mirror of
https://github.com/avast/ioc
synced 2024-06-16 03:48:39 +00:00
commit
ec345945de
91
MassLogger/README.md
Normal file
91
MassLogger/README.md
Normal file
@ -0,0 +1,91 @@
|
||||
# IoC for MassLogger
|
||||
|
||||
Malware analysis and more technical information at
|
||||
|
||||
|
||||
### Table of Contents
|
||||
* [Samples (SHA-256)](#samples-sha-256)
|
||||
* [Network indicators](#network-indicators)
|
||||
|
||||
|
||||
## Samples (SHA-256)
|
||||
#### MassLogger binary and related files
|
||||
```
|
||||
518ac201abeaba51946729c18b4aa0f1d2b1ec93c5fb212245de658387738b1d
|
||||
245e470d00a4da06a576ddee4bf9c0f03a8bb1084f2059b19c988d8bd7e78b7c
|
||||
16b7b4738aae90442e6d976ca8261e9941c894cb5630c2f474bba4ce0f164bea
|
||||
49b58c17a00fcc1f2f5b54d7ea4a51de450357771cc796b1c0ec2511bfebb234
|
||||
61312b72632f897fb5f36493f1e3696885674ef10cb8343520040194f340a92a
|
||||
898303c2fbab7608e4a85fc9c6f38a75815c9e23bb0980415cc2a7fcff0fbf63
|
||||
478d137f1c915b24c799c9f1c81b4bd9adb423fe57e5c33addd3a6031f87aa47
|
||||
73c8b6f716d0e2a40f8a437ef14b90b160c3ac5da10469db0252075c112d74dd
|
||||
167deeb9c2533a249de5795b2cda3213988a15f0e3adb1eb0ef097a5fedbf70b
|
||||
4fc8063a138a426737f939cc23844df0e3be3c2aaec043a5136bc8cccc065f60
|
||||
c0bc32ac8075ff6d3c44a8579529f8e9363a9d8520db70ff0665ac83e96ca1fa
|
||||
4437b68359985c54b9ca97444f4b3a8db6ac4ca90fa7312305123920e9daac02
|
||||
772532344e2f49bc9e8bfa2c6d61f789617f7ecb01f26aa7ce6d672137718178
|
||||
29afcbe8fc5da49fbce2da538821e1c6a806d6a640d68f995195ea271a5357e8
|
||||
93316169290f31a1aa2ed1613ee44f2e529238ca26600df07a8b0076c38bc146
|
||||
6f026b437efabd6237c2cc0f0ba97efe67fbb3334a35a7c5ef4be4e893d5d110
|
||||
918d6ee42b04f8ff7c952a479ef6c12db6b594cb032cbd2b2cc99538f5eeebb4
|
||||
658553ecc9631400e23f4a3ab88b8dd1f101a1e0d5bb61c434d332878a52c64d
|
||||
bb2b16143b3fbbfa756d74faa9ae92c2c06035a7100a5ed2b44bf6cf3ab9258a
|
||||
7b3491ec6132248cc30c29ee292849c1c2637eb8d52016f9f01d6124c1b9581b
|
||||
c8f402b68c199a7dbc98c47d2bd23085dcdfa5fb4adeb8a43a319ef0dd5044e6
|
||||
56cdab11e53a0e5874133e04e90e5829f9d28a3cfd215a5f9e98c3b146bb3c1a
|
||||
8908918728286712e2f32e8319e75af0341d9c1bebe07ee460362d4752d6f1e8
|
||||
03afa4fdd197b0fb7d20e26343cd6a84f42b2be0e8d9ba060f7f689cb17a8d52
|
||||
982bd53341535ec66cae51fda4631f39ed9ba44947a783b5a2edf66daf28c7b3
|
||||
076aba31de83cc4cf644ca2b577d652aa3ce7ec64b8ea66fdf54a38b21cbf84e
|
||||
a6e82eb37aef00046c58cf6f57e011af918828ab590438ea97dcb1bf6aea6488
|
||||
e32e29a9e0c222af6a2daa4cfc99df98d996f53fdf4f4d451021bb57fec68a83
|
||||
5a53fe3402bdeadc3050347b922358e1bc183210a6e69640e3df91018988274d
|
||||
569b8e82be35754c8d0f183c63f725863e04c7a72cccfb4368fc735c35a35a7b
|
||||
7a8db30a1f86b7d4db0b9e10eea646d254fe9f235881a81f2fc21380f45b3051
|
||||
1ddfb935de736c5e8bd07d909d08cfdf105cf45fbfd46801ff65d9bc0cf51ca7
|
||||
d1bea71bbdcf75f0b5f49cd0c4bca1fd70dc6ef44333e034e015c315ba4b408c
|
||||
c5e4e3626c2df21cb71de5713203c3155481ac3a4e33642466b5c7fc8176bab2
|
||||
972662b8c2761f8557a4db52c4b8cb9c10dd712eb49baa6cb6701c252382465a
|
||||
56358232f7320b3ade07fed642a0520ac19f7d2e6ace6c23e59b10376d63c561
|
||||
2c72055f04248f5cd5a05d4929eabda0934d2575b92149f45001be5ca981584f
|
||||
ef6e8e8d31d3167c9cd5d1b177950992d7cb8f9f3f4a363dd9a2e86d7653fa39
|
||||
e0e6e90b952c07f8b8793b47d13fec103295cc5f299774686c4e09761226640d
|
||||
49b58c17a00fcc1f2f5b54d7ea4a51de450357771cc796b1c0ec2511bfebb234
|
||||
16b7b4738aae90442e6d976ca8261e9941c894cb5630c2f474bba4ce0f164bea
|
||||
3f83c090819bc1dd8a9c1db3588b51ecd839bf0ca85a21f552c4346abe09efdc
|
||||
8546f91fbba81d6557a71098aa0bffe4ff17f85faa0458c45b9ed926eb371568
|
||||
|
||||
```
|
||||
|
||||
## Network indicators
|
||||
#### FTP
|
||||
```
|
||||
fxp://alvorkitecenter[.]com
|
||||
fxp://med-star[.]gr
|
||||
fxp://ftp.ayudasaudiovisuales[.]com
|
||||
fxp://st05[.]net
|
||||
fxp://ecurs[.]ro
|
||||
|
||||
```
|
||||
#### SMTP
|
||||
```
|
||||
pop@bals.gq
|
||||
rakplant@emirates.net.ae
|
||||
adonilifranky@gmail.com
|
||||
rakplant@eim.ae
|
||||
Williamslucy570@gmail.com
|
||||
henryresult@yandex.com
|
||||
info@beljemi.com
|
||||
nwamalog@hisensetech.ml
|
||||
nwama@hisensetech.ml
|
||||
jaleel.rehman@osaimiengineering.com.sa
|
||||
|
||||
```
|
||||
|
||||
#### HTTP
|
||||
```
|
||||
hxxps://bradbo[.]life/mass/?/upload
|
||||
hxxps://www.med-star[.]gr/panel/?/login
|
||||
hxxps://server295[.]web-hosting[.]com
|
||||
|
||||
```
|
50
MassLogger/config.txt
Normal file
50
MassLogger/config.txt
Normal file
@ -0,0 +1,50 @@
|
||||
Key = Twiowpmfocvjjtqxhdefbelqeqdbupee
|
||||
Version = v3.0.7563.31381
|
||||
FtpEnable = true
|
||||
FtpHost = ftp://med-star[.]gr
|
||||
FtpUser = service
|
||||
FtpPass = Aloraboy21!@#
|
||||
FtpPort = 21
|
||||
EmailEnable = false
|
||||
EmailAddress = null
|
||||
EmailSendTo = example@gmail.com
|
||||
EmailPass = null
|
||||
EmailPort = 587
|
||||
EmailSsl = True
|
||||
EmailClient = smtp.gmail.com
|
||||
PanelEnable = false
|
||||
PanelHost = null
|
||||
ExitAfterDelivery = false
|
||||
SelfDestruct = true
|
||||
Mutex = "Oxhfinby"
|
||||
EnableMutex = true
|
||||
EnableAntiSandboxie = false
|
||||
EnableAntiVMware = false
|
||||
EnableAntiDebugger = false
|
||||
EnableWDExclusion = false
|
||||
EnableSearchAndUpload = false
|
||||
EnableKeylogger = false
|
||||
EnableBrowserRecovery = true
|
||||
EnableScreenshot = false
|
||||
EnableForceUac = false
|
||||
EnableBotKiller = false
|
||||
EnableDeleteZoneIdentifier = false
|
||||
EnableMemoryScan = true
|
||||
EnableAntiHoneypot = false
|
||||
EnableOnlySendWhenPassword = true
|
||||
ExectionDelay = 1
|
||||
SendingInterval = 120
|
||||
EnableDownloader = false
|
||||
DownloaderUrl = Geriv
|
||||
DownloaderFilename = Woveswngu
|
||||
DownloaderOnce = false
|
||||
EnableBinder = false
|
||||
BinderBytes = AAAAAAAAAAAAAAAA
|
||||
BinderName = Xiytohnl_Jwddtxb
|
||||
BinderOnce = false
|
||||
EnableInstall = false
|
||||
InstallFolder = %AppData%
|
||||
InstallSecondFolder = Fxoflc
|
||||
InstallFile = Gjvenk
|
||||
SafeThread = new object()
|
||||
IsPass = false
|
Loading…
Reference in New Issue
Block a user