IOCs 29_7_2021
(1)
File Name |
SAFRBRSPXXX-ENV Pagamento.Pdf.exe |
Created process |
SAFRBRSPXXX-ENV Pagamento.Pdf.exe |
Connected (Ip/Dns) |
www[.]papablogzzi[.]com/obow/?KtcDut2=1VrCfiMx9p5ilus1TKROIrvj1VUTHlogM2S5omFL77mydScixv3AVTUEdixyJGdTuRhrUQ==&mz7xU=zZOP1n18Ez |
MD5 |
c30080b7ad906899fade216c014222b4 |
SHA256 |
6d1b20a3efb84a54e22da5d00f24f03b213ecf73cf429409c46b1f20bf5e8ec5 |
Family |
Formbook |
(2)
File Name |
Payment_Advice.exe |
Created process |
Payment_Advice.exe |
Connected (Ip/Dns) |
www[.]missabrams[.]com/uecu/?Y2sDANL=hAxtKVsn7YW+SKLSlnZYg9LAm42i0C2ytoRTsev/1QRgxVgbjhx6TAAmqGBroVCT3nU8Cg==&BRC=UTplG6hPL8ohP |
MD5 |
0c90a502cf1d5e66b289b82a22fc1693 |
SHA256 |
12d89c6e8e3ef2ec6ae4fda7dce291a2418a51daa9eba44a583ced847c9e4e42 |
Family |
Formbook |
(3)
File Name |
0020072921_Swift_Payment_Details.xlsx |
Created process |
0020072921_Swift_Payment_Details.xlsx |
Connected (Ip/Dns) |
192[.]210[.]173[.]40/files/loader1.exe |
MD5 |
036e043b3ad1262fd4993fe9e6a7fe47 |
SHA256 |
36398bf80b52214cb0214ec01e71e1fd2600697477d0834a0e7c48b97793ba70 |
Family |
Formbook |
(4)
File Name |
lz0th8Kf7EOOzD1.exe |
Created process |
lz0th8Kf7EOOzD1.exe |
Connected (Ip/Dns) |
Luoslasco[.]xyz |
MD5 |
078f1b5854ec5d8045046f828496e551 |
SHA256 |
fe2668f630e5386dd98f128872daf97950d7946d517a7b790611f0a4f7c85d4d |
Family |
Lokibot |
(5)
File Name |
REMITTANCE_ADVISE123.xlsx |
Created process |
REMITTANCE_ADVISE123.exe |
Connected (Ip/Dns) |
sureflt.com |
MD5 |
2009faa4eff7371b148594eb3687da37 |
SHA256 |
618377f7b0c9c5f788d3ac58841c32ac321b5d759d67c68e6b661550cfa81760 |
Family |
Lokibot |
(6)
File Name |
00198c27970e0bf383f9763bd4c7a9ba.exe |
Created process |
00198c27970e0bf383f9763bd4c7a9ba.exe |
Connected (Ip/Dns) |
Telete[.]in |
MD5 |
00198c27970e0bf383f9763bd4c7a9ba |
SHA256 |
0f520e19f5601f23c1bf783ac0ded333f68fd1a171a0529fb5051505e30a0add |
Family |
Raccon |
(7)
File Name |
Quotation RequestQR28072021.exe |
Created process |
Quotation RequestQR28072021.exe |
Connected (Ip/Dns) |
dedicatedlambo9[.]ddns[.]net |
MD5 |
1d75d3756cf8f649a81b741b86b6c89b |
SHA256 |
bc16c48ef4435300121e3e14fd1b06c27447935e7fb14166f1cd7d16e0fc1fa3 |
Family |
Nanocore |
(8)
File Name |
New RFQ 0322100259.exe |
Created process |
New RFQ 0322100259.exe |
Connected (Ip/Dns) |
xp18[.]ddns[.]net |
MD5 |
3ae84d9955e63a0abd562a613de684e6 |
SHA256 |
86c58706bb8e8602ea034ca99b3835a7d82f10714e270c2c3c0972ce567e0293 |
Family |
Nanocore |
(9)
File Name |
bmWwyNAzSm.exe |
Created process |
bmWwyNAzSm.exe |
Connected (Ip/Dns) |
dominoduck2119[.]duckdns[.]org |
MD5 |
4787014a18e060d7defae1ece0afd19c |
SHA256 |
172d81908df0bfd28ef79dabd0fb2c03311597ba842565be57039c03f16c4e1a |
Family |
Remcos |
(10)
File Name |
SYNAPSE+X+CRACKED.rar |
Created process |
SYNAPSE+X+CRACKED.exe |
Connected (Ip/Dns) |
1freeprivacytoolsforyou[.]xyz |
MD5 |
9d4d69354eb1ae15c6bffbcf827392af |
SHA256 |
4c9dd47e329b73120b09eb75e7888ad1028432908829c9c9322638ef0b28b045 |
Family |
Vidar |
(11)
File Name |
XP010-61.exe |
Created process |
XP010-61.exe |
Connected (Ip/Dns) |
mail.roplantpakistan.com |
MD5 |
c40a4ead5c31e5f00820dcf91fb47348 |
SHA256 |
ea58d9344f7ec384cc7fe907419d649bb18f0d35b6b5c19004602d8d00611823 |
Family |
AgentTesla |
(12)
File Name |
QAFAC_request.xlsb |
Created process |
QAFAC_request.exe |
Connected (Ip/Dns) |
Institutionclose[.]com/rem/Tms5ke8HVQpO8gl.exe |
MD5 |
a59f482b3304890ef526694515853371 |
SHA256 |
c2fa8e507fd8eac778c190c8841073a6dddb78789169df79f0445c4a19871c23 |
Family |
Azorult |
(13)
File Name |
3CGwOh8jNiNJ.exe |
Created process |
3CGwOh8jNiNJ.exe |
Connected (Ip/Dns) |
systemclient10[.]ddns[.]net |
MD5 |
8040bf504103ec4fc9006531cc0437b5 |
SHA256 |
ab67dafa162e1d8bca253b145418963614491593aedc0cbb35b6302e5e76ce7a |
Family |
Quasar RAT |
(14)
File Name |
0332C0B39BE14A0FBFBB0689BDD2027D.exe |
Created process |
0332C0B39BE14A0FBFBB0689BDD2027D.exe |
Connected (Ip/Dns) |
Warin[.]hopto[.]org |
MD5 |
0332c0b39be14a0fbfbb0689bdd2027d |
SHA256 |
6e318257ff61f8aeff03704c59af6d66f52b4ae7fe36ab8b715db00694cad13a |
Family |
NetWire |
(15)
File Name |
113_ColourPickDemo.dll |
Created process |
113_ColourPickDemo.dll |
Connected (Ip/Dns) |
194[.]135[.]33[.]220:443/rob113/USER-PC_W617601.22BB2ACB9977BFBDB65D22EB33F935D8/83/ |
MD5 |
59ec367995c6cf649ab2a6d280836e31 |
SHA256 |
7e56e276f8847c9ff3973e49e005a7a76a2ce251bda01cd5ef252f9a4ae9c04e |
Family |
Trickbot |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment