IOCs 21_7_2021

 



(1)

File Name

slip.bat

Created process

slip.bat.exe

Connected (Ip/Dns)

www[.]houseofsisson[.]com

MD5

0b2d200b5f2dfc4e8f23fb1e93b9073f

SHA256

bfcda678eede144bcbb62d4c257ed2e05a26a5087893f3dfb62273bace6fe872

Family

Formbook

 


(2)

File Name

PROFORMA INVIOCE.docx

Created process

PROFORMA INVIOCE.exe

Connected (Ip/Dns)

www[.]icimsoy[.]net, www[.]nekomego[.]com, www[.]winscat[.]com, www[.]annerobertsla[.]com

MD5

9f892ee79fcbe6301a6832b803d20d4c

SHA256

b3e24207a3518b283f797002127f44fdb12f57f2c9e84c167bd8c761895629cc

Family

Formbook

 

(3)

File Name

Payment_invoice.zip

Created process

Payment_invoice.exe

Connected (Ip/Dns)

www[.]idfstool[.]com/uecu/?CjG4p=4G/V13KdQo92isKSjLMjfArPlraVB/0R+20CGhtNvLKsdqLnft0pM1Oe5aPJDF2uunuz8Q==&b8=uTBXnRYHHPXdS

MD5

9486933add946e50daa804e8179d77f2

SHA256

19206641ad6dfe10bc758922d2917b690431b0bc6b7f45a445cdec3b1a7fb7b3

Family

Formbook

 

(4)

File Name

DHL 07988 AWB 202107988.xlsx

Created process

DHL 07988 AWB 202107988.exe

Connected (Ip/Dns)

180[.]214[.]236[.]151/service/dllhost.exe

MD5

e8e5934ac8c39cedfb38985307ee7b03

SHA256

ece4d2f1e91d723320e3c6374fa33aca7d05dc03d9403d91ab8388867d43c46b

Family

Formbook

 

(5)

File Name

Payment Breakdownpdf.exe

Created process

Payment Breakdownpdf.exe

Connected (Ip/Dns)

Manvim[.]co, manvim[.]co/com/fre.php

MD5

189e8586a731b1ac3fe68b46c9562744

SHA256

629e5733aec3fc522fc66bf9fb7916d51bdbff1f8f8583fd19dbea2c258ba752

Family

Lokibot

 

(6)

File Name

Contact00212399490.exe

Created process

Contact00212399490.exe

Connected (Ip/Dns)

Hncbeyghfsbvcuabgsbncvzgaioiuyegdbhabbbw[.]ydns[.]eu

MD5

fb87d692632732ce29ecc8c5ae64f5cf

SHA256

a5a3b625c48719d4e593435c16795b64d61d25bfeaf20fead77c6cac57241ba4

Family

Nanocore


(7)

File Name

OyfGxzipj.exe

Created process

OyfGxzipj.exe

Connected (Ip/Dns)

4dkhw6q65mtym4r7[.]bounceme[.]net

MD5

a699936ad3f5c17147b730b8b8d9f4ef

SHA256

1a51f0e9fe8d3ced43800d688f4ebd6f9998c8e13def23100b90907caf7b7c35

Family

Vidar


(8)

File Name

accf0070e9fe39d63291fc95b24bc7ff.exe

Created process

accf0070e9fe39d63291fc95b24bc7ff.exe

Connected (Ip/Dns)

Telete[.]in

MD5

accf0070e9fe39d63291fc95b24bc7ff

SHA256

c45613b7ffdb689a3510eaa680613b97c0e89a22a83271a87130a6abeb55c782

Family

Raccoon

 

(9)

File Name

emotet.exe

Created process

emotet.exe

Connected (Ip/Dns)

47[.]188[.]131[.]94:443/

MD5

68c452bb7a6956b0dec27c4d36c28f83

SHA256

c040ac4054c4b454cbd442a1950e797859addf8f22e2bd8dc7e2e0451dbd8d95

Family

Emotet


(10)

File Name

main.exe

Created process

emotet.exe

Connected (Ip/Dns)

Chasexm[.]com/main.exe

MD5

 

SHA256

 

Family

Ave Maria


(11)

File Name

08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe

Created process

08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe

Connected (Ip/Dns)

Soapstampingmachines[.]com

MD5

997f26e502eb7d3c839b71ab5e77a647

SHA256

08a6193d0afc12de32573390251740b4b1d7a1af0b19ef0cc3a12c078db76449

Family

Azorult


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA




Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

AgentTesla Malware