ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain wizzy.hopto.org.

Database Entry


IOC ID:841537
IOC: wizzy.hopto.org
IOC Type :domain
Threat Type :botnet_cc
Malware: AsyncRAT
Confidence Level : Confidence level is high (100%)
First seen:2022-08-05 19:43:08 UTC
Last seen:never
UUID:d5238dd0-14f6-11ed-a58b-42010aa4000a
Reporter @AndreGironda
Reward 5 credits from ThreatFox
Tags:asyncrat
Reference: https://tria.ge/220805-w57pxsgae2

Twitter
@AndreGironda
MITRE T1566.001
Date: 03 Aug 2022 09:00-09:30 -0700
Received: from upozflbj.htmbusiness.com (185.246.220.223)
From: Hendrik Soots <roo.ben@htmbusiness.com>
Subject: RE: Bank Swift Copy
Message-ID: <20220803092542.79BADD72F638E505@htmbusiness.com>
MIME-Version: 1.0
List-Unsubscribe: <Hendrik Soots <roo.ben@htmbusiness.com>>
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_65425950.4DE14FF1"
Attachment Name: swift.rar
Rarfile SHA256: 1c59677374c1078a58ec9cd918205e4bccf99590801395884ede34ad689035f7
Uncompresed Executable Name: swift.bat
Executable SHA256: bec81f4fb67dd7b6a40d9b57e4687b214f3a3acad659081ec5cbf842e07b6077
Stage 1 URL: hXXps://pastebin[.]com/raw/fJsECC9f
PowerShell SHA256: 8b756b3bcf48a91e1b8c206fd62dc46133e6016a8518ed998ee1dd1f40994162
Stage 2 URL: hXXps://transfer[.]sh/DSQ1w1/test.mp4
Executable SHA256: 8c1312b69f361f3ce20531d236474d170240f2150132adc6a0dba98a7dfd449b