IOCs 7_8_2021
(1)
File Name |
Netflix Checker AutoProxy.rar |
Created process |
Qsbb.exe |
Connected (Ip/Dns) |
Fhruhceio[.]eu5[.]org |
MD5 |
54407258f1e20055897fe7dad504a5dc |
SHA256 |
4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 |
Family |
njRAT |
(2)
File Name |
Start.exe |
Created process |
yGYkD7gHOX.exe |
Connected (Ip/Dns) |
Telete[.]in |
MD5 |
e123bd2a5d074027510e792b92bce913 |
SHA256 |
245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b |
Family |
Raccoon |
(3)
File Name |
Banco do
Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe |
Created process |
Banco do
Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe |
Connected (Ip/Dns) |
www[.]transinta[.]com |
MD5 |
c52bba22aab2fb97d79ef862350a6f7e |
SHA256 |
44539749971b58f590567a17b718be17f01c5bd37048711215e7e75a62eb056a |
Family |
Formbook |
(4)
File Name |
INVOICE - Q0002255 - LKJIN001
(29-07-21)-pdf.exe |
Created process |
INVOICE - Q0002255 - LKJIN001
(29-07-21)-pdf.exe |
Connected (Ip/Dns) |
www[.]hubrisnewyork[.]com/ipa8/?APXD=djIHN4FPZ&vBIXw=psEmCjOtUaymLuj5TQxYB0IjeIPLW49VlSWZmnePLfaOhCevd/mqSAKvrPP5a1f+eg/jNg== |
MD5 |
92f15ca5167c47451b44f08c4eb0d5a4 |
SHA256 |
4c1b38391ab198fb0e2c7050a8951e65efbc818991fb710f6deeb2c76a54c734 |
Family |
formbook |
(5)
File Name |
Shipment Details_pdf.exe |
Created process |
Shipment Details_pdf.exe |
Connected (Ip/Dns) |
185[.]227[.]139[.]18/dsaicosaicasdi.php/W9ZqiawWCXST6 |
MD5 |
a03a600316a1dc107320c3f329a33345 |
SHA256 |
94ae8b1c05b846750508e29d9d1dce54df93ef9bcac4325acdc4febe5f6e0dcb |
Family |
Lokibot |
(6)
File Name |
Shipping#docs.PNG |
Created process |
nwinhh.pif |
Connected (Ip/Dns) |
Strongodss[.]ddns[.]net |
MD5 |
652497f5c294f97e43f530d25dbfe232 |
SHA256 |
edc368c6f37a90b5e43e9502fab428086dcae2e613ca686e54436cbd15c5a74f |
Family |
Nanocore |
(7)
File Name |
apwxc.exe |
Created process |
apwxc.exe |
Connected (Ip/Dns) |
Fine[.]le-pear[l].com |
MD5 |
8663ed0caec9adcb980a4a7ea23e7984 |
SHA256 |
bbe006688e5f74473a5e248bc83651cbb7e9efbe8410abb8d8b84b4a59ed7750 |
Family |
vidar |
(8)
File Name |
Proof Of Payment.jpg.scr |
Created process |
lqilwl.pif |
Connected (Ip/Dns) |
Harold[.]ns01[.]info |
MD5 |
66ae237c1680a6c0194d4a5ef883a146 |
SHA256 |
282e441b58eed38ce5b5aeae04ad6d174ff23b8c7a6ced664c54b683f8cfc8ab |
Family |
Netwire |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment