IPv4:
  176.113.115.224
  176.113.115.232
  176.113.115.227
  176.113.115.229
  176.113.115.226
  119.0.0.0


Domains:
  cutt.ly
  Netovrema.pw
  Reflection.Assembly
  politefrightenpowoa.pw
  opposesicknessopw.pw
  chincenterblandwka.pw
Sub Domains:
  System.Reflection.Assembly
URLs:
  https://github.com/John1323456/New/raw/main/Installer-Install-2023_v0y.6.6.exe.
  http://cutt.ly/lwD7B7lp.
sha256:
  483672a00ea676236ea423c91d576542dc572be864a4162df031faf35897a532
  48cbeb1b1ca0a7b3a9f6ac56273fbaf85e78c534e26fb2bca1152ecd7542af54
  7603c6dd9edca615d6dc3599970c203555b57e2cab208d87545188b57aa2c6b1
  01a23f8f59455eb97f55086c21be934e6e5db07e64acb6e63c8d358b763dab4f
File Names:
  VBoxSF.sys
  SbieDll.dll
  Installer-Install-2023_v0y.6.6.exe
  vmmouse.sys
  vboxogl.dll
  VBoxGuest.sys
  VBoxVideo.sys
  cmdvrt64.dll
  balloon.sys
  vioser.sys
  VBoxMouse.sys
  installer_Full_Version_V.1f2.zip
  cuckoomon.dll
  netkvm.sys
  Agacantwhitey.dll
  SxIn.dll
  viofs.sys

The malware described in this report are detected and blocked by FortiGuard Antivirus as:

W32/Stealer.QLD!tr
MSIL/Agent.WML!tr
MSIL/Kryptik.BJF!tr
LNK/Agent.WML!tr