IOCs 21_7_2021

 



(1)

File Name

slip.bat

Created process

slip.bat.exe

Connected (Ip/Dns)

www[.]houseofsisson[.]com

MD5

0b2d200b5f2dfc4e8f23fb1e93b9073f

SHA256

bfcda678eede144bcbb62d4c257ed2e05a26a5087893f3dfb62273bace6fe872

Family

Formbook

 


(2)

File Name

PROFORMA INVIOCE.docx

Created process

PROFORMA INVIOCE.exe

Connected (Ip/Dns)

www[.]icimsoy[.]net, www[.]nekomego[.]com, www[.]winscat[.]com, www[.]annerobertsla[.]com

MD5

9f892ee79fcbe6301a6832b803d20d4c

SHA256

b3e24207a3518b283f797002127f44fdb12f57f2c9e84c167bd8c761895629cc

Family

Formbook

 

(3)

File Name

Payment_invoice.zip

Created process

Payment_invoice.exe

Connected (Ip/Dns)

www[.]idfstool[.]com/uecu/?CjG4p=4G/V13KdQo92isKSjLMjfArPlraVB/0R+20CGhtNvLKsdqLnft0pM1Oe5aPJDF2uunuz8Q==&b8=uTBXnRYHHPXdS

MD5

9486933add946e50daa804e8179d77f2

SHA256

19206641ad6dfe10bc758922d2917b690431b0bc6b7f45a445cdec3b1a7fb7b3

Family

Formbook

 

(4)

File Name

DHL 07988 AWB 202107988.xlsx

Created process

DHL 07988 AWB 202107988.exe

Connected (Ip/Dns)

180[.]214[.]236[.]151/service/dllhost.exe

MD5

e8e5934ac8c39cedfb38985307ee7b03

SHA256

ece4d2f1e91d723320e3c6374fa33aca7d05dc03d9403d91ab8388867d43c46b

Family

Formbook

 

(5)

File Name

Payment Breakdownpdf.exe

Created process

Payment Breakdownpdf.exe

Connected (Ip/Dns)

Manvim[.]co, manvim[.]co/com/fre.php

MD5

189e8586a731b1ac3fe68b46c9562744

SHA256

629e5733aec3fc522fc66bf9fb7916d51bdbff1f8f8583fd19dbea2c258ba752

Family

Lokibot

 

(6)

File Name

Contact00212399490.exe

Created process

Contact00212399490.exe

Connected (Ip/Dns)

Hncbeyghfsbvcuabgsbncvzgaioiuyegdbhabbbw[.]ydns[.]eu

MD5

fb87d692632732ce29ecc8c5ae64f5cf

SHA256

a5a3b625c48719d4e593435c16795b64d61d25bfeaf20fead77c6cac57241ba4

Family

Nanocore


(7)

File Name

OyfGxzipj.exe

Created process

OyfGxzipj.exe

Connected (Ip/Dns)

4dkhw6q65mtym4r7[.]bounceme[.]net

MD5

a699936ad3f5c17147b730b8b8d9f4ef

SHA256

1a51f0e9fe8d3ced43800d688f4ebd6f9998c8e13def23100b90907caf7b7c35

Family

Vidar


(8)

File Name

accf0070e9fe39d63291fc95b24bc7ff.exe

Created process

accf0070e9fe39d63291fc95b24bc7ff.exe

Connected (Ip/Dns)

Telete[.]in

MD5

accf0070e9fe39d63291fc95b24bc7ff

SHA256

c45613b7ffdb689a3510eaa680613b97c0e89a22a83271a87130a6abeb55c782

Family

Raccoon

 

(9)

File Name

emotet.exe

Created process

emotet.exe

Connected (Ip/Dns)

47[.]188[.]131[.]94:443/

MD5

68c452bb7a6956b0dec27c4d36c28f83

SHA256

c040ac4054c4b454cbd442a1950e797859addf8f22e2bd8dc7e2e0451dbd8d95

Family

Emotet


(10)

File Name

main.exe

Created process

emotet.exe

Connected (Ip/Dns)

Chasexm[.]com/main.exe

MD5

 

SHA256

 

Family

Ave Maria


(11)

File Name

08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe

Created process

08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe

Connected (Ip/Dns)

Soapstampingmachines[.]com

MD5

997f26e502eb7d3c839b71ab5e77a647

SHA256

08a6193d0afc12de32573390251740b4b1d7a1af0b19ef0cc3a12c078db76449

Family

Azorult

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA




Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more