IOCs 8_7_2021
(1)
File Name |
roaqc.exe |
Created process |
roaqc.exe |
Connected (Ip/Dns) |
Sspmoct[.]xyz |
MD5 |
e5f57d9347f7c484754015daa62f12af |
SHA256 |
98ee9eb5449562fdfe5e0a448cec7ef60f315e5f8a7c65c40a5b61290bcbe97d |
Family |
Lokibot |
(2)
File Name |
Zamowienie_64029_Emet-Impex.exe |
Created process |
Zamowienie_64029_Emet-Impex.exe |
Connected (Ip/Dns) |
ctp1[.]xyz |
MD5 |
c56bd875f071abfea437f5069f3de35a |
SHA256 |
6ebd45483d2222727a82c70feeb7c19017751b381247c7917462f26678d313d8 |
Family |
Lokibot |
(3)
File Name |
FedEx ReceiptAWB#5305323204643.exe |
Created process |
FedEx ReceiptAWB#5305323204643.exe |
Connected (Ip/Dns) |
isnadsknsbs-38398[.]portmap[.]host |
MD5 |
6174195a1c5fefb02b01e986232f4893 |
SHA256 |
5bf72f77315cd7a56e2acab833c8886a06f3d0b7bd5bc617dfe71ae74d3b7d77 |
Family |
Lokibot |
(4)
File Name |
FIVEM.PRO.exe |
Created process |
FIVEM.PRO.exe |
Connected (Ip/Dns) |
Asdsasdas[.]ddns[.]net |
MD5 |
97975ff7c4961b2a321afb4804c01278 |
SHA256 |
01cac0c7554a252b377e4fa16911f1843c4f1795247b0594dc4f8cf7bea2f002 |
Family |
NanoCore |
(5)
File Name |
첨부 문서.eml |
Created process |
COS02839HJ029.PNG.scr |
Connected (Ip/Dns) |
Strongodss[.]ddns[.]net |
MD5 |
d6144c948a69bb3fdbca2cece33834ce |
SHA256 |
88f615bc0ca8cf80ed13d7910c17dbfd51ac679b635ff846ca2e75f4758d90ec |
Family |
Nanocore |
(6)
File Name |
Payment Advice Note from 08.07.2021 to
308720.exe |
Created process |
Payment Advice Note from 08.07.2021 to
308720.exe |
Connected (Ip/Dns) |
www[.]presentforyourself[.]com/3nk4/?wZ=5jTptXw0VZcluLb0&Ib8H=Qfsz6JwyPzJj7trzaoUc4VNDGzk0Ytuhq6gjrTef88/Psg4hzQle6zy8zxyqctwrWlKXxg== |
MD5 |
2cda9b965792efe0a8691ad1253268d8 |
SHA256 |
61be8eb2905c08febca2821b39701ea6a361ae21e807866d240b3b122221cf62 |
Family |
Formbook |
(7)
File Name |
Microsoft_Toolkit.exe |
Created process |
Microsoft_Toolkit.exe |
Connected (Ip/Dns) |
g-partners[.]live, netoterizi[.]xyz, uehge4g6gh[.]2ihsfa[.]com, privacytoolsforyoufree[.]xyz |
MD5 |
e3454574c3a153c1242aaeba4340fc6c |
SHA256 |
c1a12791e61b56c414d7c2c92ed8bbfd3937e08baa03c0ea35d0abc9a9cc6315 |
Family |
Vidar |
(8)
File Name |
izvozni cenovnik 2021 BIH
15.7.2021.doc |
Created process |
microA.exe |
Connected (Ip/Dns) |
Hutyrtit[.]ydns[.]eu, fieldsdegreenf.duckdns[.]org |
MD5 |
7e0791da75595f97a81f81bc2c75f2dc |
SHA256 |
8e48ba3d75f77398e0f592450c4174c5699c7f6f6c5b7fa9cb85b39029aa7ecd |
Family |
Remcos |
(9)
File Name |
4e21e43ab0003b62b851d7c584e8cb718acd3e147612737cac6c68f1b88528e0_0706_2354713505898.doc |
Created process |
4e21e43ab0003b62b851d7c584e8cb718acd3e147612737cac6c68f1b88528e0_0706_2354713505898.exe |
Connected (Ip/Dns) |
Hosouggs[.]com, mancause[.]ru |
MD5 |
cb09a047963adcee78e1e33e2fe2271f |
SHA256 |
4e21e43ab0003b62b851d7c584e8cb718acd3e147612737cac6c68f1b88528e0 |
Family |
HANCITOR |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment