IOCs 1_11_2021

 


(1)

File Name

Mon0310fe64c8580a66.zip

Created process

FortniteNewSwapper.exe

Connected (Ip/Dns)

45[.]133[.]1[.]107

MD5

4ee84843f8ceb20b4abc287bff7c9dd5

SHA256

6c7b7c0b30f2e02f4edcb05309d28eb650e656dce0c57c073f857e44e48a70e0

Family

Vidar

 

(2)

File Name

RFQ#QH211013.pdf.exe

Created process

Help.exe

Connected (Ip/Dns)

54[.]38[.]220[.]85

MD5

372dc8c06befddcfdcb321e73a7115df

SHA256

48c9cebf9a4f71daebd9ccbb9431669d4e9c1f9f1ad181bccc0b0cea59b489db

Family

Formbook

 

(3)

File Name

RFQ QH211013.pdf.rar

Created process

NAPSTAT.EXE

Connected (Ip/Dns)

91.207.61.175

MD5

374edde167be28f562bf97754a100adb

SHA256

f967adb9518a6cdb1643ee2d388a8ea9ff7282fb65ae594ab5c7e1b908445420

Family

njRAT

 

(4)

File Name

RFQ_INAC_005REQ21.docx

Created process

RFQ_INAC_005REQ21.exe

Connected (Ip/Dns)

www[.]illusiontrick[.]com

MD5

b4e25b53c8d759e08e3b81555f7eff0e

SHA256

34c41582be6b9a49b6325e66e5efb30920fb3e0fa617b71f657c6d1c7a9cbdc5

Family

Formbook

 

(5)

File Name

Offer_sheet_Quotation.exe

Created process

Offer_sheet_Quotation.exe

Connected (Ip/Dns)

63[.]250[.]40[.]204

MD5

7ff888c2d695a851127ba9bd35c8d625

SHA256

f2781b6ab9eeb20022eaa81146833b2091651856858c1f7e78ad013a9bfb1170

Family

Lokibot

 

(6)

File Name

swift(1).xlsx

Created process

vbc.exe

Connected (Ip/Dns)

63[.]250[.]40[.]204

MD5

b7b5a3810da620ea9ab8c73b5472fa8d

SHA256

fca182da369a85aceee94b7aba595834a71908dfec06ca593032d3b2536d2d39

Family

Lokibot

 

(7)

File Name

Nov PO 202111.exe

Created process

MAINPROC.exe

Connected (Ip/Dns)

185[.]140[.]53[.]178

MD5

9ed7b682361833b961260c4f53e8af2c

SHA256

3ce5b0553f1718aa5758fc34f4b91627bbe014aaada92ed297eb9482cbb06333

Family

Remcos

 

(8)

File Name

NanoCore_Portable.exe

Created process

NanoCore.exe

Connected (Ip/Dns)

35[.]187[.]207[.]65

MD5

d8097b543928f1ae74e17ae06e941366

SHA256

59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc

Family

Nanocore

 

(9)

File Name

Mon0310fe64c8580a66.zip

Created process

Mon0310fe64c8580a66.exe

Connected (Ip/Dns)

45[.]133[.]1[.]107 and 212[.]192[.]241[.]62

MD5

4ee84843f8ceb20b4abc287bff7c9dd5

SHA256

6c7b7c0b30f2e02f4edcb05309d28eb650e656dce0c57c073f857e44e48a70e0

Family

Vidar

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more