IOCs 7_8_2021

 


(1)

File Name

Netflix Checker AutoProxy.rar

Created process

Qsbb.exe

Connected (Ip/Dns)

Fhruhceio[.]eu5[.]org

MD5

54407258f1e20055897fe7dad504a5dc

SHA256

4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50

Family

njRAT

 

(2)

File Name

Start.exe

Created process

yGYkD7gHOX.exe

Connected (Ip/Dns)

Telete[.]in

MD5

e123bd2a5d074027510e792b92bce913

SHA256

245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b

Family

Raccoon

 

(3)

File Name

Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe

Created process

Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe

Connected (Ip/Dns)

www[.]transinta[.]com

MD5

c52bba22aab2fb97d79ef862350a6f7e

SHA256

44539749971b58f590567a17b718be17f01c5bd37048711215e7e75a62eb056a

Family

Formbook

 

(4)

File Name

INVOICE - Q0002255 - LKJIN001 (29-07-21)-pdf.exe

Created process

INVOICE - Q0002255 - LKJIN001 (29-07-21)-pdf.exe

Connected (Ip/Dns)

www[.]hubrisnewyork[.]com/ipa8/?APXD=djIHN4FPZ&vBIXw=psEmCjOtUaymLuj5TQxYB0IjeIPLW49VlSWZmnePLfaOhCevd/mqSAKvrPP5a1f+eg/jNg==

MD5

92f15ca5167c47451b44f08c4eb0d5a4

SHA256

4c1b38391ab198fb0e2c7050a8951e65efbc818991fb710f6deeb2c76a54c734

Family

formbook

 

(5)

File Name

Shipment Details_pdf.exe

Created process

Shipment Details_pdf.exe

Connected (Ip/Dns)

185[.]227[.]139[.]18/dsaicosaicasdi.php/W9ZqiawWCXST6

MD5

a03a600316a1dc107320c3f329a33345

SHA256

94ae8b1c05b846750508e29d9d1dce54df93ef9bcac4325acdc4febe5f6e0dcb

Family

Lokibot

 

(6)

File Name

Shipping#docs.PNG

Created process

nwinhh.pif

Connected (Ip/Dns)

Strongodss[.]ddns[.]net

MD5

652497f5c294f97e43f530d25dbfe232

SHA256

edc368c6f37a90b5e43e9502fab428086dcae2e613ca686e54436cbd15c5a74f

Family

Nanocore


(7)

File Name

apwxc.exe

Created process

apwxc.exe

Connected (Ip/Dns)

Fine[.]le-pear[l].com

MD5

8663ed0caec9adcb980a4a7ea23e7984

SHA256

bbe006688e5f74473a5e248bc83651cbb7e9efbe8410abb8d8b84b4a59ed7750

Family

vidar


(8)

File Name

Proof Of Payment.jpg.scr

Created process

lqilwl.pif

Connected (Ip/Dns)

Harold[.]ns01[.]info

MD5

66ae237c1680a6c0194d4a5ef883a146

SHA256

282e441b58eed38ce5b5aeae04ad6d174ff23b8c7a6ced664c54b683f8cfc8ab

Family

Netwire

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Post a Comment

Popular posts from this blog

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 3_3_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 45.137.22.124 From "Cheng Yong"<rosa@franball.net>" Subject "RV: Shipping advice - 2nd container under ct.876" Attachment "SHIPPING ADVICE#202203.zip" MD5 aa2d18552a8d5041e4c757cee09f2c4d SHA256 0628b564bad3c4e59644e91398899f88143aa2eb3473e720270fb1566c628d60 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .       (2) Sender ip 2.56.56.35 From "contato@vastoverde.com.br" Subject "fwd :Outstanding Remittance payment" Attachment "receipt_pdf.z"
Read more