IOCs 25_10_2021

 





(1)

File Name

Netflix Checker AutoProxy.rar

Created process

Qsbb.exe

Connected (Ip/Dns)

Fhruhceio[.]eu5[.]org

MD5

54407258f1e20055897fe7dad504a5dc

SHA256

4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50

Family

njRAT

 

(2)

File Name

Start.exe

Created process

yGYkD7gHOX.exe

Connected (Ip/Dns)

Telete[.]in

MD5

e123bd2a5d074027510e792b92bce913

SHA256

245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b

Family

Raccoon

 

(3)

File Name

гта 5.exe.exe

Created process

гта 5.exe.exe

Connected (Ip/Dns)

91.207.61.175

MD5

374edde167be28f562bf97754a100adb

SHA256

f967adb9518a6cdb1643ee2d388a8ea9ff7282fb65ae594ab5c7e1b908445420

Family

njRAT

 

(4)

File Name

RFQ_INAC_005REQ21.docx

Created process

RFQ_INAC_005REQ21.exe

Connected (Ip/Dns)

http[:]//103[.]155[.]83[.]184/........-.-.-.-.-.-.----wii[.]wiz.............w[.]wbk..........w[.]wbk/

MD5

b50cc8666008f87a35708a2c059c882f

SHA256

be27da12b26857a56af0151373169385410ad24d677be4137016b436efefdd04

Family

Lokibot

 

(5)

File Name

Outstanding Payments.xlsx

Created process

Outstanding Payments.exe

Connected (Ip/Dns)

http[:]//63[.]250[.]40[.]204/~wpdemo/file[.]php?search=386869

MD5

edb2b17df86905c54d464a20352ff7f3

SHA256

2005c36e4d566d616419607144f8d30b9da978428698d1bed3911da92fd37382

Family

Lokibot

 

(6)

File Name

Setup.exe

Created process

Setup.exe

Connected (Ip/Dns)

http[:]//45[.]133[.]1.107/server[.]txt

MD5

d1b2c8ddca2f8dd02e2c132153055084

SHA256

506c2f513d64242fcb20ccff8c26c0ed1755fe9120b984c29ba224b311d635c3

Family

Vidar

 

(7)

File Name

REMITTANCE_COPY_20211025.exe

Created process

REMITTANCE_COPY_20211025.exe

Connected (Ip/Dns)

http[:]//www[.]teenstube[.]quest/ubqx/?nDFxwnQ8=CmcZLkNIo7Z8zl/eRqVFngc4dAQL606qgu/KuCIHXJ3wo5gPwms0Y9eYQbUBqfhFZeR9QQ==&QFidd=0b-TWXlhzZm42vYp

MD5

09eef8ec28f7e8fb2ce9d0938252e2be

SHA256

35f65cce1c28e104597294816d51eefdfeedca990034f0315f1b9daa31581a0d

Family

Formbook

 

(8)

File Name

224b25ffd285d501050213d3fccd62b127a072d02fac6a240edf2017784caf8a

Created process

224b25ffd285d501050213d3fccd62b127a072d02fac6a240edf2017784caf8a

Connected (Ip/Dns)

162[.]0[.]223[.]226

MD5

6b80d906346c210077a6d13ca8df16f1

SHA256

224b25ffd285d501050213d3fccd62b127a072d02fac6a240edf2017784caf8a

Family

Nanocore

 


(9)

File Name

fe6a49ac3815c4b198125bcbe392f50077cce19e161e2455b57258eb5166ae52

Created process

fe6a49ac3815c4b198125bcbe392f50077cce19e161e2455b57258eb5166ae52.exe

Connected (Ip/Dns)

http[:]//91[.]219[.]236[.]49/l/f/I5tetXwB3dP17Spz0ktD/829d3e7518e156cdcf02ca309acafec393927294

MD5

40fb0797cd98e370396064cf3ac547bd

SHA256

fe6a49ac3815c4b198125bcbe392f50077cce19e161e2455b57258eb5166ae52

Family

Raccoon

 

(10)

File Name

VirusShare_d4af887f7fb93b4ef57211cb95a074c3

Created process

VirusShare_d4af887f7fb93b4ef57211cb95a074c3.exe

Connected (Ip/Dns)

http[:]//77yxx[.]com/b5rh/bZxS/

MD5

d4af887f7fb93b4ef57211cb95a074c3

SHA256

0424e4caf10c9b8b80f3114816b85e8268b9a288eb368e1ce66e6ab8e5b73b75

Family

Emotet

 


(11)

File Name

ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150.exe

Created process

ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150.exe

Connected (Ip/Dns)

23[.]229[.]29[.]48

MD5

90a89fc585f1c79b2629c9dd8520ddb9

SHA256

ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150

Family

Danabot

 

(12)

File Name

0722_3614470461.xls

Created process

0722_3614470461.exe

Connected (Ip/Dns)

http[:]//tholeferli[.]com/8/forum[.]php

MD5

e034a9922b81fc32fdfb65eecec94007

SHA256

f43aab9043c531a3311cbcc911d5093e1dbc1f8ba82eb94e5f85f2570aa26319

Family

Hancitor

 


Comments

Post a Comment

Popular posts from this blog

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH...
Read more

Phishing Attacks 3_3_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 45.137.22.124 From "Cheng Yong"<rosa@franball.net>" Subject "RV: Shipping advice - 2nd container under ct.876" Attachment "SHIPPING ADVICE#202203.zip" MD5 aa2d18552a8d5041e4c757cee09f2c4d SHA256 0628b564bad3c4e59644e91398899f88143aa2eb3473e720270fb1566c628d60 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .       (2) Sender ip 2.56.56.35 From "contato@vastoverde.com.br" Subject "fwd :Outstanding Remittance payment" Attachment "receipt_pdf.z" ...
Read more

Phishing Attacks 15_12_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 37.0.10.173 From "Mona Bharti <m.bhart@frigel.com>" Subject "Purchase Order 1212200205_PR21220055" Attachment "Purchase Order 1212200205_PR21220055.zip" MD5 5e1c9b4e130a7a9bb68ed6e6f414ff20 SHA256 0ba7a7c7189d5bcd38048ba7418ff521d6a00ab36804b8980c4d51ba43fcf070 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .          (2) Sender ip 45.137.22.181 From "ajay.katoch@unilever.com" Subject "RE: invoice & packing list for shipping order no. 411301" Attachment ...
Read more