IOCs 25_10_2021

 





(1)

File Name

Netflix Checker AutoProxy.rar

Created process

Qsbb.exe

Connected (Ip/Dns)

Fhruhceio[.]eu5[.]org

MD5

54407258f1e20055897fe7dad504a5dc

SHA256

4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50

Family

njRAT

 

(2)

File Name

Start.exe

Created process

yGYkD7gHOX.exe

Connected (Ip/Dns)

Telete[.]in

MD5

e123bd2a5d074027510e792b92bce913

SHA256

245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b

Family

Raccoon

 

(3)

File Name

гта 5.exe.exe

Created process

гта 5.exe.exe

Connected (Ip/Dns)

91.207.61.175

MD5

374edde167be28f562bf97754a100adb

SHA256

f967adb9518a6cdb1643ee2d388a8ea9ff7282fb65ae594ab5c7e1b908445420

Family

njRAT

 

(4)

File Name

RFQ_INAC_005REQ21.docx

Created process

RFQ_INAC_005REQ21.exe

Connected (Ip/Dns)

http[:]//103[.]155[.]83[.]184/........-.-.-.-.-.-.----wii[.]wiz.............w[.]wbk..........w[.]wbk/

MD5

b50cc8666008f87a35708a2c059c882f

SHA256

be27da12b26857a56af0151373169385410ad24d677be4137016b436efefdd04

Family

Lokibot

 

(5)

File Name

Outstanding Payments.xlsx

Created process

Outstanding Payments.exe

Connected (Ip/Dns)

http[:]//63[.]250[.]40[.]204/~wpdemo/file[.]php?search=386869

MD5

edb2b17df86905c54d464a20352ff7f3

SHA256

2005c36e4d566d616419607144f8d30b9da978428698d1bed3911da92fd37382

Family

Lokibot

 

(6)

File Name

Setup.exe

Created process

Setup.exe

Connected (Ip/Dns)

http[:]//45[.]133[.]1.107/server[.]txt

MD5

d1b2c8ddca2f8dd02e2c132153055084

SHA256

506c2f513d64242fcb20ccff8c26c0ed1755fe9120b984c29ba224b311d635c3

Family

Vidar

 

(7)

File Name

REMITTANCE_COPY_20211025.exe

Created process

REMITTANCE_COPY_20211025.exe

Connected (Ip/Dns)

http[:]//www[.]teenstube[.]quest/ubqx/?nDFxwnQ8=CmcZLkNIo7Z8zl/eRqVFngc4dAQL606qgu/KuCIHXJ3wo5gPwms0Y9eYQbUBqfhFZeR9QQ==&QFidd=0b-TWXlhzZm42vYp

MD5

09eef8ec28f7e8fb2ce9d0938252e2be

SHA256

35f65cce1c28e104597294816d51eefdfeedca990034f0315f1b9daa31581a0d

Family

Formbook

 

(8)

File Name

224b25ffd285d501050213d3fccd62b127a072d02fac6a240edf2017784caf8a

Created process

224b25ffd285d501050213d3fccd62b127a072d02fac6a240edf2017784caf8a

Connected (Ip/Dns)

162[.]0[.]223[.]226

MD5

6b80d906346c210077a6d13ca8df16f1

SHA256

224b25ffd285d501050213d3fccd62b127a072d02fac6a240edf2017784caf8a

Family

Nanocore

 


(9)

File Name

fe6a49ac3815c4b198125bcbe392f50077cce19e161e2455b57258eb5166ae52

Created process

fe6a49ac3815c4b198125bcbe392f50077cce19e161e2455b57258eb5166ae52.exe

Connected (Ip/Dns)

http[:]//91[.]219[.]236[.]49/l/f/I5tetXwB3dP17Spz0ktD/829d3e7518e156cdcf02ca309acafec393927294

MD5

40fb0797cd98e370396064cf3ac547bd

SHA256

fe6a49ac3815c4b198125bcbe392f50077cce19e161e2455b57258eb5166ae52

Family

Raccoon

 

(10)

File Name

VirusShare_d4af887f7fb93b4ef57211cb95a074c3

Created process

VirusShare_d4af887f7fb93b4ef57211cb95a074c3.exe

Connected (Ip/Dns)

http[:]//77yxx[.]com/b5rh/bZxS/

MD5

d4af887f7fb93b4ef57211cb95a074c3

SHA256

0424e4caf10c9b8b80f3114816b85e8268b9a288eb368e1ce66e6ab8e5b73b75

Family

Emotet

 


(11)

File Name

ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150.exe

Created process

ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150.exe

Connected (Ip/Dns)

23[.]229[.]29[.]48

MD5

90a89fc585f1c79b2629c9dd8520ddb9

SHA256

ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150

Family

Danabot

 

(12)

File Name

0722_3614470461.xls

Created process

0722_3614470461.exe

Connected (Ip/Dns)

http[:]//tholeferli[.]com/8/forum[.]php

MD5

e034a9922b81fc32fdfb65eecec94007

SHA256

f43aab9043c531a3311cbcc911d5093e1dbc1f8ba82eb94e5f85f2570aa26319

Family

Hancitor

 


Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more