IOCs 2_7_2021
(1)
File Name |
skeet crack.exe |
Created process |
skeet crack.exe |
Connected (Ip/Dns) |
6[.]tcp[.]ngrok[.]io |
MD5 |
fc1d405bad9c4a3efdd284148b8fb5a0 |
SHA256 |
ea7617646628e263d2600bd7e50fc5caffbd4f401e4b62ce1f56115b2a6d31f3 |
Family |
njRAT |
(2)
File Name |
P.O_3QS002021.jpg |
Created process |
twkruxuihl.pif |
Connected (Ip/Dns) |
Strongodss[.]ddns[.]net, strongodss[.]ddns[.]net |
MD5 |
a38d097a4eee6500629e1f4cc76da1ed |
SHA256 |
785b415f9df4411c2af809c0982f54a073281e2781db7c4ab26d69208e68a384 |
Family |
Nanocore |
(3)
File Name |
Vcs Vps Service.exe |
Created process |
Vcs Vps Service.exe |
Connected (Ip/Dns) |
isnadsknsbs-38398[.]portmap[.]host |
MD5 |
511015c7bad984c78423f11e0a31021c |
SHA256 |
a82082c9eeed14871709a831f588feb91cdce034d734ee6a65334090ea25bc02 |
Family |
Nanocore |
(4)
File Name |
DHL Consignment Detailspdf.exe |
Created process |
DHL Consignment Detailspdf.exe |
Connected (Ip/Dns) |
185[.]110[.]190[.]5/gugufdre[.]php/cLsdqrHIILVB5 |
MD5 |
71a2b0940baa4e0409d397a3500cc1e7 |
SHA256 |
7842fb54799218ff1915ee26b0c44f1fcacc60c9edeb94241cf2961d1d92a20b |
Family |
Lokibot |
(5)
File Name |
Zahteva za ponudbo.doc |
Created process |
Zahteva za ponudbo.doc |
Connected (Ip/Dns) |
63[.]141[.]228[.]141/32[.]php/S7zr5v1fXI3Rb |
MD5 |
c03f17a06b967a6b5e1b41817ee2c638 |
SHA256 |
b7fcef42b2cc33c668f67f4bd7718f75513a19d9302512f7f56d76ac6b869ea3 |
Family |
Lokibot |
(6)
File Name |
Payment_Breakdown_pdf.exe |
Created process |
Payment_Breakdown_pdf.exe |
Connected (Ip/Dns) |
www[.]descubrezenfone[.]com, www[.]cheftrader[.]com |
MD5 |
c93b130e8d98db2a9b6fa38fc7cf55d9 |
SHA256 |
2e5af3b0bd1c32642bc80b4d3852c93a2a9d81a10c2f80e8968667667b357954 |
Family |
Formbook |
(7)
File Name |
Invoice..exe |
Created process |
Invoice..exe |
Connected (Ip/Dns) |
www[.]mutieudao[.]online, www[.]fluatrec[.]com, www[.]followtea[.]com |
MD5 |
a2720e17c54697f94a6fc28a3b505cfc |
SHA256 |
c5b56bcdb7672777ac9f2ed52d73eb7645310d54d93582f48296277efa006561 |
Family |
Formbook |
(8)
File Name |
Novostar Admin panel.rar |
Created process |
Admin Panel Novostar.exe |
Connected (Ip/Dns) |
Nzxtsh[.]duckdns[.]org, |
MD5 |
e93aa19dd5ef94fa7aa945131db7265f |
SHA256 |
99a5f1b79b7edb5f86188fe73846e2ad4a85c494bf26a53ac665f2c9482d39a6 |
Family |
Orcus RAT |
(9)
File Name |
Xforce_keygen_by_KeygenSumo.zip |
Created process |
Xforce_keygen_by_KeygenSumo.exe |
Connected (Ip/Dns) |
requested404[.]com/products/bita3elcpm/esskm3392gysubeu.exe |
MD5 |
12e971a3c2ba08eecf2554a7982be128 |
SHA256 |
b6c5cee94f3dcba4570377cc032776dd5453291f7d36932aa50557c93e16c592 |
Family |
Vidar |
(10)
File Name |
7f0c2d486aa38ea14d95f6130554fc5d.exe |
Created process |
7f0c2d486aa38ea14d95f6130554fc5d.exe |
Connected (Ip/Dns) |
KJJJK[.]3dxtras[.]com |
MD5 |
7f0c2d486aa38ea14d95f6130554fc5d |
SHA256 |
463f7c4188aeeeea4da33b41fb0c420a3e9a7855e8e2a139add7d255153ea7ee |
Family |
Remcos |
(11)
File Name |
Photoshop_Elements_keygen_by_KeygenSumo.zip |
Created process |
hbggg.exe |
Connected (Ip/Dns) |
Kvaka[.]li, kanagannne[.]xyz |
MD5 |
af787331b05d1d4113838cd14c8f5a29 |
SHA256 |
75b91c498518a79422552bc739e32293f4e08a0ccfe9f555422fbe7af8643d8f |
Family |
Vidar |
(12)
File Name |
Xforce_keygen_by_KeygenSumo.zip |
Created process |
Xforce_keygen_by_KeygenSumo.exe |
Connected (Ip/Dns) |
Kvaka[.]li |
MD5 |
12e971a3c2ba08eecf2554a7982be128 |
SHA256 |
b6c5cee94f3dcba4570377cc032776dd5453291f7d36932aa50557c93e16c592 |
Family |
Vidar |
(13)
File Name |
TrafficBot.exe |
Created process |
TrafficBot.exe |
Connected (Ip/Dns) |
B[.]cracking[.]be/index.php 195[.]245[.]112[.]115/index[.]php |
MD5 |
fc2ec8cfbea035e21b1201f44d2643c3 |
SHA256 |
f293b4519e797550c086665dfa31c3eb42eb7be6cca2111e50e8dd4c8604a9c4 |
Family |
njRAT |
(14)
File Name/Url |
triage_dropped_file |
Created process |
triage_dropped_file.exe |
Connected (Ip/Dns) |
Raeonoran[.]com |
MD5 |
00be0dadc6df1fa49368d38bebae513a |
SHA256 |
21c9472e24da9f476eafe7f8435e93657a9fffed15b75e56f7d45d12f9f1eb86 |
Family |
Hancitor |
(15)
File Name |
Activator WF X10.xx.exe |
Created process |
Activator WF X10.xx.exe |
Connected (Ip/Dns) |
Haija[.]mine[.]nu |
MD5 |
c462fac81209ea32a64b69d520cb5e1f |
SHA256 |
5a90ecb843389021547374d035dd92d5f9710eda37b44fbbb57c4b2074ba45a2 |
Family |
Netwire |
(16)
File Name |
IMGS-00988-PRODUCTS-PO-PDF.js |
Created process |
javaw.exe |
Connected (Ip/Dns) |
Newmeonego[.]duckdns[.]org |
MD5 |
d651c13b5bb651f5c3d41693063abe95 |
SHA256 |
8f5c580c2434abd23b73fcc729e9d3ff58d470483bc70401f7bd572b9308db4a |
Family |
Adwind |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment