(1)
File Name | Netflix Checker AutoProxy.rar |
Created process | Qsbb.exe |
Connected (Ip/Dns) | Fhruhceio[.]eu5[.]org |
MD5 | 54407258f1e20055897fe7dad504a5dc |
SHA256 | 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 |
Family | njRAT |
(2)
File Name | Start.exe |
Created process | yGYkD7gHOX.exe |
Connected (Ip/Dns) | Telete[.]in |
MD5 | e123bd2a5d074027510e792b92bce913 |
SHA256 | 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b |
Family | Raccoon |
(3)
File Name | гта 5.exe.exe |
Created process | гта 5.exe.exe |
Connected (Ip/Dns) | 91.207.61.175 |
MD5 | 374edde167be28f562bf97754a100adb |
SHA256 | f967adb9518a6cdb1643ee2d388a8ea9ff7282fb65ae594ab5c7e1b908445420 |
Family | njRAT |
(4)
File Name | RFQ_INAC_005REQ21.docx |
Created process | RFQ_INAC_005REQ21.exe |
Connected (Ip/Dns) | http[:]//103[.]155[.]83[.]184/........-.-.-.-.-.-.----wii[.]wiz.............w[.]wbk..........w[.]wbk/ |
MD5 | b50cc8666008f87a35708a2c059c882f |
SHA256 | be27da12b26857a56af0151373169385410ad24d677be4137016b436efefdd04 |
Family | Lokibot |
(5)
File Name | Outstanding Payments.xlsx |
Created process | Outstanding Payments.exe |
Connected (Ip/Dns) | http[:]//63[.]250[.]40[.]204/~wpdemo/file[.]php?search=386869 |
MD5 | edb2b17df86905c54d464a20352ff7f3 |
SHA256 | 2005c36e4d566d616419607144f8d30b9da978428698d1bed3911da92fd37382 |
Family | Lokibot |
(6)
File Name | Setup.exe |
Created process | Setup.exe |
Connected (Ip/Dns) | http[:]//45[.]133[.]1.107/server[.]txt |
MD5 | d1b2c8ddca2f8dd02e2c132153055084 |
SHA256 | 506c2f513d64242fcb20ccff8c26c0ed1755fe9120b984c29ba224b311d635c3 |
Family | Vidar |
(7)
File Name | REMITTANCE_COPY_20211025.exe |
Created process | REMITTANCE_COPY_20211025.exe |
Connected (Ip/Dns) | http[:]//www[.]teenstube[.]quest/ubqx/?nDFxwnQ8=CmcZLkNIo7Z8zl/eRqVFngc4dAQL606qgu/KuCIHXJ3wo5gPwms0Y9eYQbUBqfhFZeR9QQ==&QFidd=0b-TWXlhzZm42vYp |
MD5 | 09eef8ec28f7e8fb2ce9d0938252e2be |
SHA256 | 35f65cce1c28e104597294816d51eefdfeedca990034f0315f1b9daa31581a0d |
Family | Formbook |
(8)
File Name | 224b25ffd285d501050213d3fccd62b127a072d02fac6a240edf2017784caf8a |
Created process | 224b25ffd285d501050213d3fccd62b127a072d02fac6a240edf2017784caf8a |
Connected (Ip/Dns) | 162[.]0[.]223[.]226 |
MD5 | 6b80d906346c210077a6d13ca8df16f1 |
SHA256 | 224b25ffd285d501050213d3fccd62b127a072d02fac6a240edf2017784caf8a |
Family | Nanocore |
(9)
File Name | fe6a49ac3815c4b198125bcbe392f50077cce19e161e2455b57258eb5166ae52 |
Created process | fe6a49ac3815c4b198125bcbe392f50077cce19e161e2455b57258eb5166ae52.exe |
Connected (Ip/Dns) | http[:]//91[.]219[.]236[.]49/l/f/I5tetXwB3dP17Spz0ktD/829d3e7518e156cdcf02ca309acafec393927294 |
MD5 | 40fb0797cd98e370396064cf3ac547bd |
SHA256 | fe6a49ac3815c4b198125bcbe392f50077cce19e161e2455b57258eb5166ae52 |
Family | Raccoon |
(10)
File Name | VirusShare_d4af887f7fb93b4ef57211cb95a074c3 |
Created process | VirusShare_d4af887f7fb93b4ef57211cb95a074c3.exe |
Connected (Ip/Dns) | http[:]//77yxx[.]com/b5rh/bZxS/ |
MD5 | d4af887f7fb93b4ef57211cb95a074c3 |
SHA256 | 0424e4caf10c9b8b80f3114816b85e8268b9a288eb368e1ce66e6ab8e5b73b75 |
Family | Emotet |
(11)
File Name | ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150.exe |
Created process | ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150.exe |
Connected (Ip/Dns) | 23[.]229[.]29[.]48 |
MD5 | 90a89fc585f1c79b2629c9dd8520ddb9 |
SHA256 | ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150 |
Family | Danabot |
(12)
File Name | 0722_3614470461.xls |
Created process | 0722_3614470461.exe |
Connected (Ip/Dns) | http[:]//tholeferli[.]com/8/forum[.]php |
MD5 | e034a9922b81fc32fdfb65eecec94007 |
SHA256 | f43aab9043c531a3311cbcc911d5093e1dbc1f8ba82eb94e5f85f2570aa26319 |
Family | Hancitor |
Article Link: IOCs 25_10_2021