ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain cansugperpetu.com.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-02-03 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 839742 |
|---|---|
| IOC: | cansugperpetu.com |
| IOC Type : | domain |
| Threat Type : | botnet_cc |
| Malware: | IcedID Downloader |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| First seen: | 2022-07-26 21:39:40 UTC |
| Last seen: | 2023-09-29 09:39:25 UTC |
| UUID: | 749cc5dd-0d2b-11ed-9b1c-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | bokbot IcedID |
| Reference: | https://tria.ge/220726-z39naahfg9 |
AndreGironda
MITRE T1566.001Date: Tue, 26 Jul 2022 00:00-03:00 -0700
Received: from time-clocks.net (91.107.126.123)
Content-Type: multipart/mixed; boundary="===============2639490787590481451=="
MIME-Version: 1.0
Message-ID: <165881987209.20100.9625581085229837237@nwexpl.com>
In-Reply-To: <A5E61C5D4D457C41AA759779FCB68B7D1D55CD52@<victim>
References: <A5E61C5D4D457C41AA759779FCB68B7D1D55CD52@<victim>
From: billing@time-clocks.net (billing@time-clocks.net) <billing@time-clocks.net>
Subject: <thread hijacking>
Return-Path: billing@time-clocks.net
Attachment Name: document_89_invoice-07-26-22.zip
Zipfile SHA256: 0ab2a25be42d1ac97afc666461733e1b018044698adc06cd412c843449553123
Password -- 26711
Unzipped ISO-9660 Image Name: document_89_invoice-07-26-22.iso
ISO SHA256: 888a2c3514853ab283ebff4bd1df65fcab1aa8cce8ed7c0d6b26ad7c7827f6f0
LNK Name: documents.lnk
LNK SHA256: 277bf7068e935309889e55731956ad42a1f70896de53f1fdfd07cdd6115f4719
BAT Name: doc_07-26.bat
BAT SHA256: 2ea318ea469372b0e137f2a28291224cfbb056f102a9859215fc5481e18f8e07
IcedID_Downloader Name: h1imal.dll
IcedID_Downloader SHA256: f3a554330a7ca966b101c16a602f835eb2c0b1859a8ea92b7771d9739ec59be6
.bat Execution --
@start RunDll32 h1imal.dll, PluginInit
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2022-07-27 07:00:45 | f3a554330a7ca966b101c16a602f835eb2c0b1859a8ea92b7771d9739ec59be6 |