IOCs 23_7_2021

 



(1)

File Name

Nouveau Archive WinRAR ZIP.zip

Created process

DDOS TOOL.exe

Connected (Ip/Dns)

soso06200[.]ddns[.]net

MD5

d96a6a38851372804b9f2febf33877eb

SHA256

adaf8eb8ebf4c8525a3a28764c3357fb8880f99533da70046ea19541e701bb9c

Family

njRAT

 


(2)

File Name

Payment_invoice.exe

Created process

Payment_invoice.exe

Connected (Ip/Dns)

www[.]illoftapartments[.]com/uecu/?Ann=oJdtyL0XR&GzvH=I+cFmvzt/Y7dQ6jmlNevYzRyUOJqDj5Yxiy0V7+6dDmvrES4qeJlFS+b0k7Qr1tQA2i47Q==

MD5

46adaf09ad9e9d730647b01cac8f53e6

SHA256

739caabaad723c9cf69c0381bffd77d7c7cf372408dc8970a073c3acdce5c355

Family

Formbook

 

(3)

File Name

Documents pdf.exe

Created process

Documents pdf.exe

Connected (Ip/Dns)

www[.]actymall[.]com/hth0/?tzsDXFa=+LPw8eJe0DD7oa0wpcpbLyMxnX3qjSwFbuqCFsRR0a/Gbd4L7xcTLqIqgQCJLgj9F9W0Tg==&3f6=ml1DU

MD5

027d8e07155bc564f7b522183018efe6

SHA256

90e7c97ea4917a6efb5c0a69bd6f481b1a5023d6f8ad0f22d123c417edff8a68

Family

Formbook

 


(4)

File Name

35cac0b2dfd8dda82dd6b4357549c37b64f8f73a69a02438521a825a5583b455.exe

Created process

35cac0b2dfd8dda82dd6b4357549c37b64f8f73a69a02438521a825a5583b455.exe

Connected (Ip/Dns)

justinalwhitedd554[.]duckdns[.]org

MD5

b2b789b7ad5228687ce60e40230bd941

SHA256

35cac0b2dfd8dda82dd6b4357549c37b64f8f73a69a02438521a825a5583b455

Family

Nanocore

 

(5)

File Name

SecuriteInfo.com.W32.AIDetect.malware1.4558.11240

Created process

SecuriteInfo.com.W32.AIDetect.malware1.4558.11240.exe

Connected (Ip/Dns)

Telete[.]in

MD5

377898663057c1c9a2276ae99b0f82cc

SHA256

37137c97a81252bf7a3653ca231b1ac8653d99d6df4d24597f1a09eaefd3072b

Family

Raccoon

 


(6)

File Name

MZ5sklmkukwpvI2.exe

Created process

MZ5sklmkukwpvI2.exe

Connected (Ip/Dns)

Luoslasco[.]xyz

MD5

1e45c46fa926aa0273e89705eb0e94b4

SHA256

57b23b219f96cf5a00224f0903d43416a529435d05037893d591937eea93cb0c

Family

Lokibot


(7)

File Name

RFQ-32986.exe

Created process

RFQ-32986.exe

Connected (Ip/Dns)

Irkark[.]xyz

MD5

528c56717b32a20c42b98eaf3f26cff5

SHA256

259a1e3d537f6e61c1683fe558a87e48da3ec44420cc0285da89c88bbf45375b

Family

Vidar


(8)

File Name

Sate_PI_2021-7-23.xlsx

Created process

Sate_PI_2021-7-23.exe

Connected (Ip/Dns)

Smtp[.]ccsp-india[.]com

MD5

d8e4f8c5d7a73b795d681aeaa027330b

SHA256

7ce3d708d5c0f0a609925844b753554fc6d0e7118346c2b1061eeb4ccc7df17b

Family

AgentTesla


(9)

File Name

c914230cb5359285dab0aa8946d183b50a3bf931719b49caea689279a0857e72.zip

Created process

c914230cb5359285dab0aa8946d183b50a3bf931719b49caea689279a0857e72.exe

Connected (Ip/Dns)

Smtp[.]shakurjay[.]com

MD5

b89253f6d2b963c32ab7125a62a62ad3

SHA256

a8c5d6cd86f31937ec391167078b32716bd0b5ba6c9201314146594adab4d6bf

Family

AgentTesla


(10)

File Name

b1954d6c1f249601ce6c562f6258ab29.exe

Created process

b1954d6c1f249601ce6c562f6258ab29.exe

Connected (Ip/Dns)

Ghjklhgteg[.]strangled[.]net

MD5

b1954d6c1f249601ce6c562f6258ab29

SHA256

f6b969be87ff04be7afa8ebb789d8867356700537c3ca7cc8f64d2a587c0c0d6

Family

Ave Maria


(11)

File Name

dependencies.exe

Created process

dependencies.exe

Connected (Ip/Dns)

Needforrat[.]hopto[.]org

MD5

3a1db70b49e9be3303890cb7855f2296

SHA256

3ffbccaf9efde195e47803fbeefbeea8daa46b8befe87b7781434c50b79d613b

Family

Netwire


(12)

File Name

0722_3614470461.xls

Created process

0722_3614470461.exe

Connected (Ip/Dns)

Tholeferli[.]com, pospvisis[.]com

MD5

e034a9922b81fc32fdfb65eecec94007

SHA256

f43aab9043c531a3311cbcc911d5093e1dbc1f8ba82eb94e5f85f2570aa26319

Family

Hancitor


(13)

File Name

WindowsUpdate.exe

Created process

WindowsUpdate.exe

Connected (Ip/Dns)

Dontreachme[.]duckdns[.]org

MD5

66c9847b56ba09eef76c30ec99e7c890

SHA256

dee54a9636b698706ba16a04dd1b801227e9caba2db71f61a5bb064b7cf9beaa

Family

Revenge


(14)

File Name

sample4.bin

Created process

sample4.exe

Connected (Ip/Dns)

gegemony4you[.]top

MD5

5009b8bcf024704c8b23e42c492f118c

SHA256

30f099660904079afcd445409cfd2eca735fab49dda522f03ed60d47f9f21bdc

Family

IcedID
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more