Scribd Logo
Upload

Welcome to Scribd!

  • TI Alert - Multiple Malicious Loaders - Malware - 2024-7-1 - 69355

    Uploaded by

    shahzad.ali237858
    0 views5 pages

    Original Title

    TI Alert - Multiple Malicious Loaders_ Malware - 2024-7-1 - 69355

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    0 views5 pages

    TI Alert - Multiple Malicious Loaders - Malware - 2024-7-1 - 69355

    Uploaded by

    shahzad.ali237858

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 5

    Multiple Malicious Loaders: Malware

    The Threat Actors Phishing Campaign


    Distributed Using A ’Cluster Bomb’
    Technique Where Each Sample
    Contains Multiple Stages Of Nested
    Executable Files & Containing
    Additional Malware Payload
    Threat Intelligence Alert

    Amadey and SmokeLoader are loaders, and Redline, RisePro, and Mystic Stealer are among the
    stealers in the spread virus. Hundreds of thousands of malware samples have been seen being
    distributed over the course of several months by a threat actor known as Unfurling Hemlock. With each
    sample comprising many layers of nested executable files, each containing further malware payloads,
    the virus is transmitted using a "cluster bomb" strategy. The campaign appears to have financial
    motivations and targets victims worldwide without focusing on any one business. Based on linguistic
    artifacts and hosting infrastructure, the actor is thought to be Eastern European.

    Privilege Escalation
    Remote Code Execution
    Information Theft
    Financial Theft
    Spear Phishing
    Command And Control Vulnerable System

    Microsoft Windows

    SHA256 :

    229e859dda6cc0bc99a395824f4524693bdd0292b4b9c55d06b4fa38279b3ea2
    37b9e74da5fe5e27aaedc25e4aac7678553b6d7d89ec4d99e8b9d0627dcbdc12
    0c48529d2979698341e89d6ea5f7e9211fa277e40d3f6a55a8996135944ebdad
    0ef7459cebfe9bd9102c5eccc16eedddec5931e69bf705aa44aa3c7af584f209
    1f224093b9557dd73caaf1c6a823028c286ddd3414bceb0860e0fe084fb8c2ab
    301a1c9f4e82fc8f57577ea399a2591557ff57d337472c3f8482a89c5b4105d5
    35c55b402e770e25adf57ffbd408a428af9ce21a735474b5d94ccdd4123e68f8
    5697652d0fd5b4a05ac00f6ec028fd3dc3e34ed7b112c4b8c6048eae72a8d326
    65923603a6f117c7460b8cc69009105208bdfa544b90446580915db8fe127ae8
    7d18c67c13ec919f3950092319d11eda129c8498e171612e681eebf1c977493d
    7f101603fbb2821504cf2c71fca0450689dfcd6d1f36e57e27f0392be0f2d1dd
    80df101f1f93fa53b3dcbc315d3ec5d8c8330c08b5622ac3207f746d016b66dc
    8fe4d34a6a245c5acd3d1741213c1dd195468089b1a3fe80adfa6d8d8c94f2d8
    94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647
    be25926929b1aae0257d7f7614dd5ad637b8fd8e139c68f4d717e3dc9913e3cf
    da4f614c983fa226d813de390937389ae4d1e043dd86524aa7a5246fd587826b
    Threat Intelligence Alert

    edfb4374d5c586f0690c95ff8cacb36bda6fb4743f20dda5e6f17e7e241edd47
    fd7a9b8e52e2fbcb090d5f5046a73d6e42b421abf063083210889f3fcb47dee0

    SHA1 :

    3c6c976ebb645334274ac4878870e9f47c1e8d3e
    b9d8df3d220a3989df7690470c38c31d855adbb4
    6b2c3f93d5fb83bc3cc1c258fb3d27117c26e250
    14031a40973ef9851a9e6dd2d1843b00247c32f0
    b0385b0c16ae475eb0b3b6d62fe4971f694f22b4
    e9ad4b557370fc95380781ed9964598460e812d6
    e04fea9ed997d9ad2d73dd8ca661625d7292eb98
    76ea9345056f188c04aa580680c70fbacaa89827
    fd17ee3d3a0ac2e7505d3be02523846b657797c0
    d1e9d6adbf6689a48fff89d11d1abaf9a3f4f3cb
    bfae6f5d06969d73de02b977bc233c98921eeeb1
    f38062b8ff4f5855e8e6f6dfea2366250cd4dec2
    9ed340c0aba6cf5ca22cb12e5742c2b74dd36e2f
    05a6cb77200d23c45296b4af0d88006adf9b77be
    0a79e13b2b2be9fc02dd9b6f2d978291f2f5b460
    418952436399c150893cbbbae478c86d76efb927
    8782fbbd4ba7ce3f508c095c2291f739d18b752c
    a5b643c40c28643e73aac6cc11ba62d10eac803e
    Threat Intelligence Alert

    MD5 :

    5fab57c66c9eb178bfd7266df702d29d
    1e69d806d20ef1dcca8f83862c04ef74
    dbe718ef607358c36036fbcb8654616e
    8e05c72da260ffa2255ca5b309377959
    55e4afca8b6e5d1c28d5742cb1a924ab
    3aaf8a04b1b15765fcc77cf715e293df
    d5e9742ea32944bf7b147fe8bf9a8054
    5e578724796bc98207af6545c4a59f41
    c2b301177da3c4cffb319dc3f9e3ff0c
    4032d3d8736e56282ef9b43ad3b38ac1
    762ce72eed847280113ec690c9992970
    92a12208e222594568bc70957c1b9261
    55888074dae709dfee918f06d8f38b44
    06a6db9acf05fbb473df1c207a7c4124
    137ff57edea11ba30b2f830b796f22dd
    637152846228a9def2594167e0ae0b73
    fdc7e7dbe56849b137c1a72335dd3fc5
    f68b37ca4ff530cd297416d1637c4cb3

    Domains :

    globalsystemperu[.]com
    host-file-host6[.]com
    host-file-host8[.]com

    URLs :

    hxxp://5[.]42[.]92[.]93/39902/from[.]exe
    hxxp://5[.]42[.]92[.]93/i/smo[.]exe
    hxxp://77[.]91[.]124[.]130/gallery/photo_570[.]exe
    hxxp://77[.]91[.]68[.]21/nova/foxi[.]exe
    hxxp://109[.]107[.]182[.]3/love/bongo[.]exe
    hxxp://109[.]107[.]182[.]3/some/love[.]exe
    hxxp://109[.]107[.]182[.]45/red/line[.]exe
    hxxp://185[.]215[.]113[.]68/theme/index[.]php
    hxxp://185[.]46[.]46[.]146/none/vah50[.]exe
    hxxp://193[.]233[.]255[.]73/loghub/master
    hxxp://77[.]91[.]124[.]1/theme/index[.]php
    hxxp://77[.]91[.]124[.]20/store/games/index[.]php
    hxxp://77[.]91[.]68[.]29/fks/
    Threat Intelligence Alert

    hxxp://globalsystemperu[.]com/forms/gate4[.]exe

    IPV4 :

    185[.]215[.]113[.]68
    77[.]91[.]124[.]130
    77[.]91[.]68[.]21
    77[.]91[.]68[.]29
    109[.]107[.]182[.]3
    185[.]161[.]248[.]142
    89[.]23[.]100[.]93
    109[.]107[.]182[.]45
    176[.]113[.]115[.]145
    185[.]172[.]128[.]79
    185[.]46[.]46[.]146
    193[.]233[.]132[.]12
    193[.]233[.]255[.]73
    194[.]169[.]175[.]235
    195[.]123[.]218[.]98
    31[.]192[.]237[.]75
    5[.]42[.]92[.]93
    77[.]91[.]124[.]1
    77[.]91[.]124[.]20
    77[.]91[.]124[.]86

    Block all threat indicators at your respective control.


    Search for IOCs in your environment.

    You might also like