IOCs 8_7_2021

 



(1)

File Name

roaqc.exe

Created process

roaqc.exe

Connected (Ip/Dns)

Sspmoct[.]xyz

MD5

e5f57d9347f7c484754015daa62f12af

SHA256

98ee9eb5449562fdfe5e0a448cec7ef60f315e5f8a7c65c40a5b61290bcbe97d

Family

Lokibot

 


(2)

File Name

Zamowienie_64029_Emet-Impex.exe

Created process

Zamowienie_64029_Emet-Impex.exe

Connected (Ip/Dns)

ctp1[.]xyz

MD5

c56bd875f071abfea437f5069f3de35a

SHA256

6ebd45483d2222727a82c70feeb7c19017751b381247c7917462f26678d313d8

Family

Lokibot

 

(3)

File Name

FedEx ReceiptAWB#5305323204643.exe

Created process

FedEx ReceiptAWB#5305323204643.exe

Connected (Ip/Dns)

isnadsknsbs-38398[.]portmap[.]host

MD5

6174195a1c5fefb02b01e986232f4893

SHA256

5bf72f77315cd7a56e2acab833c8886a06f3d0b7bd5bc617dfe71ae74d3b7d77

Family

Lokibot

 

(4)

File Name

FIVEM.PRO.exe

Created process

FIVEM.PRO.exe

Connected (Ip/Dns)

Asdsasdas[.]ddns[.]net

MD5

97975ff7c4961b2a321afb4804c01278

SHA256

01cac0c7554a252b377e4fa16911f1843c4f1795247b0594dc4f8cf7bea2f002

Family

NanoCore

 If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore.. 

(5)

File Name

첨부 문서.eml

Created process

COS02839HJ029.PNG.scr

Connected (Ip/Dns)

Strongodss[.]ddns[.]net

MD5

d6144c948a69bb3fdbca2cece33834ce

SHA256

88f615bc0ca8cf80ed13d7910c17dbfd51ac679b635ff846ca2e75f4758d90ec

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..  

(6)

File Name

Payment Advice Note from 08.07.2021 to 308720.exe

Created process

Payment Advice Note from 08.07.2021 to 308720.exe

Connected (Ip/Dns)

www[.]presentforyourself[.]com/3nk4/?wZ=5jTptXw0VZcluLb0&Ib8H=Qfsz6JwyPzJj7trzaoUc4VNDGzk0Ytuhq6gjrTef88/Psg4hzQle6zy8zxyqctwrWlKXxg==

MD5

2cda9b965792efe0a8691ad1253268d8

SHA256

61be8eb2905c08febca2821b39701ea6a361ae21e807866d240b3b122221cf62

Family

Formbook

 


(7)

File Name

Microsoft_Toolkit.exe

Created process

Microsoft_Toolkit.exe

Connected (Ip/Dns)

g-partners[.]live, netoterizi[.]xyz, uehge4g6gh[.]2ihsfa[.]com, privacytoolsforyoufree[.]xyz

MD5

e3454574c3a153c1242aaeba4340fc6c

SHA256

c1a12791e61b56c414d7c2c92ed8bbfd3937e08baa03c0ea35d0abc9a9cc6315

Family

Vidar

 

(8)

File Name

izvozni cenovnik 2021 BIH 15.7.2021.doc

Created process

microA.exe

Connected (Ip/Dns)

Hutyrtit[.]ydns[.]eu, fieldsdegreenf.duckdns[.]org

MD5

7e0791da75595f97a81f81bc2c75f2dc

SHA256

8e48ba3d75f77398e0f592450c4174c5699c7f6f6c5b7fa9cb85b39029aa7ecd

Family

Remcos

 

(9)

File Name

4e21e43ab0003b62b851d7c584e8cb718acd3e147612737cac6c68f1b88528e0_0706_2354713505898.doc

Created process

4e21e43ab0003b62b851d7c584e8cb718acd3e147612737cac6c68f1b88528e0_0706_2354713505898.exe

Connected (Ip/Dns)

Hosouggs[.]com, mancause[.]ru

MD5

cb09a047963adcee78e1e33e2fe2271f

SHA256

4e21e43ab0003b62b851d7c584e8cb718acd3e147612737cac6c68f1b88528e0

Family

HANCITOR

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware