IOCs 8_7_2021

 



(1)

File Name

roaqc.exe

Created process

roaqc.exe

Connected (Ip/Dns)

Sspmoct[.]xyz

MD5

e5f57d9347f7c484754015daa62f12af

SHA256

98ee9eb5449562fdfe5e0a448cec7ef60f315e5f8a7c65c40a5b61290bcbe97d

Family

Lokibot

 


(2)

File Name

Zamowienie_64029_Emet-Impex.exe

Created process

Zamowienie_64029_Emet-Impex.exe

Connected (Ip/Dns)

ctp1[.]xyz

MD5

c56bd875f071abfea437f5069f3de35a

SHA256

6ebd45483d2222727a82c70feeb7c19017751b381247c7917462f26678d313d8

Family

Lokibot

 

(3)

File Name

FedEx ReceiptAWB#5305323204643.exe

Created process

FedEx ReceiptAWB#5305323204643.exe

Connected (Ip/Dns)

isnadsknsbs-38398[.]portmap[.]host

MD5

6174195a1c5fefb02b01e986232f4893

SHA256

5bf72f77315cd7a56e2acab833c8886a06f3d0b7bd5bc617dfe71ae74d3b7d77

Family

Lokibot

 

(4)

File Name

FIVEM.PRO.exe

Created process

FIVEM.PRO.exe

Connected (Ip/Dns)

Asdsasdas[.]ddns[.]net

MD5

97975ff7c4961b2a321afb4804c01278

SHA256

01cac0c7554a252b377e4fa16911f1843c4f1795247b0594dc4f8cf7bea2f002

Family

NanoCore

 If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore.. 

(5)

File Name

첨부 문서.eml

Created process

COS02839HJ029.PNG.scr

Connected (Ip/Dns)

Strongodss[.]ddns[.]net

MD5

d6144c948a69bb3fdbca2cece33834ce

SHA256

88f615bc0ca8cf80ed13d7910c17dbfd51ac679b635ff846ca2e75f4758d90ec

Family

Nanocore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..  

(6)

File Name

Payment Advice Note from 08.07.2021 to 308720.exe

Created process

Payment Advice Note from 08.07.2021 to 308720.exe

Connected (Ip/Dns)

www[.]presentforyourself[.]com/3nk4/?wZ=5jTptXw0VZcluLb0&Ib8H=Qfsz6JwyPzJj7trzaoUc4VNDGzk0Ytuhq6gjrTef88/Psg4hzQle6zy8zxyqctwrWlKXxg==

MD5

2cda9b965792efe0a8691ad1253268d8

SHA256

61be8eb2905c08febca2821b39701ea6a361ae21e807866d240b3b122221cf62

Family

Formbook

 


(7)

File Name

Microsoft_Toolkit.exe

Created process

Microsoft_Toolkit.exe

Connected (Ip/Dns)

g-partners[.]live, netoterizi[.]xyz, uehge4g6gh[.]2ihsfa[.]com, privacytoolsforyoufree[.]xyz

MD5

e3454574c3a153c1242aaeba4340fc6c

SHA256

c1a12791e61b56c414d7c2c92ed8bbfd3937e08baa03c0ea35d0abc9a9cc6315

Family

Vidar

 

(8)

File Name

izvozni cenovnik 2021 BIH 15.7.2021.doc

Created process

microA.exe

Connected (Ip/Dns)

Hutyrtit[.]ydns[.]eu, fieldsdegreenf.duckdns[.]org

MD5

7e0791da75595f97a81f81bc2c75f2dc

SHA256

8e48ba3d75f77398e0f592450c4174c5699c7f6f6c5b7fa9cb85b39029aa7ecd

Family

Remcos

 

(9)

File Name

4e21e43ab0003b62b851d7c584e8cb718acd3e147612737cac6c68f1b88528e0_0706_2354713505898.doc

Created process

4e21e43ab0003b62b851d7c584e8cb718acd3e147612737cac6c68f1b88528e0_0706_2354713505898.exe

Connected (Ip/Dns)

Hosouggs[.]com, mancause[.]ru

MD5

cb09a047963adcee78e1e33e2fe2271f

SHA256

4e21e43ab0003b62b851d7c584e8cb718acd3e147612737cac6c68f1b88528e0

Family

HANCITOR

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 3_3_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 45.137.22.124 From "Cheng Yong"<rosa@franball.net>" Subject "RV: Shipping advice - 2nd container under ct.876" Attachment "SHIPPING ADVICE#202203.zip" MD5 aa2d18552a8d5041e4c757cee09f2c4d SHA256 0628b564bad3c4e59644e91398899f88143aa2eb3473e720270fb1566c628d60 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .       (2) Sender ip 2.56.56.35 From "contato@vastoverde.com.br" Subject "fwd :Outstanding Remittance payment" Attachment "receipt_pdf.z"
Read more