ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain wizzy.hopto.org.
Database Entry
| IOC ID: | 841537 |
|---|---|
| IOC: | wizzy.hopto.org |
| IOC Type : | domain |
| Threat Type : | botnet_cc |
| Malware: | AsyncRAT |
| Confidence Level : | Confidence level is high (100%) |
| First seen: | 2022-08-05 19:43:08 UTC |
| Last seen: | never |
| UUID: | d5238dd0-14f6-11ed-a58b-42010aa4000a |
| Reporter | @AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | asyncrat |
| Reference: | https://tria.ge/220805-w57pxsgae2 |
@AndreGironda
MITRE T1566.001Date: 03 Aug 2022 09:00-09:30 -0700
Received: from upozflbj.htmbusiness.com (185.246.220.223)
From: Hendrik Soots <roo.ben@htmbusiness.com>
Subject: RE: Bank Swift Copy
Message-ID: <20220803092542.79BADD72F638E505@htmbusiness.com>
MIME-Version: 1.0
List-Unsubscribe: <Hendrik Soots <roo.ben@htmbusiness.com>>
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_65425950.4DE14FF1"
Attachment Name: swift.rar
Rarfile SHA256: 1c59677374c1078a58ec9cd918205e4bccf99590801395884ede34ad689035f7
Uncompresed Executable Name: swift.bat
Executable SHA256: bec81f4fb67dd7b6a40d9b57e4687b214f3a3acad659081ec5cbf842e07b6077
Stage 1 URL: hXXps://pastebin[.]com/raw/fJsECC9f
PowerShell SHA256: 8b756b3bcf48a91e1b8c206fd62dc46133e6016a8518ed998ee1dd1f40994162
Stage 2 URL: hXXps://transfer[.]sh/DSQ1w1/test.mp4
Executable SHA256: 8c1312b69f361f3ce20531d236474d170240f2150132adc6a0dba98a7dfd449b