IOCs 9_7_2021

 




(1)

File Name

d6114299ec233d605582a7cc13f18c94.exe

Created process

d6114299ec233d605582a7cc13f18c94.exe

Connected (Ip/Dns)

185[.]227[.]139[.]18/dsaicosaicasdi.php/9Ai3TsZnx0KA6

MD5

d6114299ec233d605582a7cc13f18c94

SHA256

c81e0e3004d778cf8130ad4f4f613e9c1b8be10f0185c62bc5fe3fa8f242d87c

Family

Lokibot

 


(2)

File Name

vbc.exe

Created process

vbc.exe

Connected (Ip/Dns)

Manvim[.]co/fd4/fre.php,

 

MD5

d85950bc6166358539e77a46202d80d9

SHA256

749437c88e2c14c1e8f366cbdc97d1a1eb7ee21ea949d57eef55deb553191aca

Family

Lokibot

 

(3)

File Name

REQUEST FOR OFFER 09-07-2021·pdf.exe

Created process

REQUEST FOR OFFER 09-07-2021·pdf.exe

Connected (Ip/Dns)

185[.]227[.]139[.]18/dsaicosaicasdi.php/pXqVbj1ory8MD

MD5

2078866ab764d53e4084a2eeaa2f9a2d

SHA256

448be68731cf12e9892892bb291c97cd29c4a60939849c841615a914b2381230

Family

Lokibot

 

(4)

File Name

f3ffa903-2c7e-4207-9088-ae1abb56695c.exe

Created process

f3ffa903-2c7e-4207-9088-ae1abb56695c.exe

Connected (Ip/Dns)

185[.]227[.]139[.]18/dsaicosaicasdi.php/SczbkxCQZQyVr

MD5

160c007804145059d11cdb850a045f5f

SHA256

788af4037d2336793213e33ba539a4b8f3bed5507f660f63bcfc40e1cc67863e

Family

Lokibot

 

(5)

File Name

Order 2021·pdf.zip

Created process

Order 2021·pdf.zip

Connected (Ip/Dns)

63[.]141[.]228[.]141/32.php/S7zr5v1fXI3Rb

MD5

85234ebfb3dd01b1cfa06ea6527c8779

SHA256

c46f73d03f03f805d8e7efa969097ccba9f19c649c4e8fc9e0b4a9094f8db0c5

Family

Lokibot

 

(6)

File Name

8842.exe

Created process

8842.exe

Connected (Ip/Dns)

Haoldd[.]com, www[.]haoldd[.]com

MD5

73762b9243eb0685ac3cc545bb224f1f

SHA256

06c3bd11ac039d2a0dd7545a3e96b68c00235f39ee252780d317a77c3e15c70c

Family

AgentTesla

 

(7)

File Name

daddy.exe

Created process

daddy.exe

Connected (Ip/Dns)

6.tcp[.]ngrok[.]io

MD5

533a407a3c86bd130c6599f8e13eb2a5

SHA256

db24e02e2946a0ff685e86d3160323a1c978ca8469a4653965bedb168fe1732d

Family

AVE_MARIA

 

(8)

File Name

0708_3355614568218.doc

Created process

splwow64.exe

Connected (Ip/Dns)

Sudepallon[.]com, pospvisis[.]com

MD5

992338b40b38f1f55bd4a9599f70771c

SHA256

b4d402b4ab3b5a5568f35562955d5d05357a589ccda55fde5a2c166ef5f15699

Family

Hancitor

 

(9)

File Name

GandCrab.exe

Created process

GandCrab.exe

Connected (Ip/Dns)

Gandcrab[.]bit

MD5

a635d6a35c2fc054042b6868ef52a0c3

SHA256

643f8043c0b0f89cedbfc3177ab7cfe99a8e2c7fe16691f3d54fb18bc14b8f45

Family

GandCrab

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more