IOCs 29_7_2021

 


(1)

File Name

SAFRBRSPXXX-ENV Pagamento.Pdf.exe

Created process

SAFRBRSPXXX-ENV Pagamento.Pdf.exe

Connected (Ip/Dns)

www[.]papablogzzi[.]com/obow/?KtcDut2=1VrCfiMx9p5ilus1TKROIrvj1VUTHlogM2S5omFL77mydScixv3AVTUEdixyJGdTuRhrUQ==&mz7xU=zZOP1n18Ez

MD5

c30080b7ad906899fade216c014222b4

SHA256

6d1b20a3efb84a54e22da5d00f24f03b213ecf73cf429409c46b1f20bf5e8ec5

Family

Formbook


(2)

File Name

Payment_Advice.exe

Created process

Payment_Advice.exe

Connected (Ip/Dns)

www[.]missabrams[.]com/uecu/?Y2sDANL=hAxtKVsn7YW+SKLSlnZYg9LAm42i0C2ytoRTsev/1QRgxVgbjhx6TAAmqGBroVCT3nU8Cg==&BRC=UTplG6hPL8ohP

MD5

0c90a502cf1d5e66b289b82a22fc1693

SHA256

12d89c6e8e3ef2ec6ae4fda7dce291a2418a51daa9eba44a583ced847c9e4e42

Family

Formbook

 

(3)

File Name

0020072921_Swift_Payment_Details.xlsx

Created process

0020072921_Swift_Payment_Details.xlsx

Connected (Ip/Dns)

192[.]210[.]173[.]40/files/loader1.exe

MD5

036e043b3ad1262fd4993fe9e6a7fe47

SHA256

36398bf80b52214cb0214ec01e71e1fd2600697477d0834a0e7c48b97793ba70

Family

Formbook

 


(4)

File Name

lz0th8Kf7EOOzD1.exe

Created process

lz0th8Kf7EOOzD1.exe

Connected (Ip/Dns)

Luoslasco[.]xyz

MD5

078f1b5854ec5d8045046f828496e551

SHA256

fe2668f630e5386dd98f128872daf97950d7946d517a7b790611f0a4f7c85d4d

Family

Lokibot

 

(5)

File Name

REMITTANCE_ADVISE123.xlsx

Created process

REMITTANCE_ADVISE123.exe

Connected (Ip/Dns)

sureflt.com

MD5

2009faa4eff7371b148594eb3687da37

SHA256

618377f7b0c9c5f788d3ac58841c32ac321b5d759d67c68e6b661550cfa81760

Family

Lokibot

 


(6)

File Name

00198c27970e0bf383f9763bd4c7a9ba.exe

Created process

00198c27970e0bf383f9763bd4c7a9ba.exe

Connected (Ip/Dns)

Telete[.]in

MD5

00198c27970e0bf383f9763bd4c7a9ba

SHA256

0f520e19f5601f23c1bf783ac0ded333f68fd1a171a0529fb5051505e30a0add

Family

Raccon


(7)

File Name

Quotation RequestQR28072021.exe

Created process

Quotation RequestQR28072021.exe

Connected (Ip/Dns)

dedicatedlambo9[.]ddns[.]net

MD5

1d75d3756cf8f649a81b741b86b6c89b

SHA256

bc16c48ef4435300121e3e14fd1b06c27447935e7fb14166f1cd7d16e0fc1fa3

Family

Nanocore


(8)

File Name

New RFQ 0322100259.exe

Created process

New RFQ 0322100259.exe

Connected (Ip/Dns)

xp18[.]ddns[.]net

MD5

3ae84d9955e63a0abd562a613de684e6

SHA256

86c58706bb8e8602ea034ca99b3835a7d82f10714e270c2c3c0972ce567e0293

Family

Nanocore


(9)

File Name

bmWwyNAzSm.exe

Created process

bmWwyNAzSm.exe

Connected (Ip/Dns)

dominoduck2119[.]duckdns[.]org

MD5

4787014a18e060d7defae1ece0afd19c

SHA256

172d81908df0bfd28ef79dabd0fb2c03311597ba842565be57039c03f16c4e1a

Family

Remcos


(10)

File Name

SYNAPSE+X+CRACKED.rar

Created process

SYNAPSE+X+CRACKED.exe

Connected (Ip/Dns)

1freeprivacytoolsforyou[.]xyz

MD5

9d4d69354eb1ae15c6bffbcf827392af

SHA256

4c9dd47e329b73120b09eb75e7888ad1028432908829c9c9322638ef0b28b045

Family

Vidar


(11)

File Name

XP010-61.exe

Created process

XP010-61.exe

Connected (Ip/Dns)

mail.roplantpakistan.com

MD5

c40a4ead5c31e5f00820dcf91fb47348

SHA256

ea58d9344f7ec384cc7fe907419d649bb18f0d35b6b5c19004602d8d00611823

Family

AgentTesla


(12)

File Name

QAFAC_request.xlsb

Created process

QAFAC_request.exe

Connected (Ip/Dns)

Institutionclose[.]com/rem/Tms5ke8HVQpO8gl.exe

MD5

a59f482b3304890ef526694515853371

SHA256

c2fa8e507fd8eac778c190c8841073a6dddb78789169df79f0445c4a19871c23

Family

Azorult


(13)

File Name

3CGwOh8jNiNJ.exe

Created process

3CGwOh8jNiNJ.exe

Connected (Ip/Dns)

systemclient10[.]ddns[.]net

MD5

8040bf504103ec4fc9006531cc0437b5

SHA256

ab67dafa162e1d8bca253b145418963614491593aedc0cbb35b6302e5e76ce7a

Family

Quasar RAT


(14)

File Name

0332C0B39BE14A0FBFBB0689BDD2027D.exe

Created process

0332C0B39BE14A0FBFBB0689BDD2027D.exe

Connected (Ip/Dns)

Warin[.]hopto[.]org

MD5

0332c0b39be14a0fbfbb0689bdd2027d

SHA256

6e318257ff61f8aeff03704c59af6d66f52b4ae7fe36ab8b715db00694cad13a

Family

NetWire


(15)

File Name

113_ColourPickDemo.dll

Created process

113_ColourPickDemo.dll

Connected (Ip/Dns)

194[.]135[.]33[.]220:443/rob113/USER-PC_W617601.22BB2ACB9977BFBDB65D22EB33F935D8/83/

MD5

59ec367995c6cf649ab2a6d280836e31

SHA256

7e56e276f8847c9ff3973e49e005a7a76a2ce251bda01cd5ef252f9a4ae9c04e

Family

Trickbot
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more