IOCs 1_11_2021
(1)
File
Name |
Mon0310fe64c8580a66.zip |
Created
process |
FortniteNewSwapper.exe |
Connected
(Ip/Dns) |
45[.]133[.]1[.]107 |
MD5 |
4ee84843f8ceb20b4abc287bff7c9dd5 |
SHA256 |
6c7b7c0b30f2e02f4edcb05309d28eb650e656dce0c57c073f857e44e48a70e0 |
Family |
Vidar |
(2)
File
Name |
RFQ#QH211013.pdf.exe |
Created
process |
Help.exe |
Connected
(Ip/Dns) |
54[.]38[.]220[.]85 |
MD5 |
372dc8c06befddcfdcb321e73a7115df |
SHA256 |
48c9cebf9a4f71daebd9ccbb9431669d4e9c1f9f1ad181bccc0b0cea59b489db |
Family |
Formbook |
(3)
File
Name |
RFQ
QH211013.pdf.rar |
Created
process |
NAPSTAT.EXE |
Connected
(Ip/Dns) |
91.207.61.175 |
MD5 |
374edde167be28f562bf97754a100adb |
SHA256 |
f967adb9518a6cdb1643ee2d388a8ea9ff7282fb65ae594ab5c7e1b908445420 |
Family |
njRAT |
(4)
File
Name |
RFQ_INAC_005REQ21.docx |
Created
process |
RFQ_INAC_005REQ21.exe |
Connected
(Ip/Dns) |
www[.]illusiontrick[.]com |
MD5 |
b4e25b53c8d759e08e3b81555f7eff0e |
SHA256 |
34c41582be6b9a49b6325e66e5efb30920fb3e0fa617b71f657c6d1c7a9cbdc5 |
Family |
Formbook |
(5)
File
Name |
Offer_sheet_Quotation.exe |
Created
process |
Offer_sheet_Quotation.exe |
Connected
(Ip/Dns) |
63[.]250[.]40[.]204 |
MD5 |
7ff888c2d695a851127ba9bd35c8d625 |
SHA256 |
f2781b6ab9eeb20022eaa81146833b2091651856858c1f7e78ad013a9bfb1170 |
Family |
Lokibot |
(6)
File
Name |
swift(1).xlsx |
Created
process |
vbc.exe |
Connected
(Ip/Dns) |
63[.]250[.]40[.]204 |
MD5 |
b7b5a3810da620ea9ab8c73b5472fa8d |
SHA256 |
fca182da369a85aceee94b7aba595834a71908dfec06ca593032d3b2536d2d39 |
Family |
Lokibot |
(7)
File
Name |
Nov
PO 202111.exe |
Created
process |
MAINPROC.exe |
Connected
(Ip/Dns) |
185[.]140[.]53[.]178 |
MD5 |
9ed7b682361833b961260c4f53e8af2c |
SHA256 |
3ce5b0553f1718aa5758fc34f4b91627bbe014aaada92ed297eb9482cbb06333 |
Family |
Remcos |
(8)
File
Name |
NanoCore_Portable.exe |
Created
process |
NanoCore.exe |
Connected
(Ip/Dns) |
35[.]187[.]207[.]65 |
MD5 |
d8097b543928f1ae74e17ae06e941366 |
SHA256 |
59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc |
Family |
Nanocore |
(9)
File
Name |
Mon0310fe64c8580a66.zip |
Created
process |
Mon0310fe64c8580a66.exe |
Connected
(Ip/Dns) |
45[.]133[.]1[.]107
and 212[.]192[.]241[.]62 |
MD5 |
4ee84843f8ceb20b4abc287bff7c9dd5 |
SHA256 |
6c7b7c0b30f2e02f4edcb05309d28eb650e656dce0c57c073f857e44e48a70e0 |
Family |
Vidar |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment