3e24207a3518b283f797002127f44fdb12f57f2c9e84c167bd8c761895629cc |
Family |
Formbook |
(3)
File Name |
Payment_invoice.zip |
Created process |
Payment_invoice.exe |
Connected (Ip/Dns) |
www[.]idfstool[.]com/uecu/?CjG4p=4G/V13KdQo92isKSjLMjfArPlraVB/0R+20CGhtNvLKsdqLnft0pM1Oe5aPJDF2uunuz8Q==&b8=uTBXnRYHHPXdS |
MD5 |
9486933add946e50daa804e8179d77f2 |
SHA256 |
19206641ad6dfe10bc758922d2917b690431b0bc6b7f45a445cdec3b1a7fb7b3 |
Family |
Formbook |
(4)
File Name |
DHL 07988 AWB 202107988.xlsx |
Created process |
DHL 07988 AWB 202107988.exe |
Connected (Ip/Dns) |
180[.]214[.]236[.]151/service/dllhost.exe |
MD5 |
e8e5934ac8c39cedfb38985307ee7b03 |
SHA256 |
ece4d2f1e91d723320e3c6374fa33aca7d05dc03d9403d91ab8388867d43c46b |
Family |
Formbook |
(5)
File Name |
Payment Breakdownpdf.exe |
Created process |
Payment Breakdownpdf.exe |
Connected (Ip/Dns) |
Manvim[.]co, manvim[.]co/com/fre.php |
MD5 |
189e8586a731b1ac3fe68b46c9562744 |
SHA256 |
629e5733aec3fc522fc66bf9fb7916d51bdbff1f8f8583fd19dbea2c258ba752 |
Family |
Lokibot |
(6)
File Name |
Contact00212399490.exe |
Created process |
Contact00212399490.exe |
Connected (Ip/Dns) |
Hncbeyghfsbvcuabgsbncvzgaioiuyegdbhabbbw[.]ydns[.]eu |
MD5 |
fb87d692632732ce29ecc8c5ae64f5cf |
SHA256 |
a5a3b625c48719d4e593435c16795b64d61d25bfeaf20fead77c6cac57241ba4 |
Family |
Nanocore |
(7)
File Name |
OyfGxzipj.exe |
Created process |
OyfGxzipj.exe |
Connected (Ip/Dns) |
4dkhw6q65mtym4r7[.]bounceme[.]net |
MD5 |
a699936ad3f5c17147b730b8b8d9f4ef |
SHA256 |
1a51f0e9fe8d3ced43800d688f4ebd6f9998c8e13def23100b90907caf7b7c35 |
Family |
Vidar |
(8)
File Name |
accf0070e9fe39d63291fc95b24bc7ff.exe |
Created process |
accf0070e9fe39d63291fc95b24bc7ff.exe |
Connected (Ip/Dns) |
Telete[.]in |
MD5 |
accf0070e9fe39d63291fc95b24bc7ff |
SHA256 |
c45613b7ffdb689a3510eaa680613b97c0e89a22a83271a87130a6abeb55c782 |
Family |
Raccoon |
(9)
File Name |
emotet.exe |
Created process |
emotet.exe |
Connected (Ip/Dns) |
47[.]188[.]131[.]94:443/ |
MD5 |
68c452bb7a6956b0dec27c4d36c28f83 |
SHA256 |
c040ac4054c4b454cbd442a1950e797859addf8f22e2bd8dc7e2e0451dbd8d95 |
Family |
Emotet |
(10)
File Name |
main.exe |
Created process |
emotet.exe |
Connected (Ip/Dns) |
Chasexm[.]com/main.exe |
MD5 |
|
SHA256 |
|
Family |
Ave Maria |
(11)
File Name |
08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe |
Created process |
08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe |
Connected (Ip/Dns) |
Soapstampingmachines[.]com |
MD5 |
997f26e502eb7d3c839b71ab5e77a647 |
SHA256 |
08a6193d0afc12de32573390251740b4b1d7a1af0b19ef0cc3a12c078db76449 |
Family |
Azorult |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment