IOCs 23_7_2021
(1)
File Name |
Nouveau Archive WinRAR ZIP.zip |
Created process |
DDOS TOOL.exe |
Connected (Ip/Dns) |
soso06200[.]ddns[.]net |
MD5 |
d96a6a38851372804b9f2febf33877eb |
SHA256 |
adaf8eb8ebf4c8525a3a28764c3357fb8880f99533da70046ea19541e701bb9c |
Family |
njRAT |
(2)
File Name |
Payment_invoice.exe |
Created process |
Payment_invoice.exe |
Connected (Ip/Dns) |
www[.]illoftapartments[.]com/uecu/?Ann=oJdtyL0XR&GzvH=I+cFmvzt/Y7dQ6jmlNevYzRyUOJqDj5Yxiy0V7+6dDmvrES4qeJlFS+b0k7Qr1tQA2i47Q== |
MD5 |
46adaf09ad9e9d730647b01cac8f53e6 |
SHA256 |
739caabaad723c9cf69c0381bffd77d7c7cf372408dc8970a073c3acdce5c355 |
Family |
Formbook |
(3)
File Name |
Documents pdf.exe |
Created process |
Documents pdf.exe |
Connected (Ip/Dns) |
www[.]actymall[.]com/hth0/?tzsDXFa=+LPw8eJe0DD7oa0wpcpbLyMxnX3qjSwFbuqCFsRR0a/Gbd4L7xcTLqIqgQCJLgj9F9W0Tg==&3f6=ml1DU |
MD5 |
027d8e07155bc564f7b522183018efe6 |
SHA256 |
90e7c97ea4917a6efb5c0a69bd6f481b1a5023d6f8ad0f22d123c417edff8a68 |
Family |
Formbook |
(4)
File Name |
35cac0b2dfd8dda82dd6b4357549c37b64f8f73a69a02438521a825a5583b455.exe |
Created process |
35cac0b2dfd8dda82dd6b4357549c37b64f8f73a69a02438521a825a5583b455.exe |
Connected (Ip/Dns) |
justinalwhitedd554[.]duckdns[.]org |
MD5 |
b2b789b7ad5228687ce60e40230bd941 |
SHA256 |
35cac0b2dfd8dda82dd6b4357549c37b64f8f73a69a02438521a825a5583b455 |
Family |
Nanocore |
(5)
File Name |
SecuriteInfo.com.W32.AIDetect.malware1.4558.11240 |
Created process |
SecuriteInfo.com.W32.AIDetect.malware1.4558.11240.exe |
Connected (Ip/Dns) |
Telete[.]in |
MD5 |
377898663057c1c9a2276ae99b0f82cc |
SHA256 |
37137c97a81252bf7a3653ca231b1ac8653d99d6df4d24597f1a09eaefd3072b |
Family |
Raccoon |
(6)
File Name |
MZ5sklmkukwpvI2.exe |
Created process |
MZ5sklmkukwpvI2.exe |
Connected (Ip/Dns) |
Luoslasco[.]xyz |
MD5 |
1e45c46fa926aa0273e89705eb0e94b4 |
SHA256 |
57b23b219f96cf5a00224f0903d43416a529435d05037893d591937eea93cb0c |
Family |
Lokibot |
(7)
File Name |
RFQ-32986.exe |
Created process |
RFQ-32986.exe |
Connected (Ip/Dns) |
Irkark[.]xyz |
MD5 |
528c56717b32a20c42b98eaf3f26cff5 |
SHA256 |
259a1e3d537f6e61c1683fe558a87e48da3ec44420cc0285da89c88bbf45375b |
Family |
Vidar |
(8)
File Name |
Sate_PI_2021-7-23.xlsx |
Created process |
Sate_PI_2021-7-23.exe |
Connected (Ip/Dns) |
Smtp[.]ccsp-india[.]com |
MD5 |
d8e4f8c5d7a73b795d681aeaa027330b |
SHA256 |
7ce3d708d5c0f0a609925844b753554fc6d0e7118346c2b1061eeb4ccc7df17b |
Family |
AgentTesla |
(9)
File Name |
c914230cb5359285dab0aa8946d183b50a3bf931719b49caea689279a0857e72.zip |
Created process |
c914230cb5359285dab0aa8946d183b50a3bf931719b49caea689279a0857e72.exe |
Connected (Ip/Dns) |
Smtp[.]shakurjay[.]com |
MD5 |
b89253f6d2b963c32ab7125a62a62ad3 |
SHA256 |
a8c5d6cd86f31937ec391167078b32716bd0b5ba6c9201314146594adab4d6bf |
Family |
AgentTesla |
(10)
File Name |
b1954d6c1f249601ce6c562f6258ab29.exe |
Created process |
b1954d6c1f249601ce6c562f6258ab29.exe |
Connected (Ip/Dns) |
Ghjklhgteg[.]strangled[.]net |
MD5 |
b1954d6c1f249601ce6c562f6258ab29 |
SHA256 |
f6b969be87ff04be7afa8ebb789d8867356700537c3ca7cc8f64d2a587c0c0d6 |
Family |
Ave Maria |
(11)
File Name |
dependencies.exe |
Created process |
dependencies.exe |
Connected (Ip/Dns) |
Needforrat[.]hopto[.]org |
MD5 |
3a1db70b49e9be3303890cb7855f2296 |
SHA256 |
3ffbccaf9efde195e47803fbeefbeea8daa46b8befe87b7781434c50b79d613b |
Family |
Netwire |
(12)
File Name |
0722_3614470461.xls |
Created process |
0722_3614470461.exe |
Connected (Ip/Dns) |
Tholeferli[.]com, pospvisis[.]com |
MD5 |
e034a9922b81fc32fdfb65eecec94007 |
SHA256 |
f43aab9043c531a3311cbcc911d5093e1dbc1f8ba82eb94e5f85f2570aa26319 |
Family |
Hancitor |
(13)
File Name |
WindowsUpdate.exe |
Created process |
WindowsUpdate.exe |
Connected (Ip/Dns) |
Dontreachme[.]duckdns[.]org |
MD5 |
66c9847b56ba09eef76c30ec99e7c890 |
SHA256 |
dee54a9636b698706ba16a04dd1b801227e9caba2db71f61a5bb064b7cf9beaa |
Family |
Revenge |
(14)
File Name |
sample4.bin |
Created process |
sample4.exe |
Connected (Ip/Dns) |
gegemony4you[.]top |
MD5 |
5009b8bcf024704c8b23e42c492f118c |
SHA256 |
30f099660904079afcd445409cfd2eca735fab49dda522f03ed60d47f9f21bdc |
Family |
IcedID |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment