IOCs 9_7_2021

 




(1)

File Name

d6114299ec233d605582a7cc13f18c94.exe

Created process

d6114299ec233d605582a7cc13f18c94.exe

Connected (Ip/Dns)

185[.]227[.]139[.]18/dsaicosaicasdi.php/9Ai3TsZnx0KA6

MD5

d6114299ec233d605582a7cc13f18c94

SHA256

c81e0e3004d778cf8130ad4f4f613e9c1b8be10f0185c62bc5fe3fa8f242d87c

Family

Lokibot

 


(2)

File Name

vbc.exe

Created process

vbc.exe

Connected (Ip/Dns)

Manvim[.]co/fd4/fre.php,

 

MD5

d85950bc6166358539e77a46202d80d9

SHA256

749437c88e2c14c1e8f366cbdc97d1a1eb7ee21ea949d57eef55deb553191aca

Family

Lokibot

 

(3)

File Name

REQUEST FOR OFFER 09-07-2021·pdf.exe

Created process

REQUEST FOR OFFER 09-07-2021·pdf.exe

Connected (Ip/Dns)

185[.]227[.]139[.]18/dsaicosaicasdi.php/pXqVbj1ory8MD

MD5

2078866ab764d53e4084a2eeaa2f9a2d

SHA256

448be68731cf12e9892892bb291c97cd29c4a60939849c841615a914b2381230

Family

Lokibot

 

(4)

File Name

f3ffa903-2c7e-4207-9088-ae1abb56695c.exe

Created process

f3ffa903-2c7e-4207-9088-ae1abb56695c.exe

Connected (Ip/Dns)

185[.]227[.]139[.]18/dsaicosaicasdi.php/SczbkxCQZQyVr

MD5

160c007804145059d11cdb850a045f5f

SHA256

788af4037d2336793213e33ba539a4b8f3bed5507f660f63bcfc40e1cc67863e

Family

Lokibot

 

(5)

File Name

Order 2021·pdf.zip

Created process

Order 2021·pdf.zip

Connected (Ip/Dns)

63[.]141[.]228[.]141/32.php/S7zr5v1fXI3Rb

MD5

85234ebfb3dd01b1cfa06ea6527c8779

SHA256

c46f73d03f03f805d8e7efa969097ccba9f19c649c4e8fc9e0b4a9094f8db0c5

Family

Lokibot

 

(6)

File Name

8842.exe

Created process

8842.exe

Connected (Ip/Dns)

Haoldd[.]com, www[.]haoldd[.]com

MD5

73762b9243eb0685ac3cc545bb224f1f

SHA256

06c3bd11ac039d2a0dd7545a3e96b68c00235f39ee252780d317a77c3e15c70c

Family

AgentTesla

 

(7)

File Name

daddy.exe

Created process

daddy.exe

Connected (Ip/Dns)

6.tcp[.]ngrok[.]io

MD5

533a407a3c86bd130c6599f8e13eb2a5

SHA256

db24e02e2946a0ff685e86d3160323a1c978ca8469a4653965bedb168fe1732d

Family

AVE_MARIA

 

(8)

File Name

0708_3355614568218.doc

Created process

splwow64.exe

Connected (Ip/Dns)

Sudepallon[.]com, pospvisis[.]com

MD5

992338b40b38f1f55bd4a9599f70771c

SHA256

b4d402b4ab3b5a5568f35562955d5d05357a589ccda55fde5a2c166ef5f15699

Family

Hancitor

 

(9)

File Name

GandCrab.exe

Created process

GandCrab.exe

Connected (Ip/Dns)

Gandcrab[.]bit

MD5

a635d6a35c2fc054042b6868ef52a0c3

SHA256

643f8043c0b0f89cedbfc3177ab7cfe99a8e2c7fe16691f3d54fb18bc14b8f45

Family

GandCrab

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware