| 1636 |
2020-09-04 11:16
|
13797650_305717.doc 57df07cf0f8007d537a4fee9359e62a3
VirusTotal Malware Creates shortcut Creates executable files unpack itself |
|
|
|
|
3.6 |
M |
44 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1637 |
2020-09-04 16:27
|
ARC 2020_09_04 Q896654.doc 640ac8879c4e61795f339ad23ffd6ab6
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
4
http://sitecgps.com/cgi-sys/suspendedpage.cgi
http://185.215.227.107:443/ntw9Wap3ho8s6/YePl/JCRodIaz/WPtnIwjWaopfPUA/
http://andrescardozo.com/programas/k/
http://sitecgps.com/assets/hj8/
|
3
185.215.227.107
204.93.167.49
65.99.205.177
|
|
|
4.0 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1638 |
2020-09-04 16:43
|
w3CSnKac.exe 7505a7b885f2511abf8580fd5adcf6eb
VirusTotal Malware PDB RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://185.215.227.107:443/OTOWs2uX9/08D4L5C/u1VKW1lFtEY3YhX69/pLYiCbYg/
|
1
|
|
|
4.6 |
M |
6 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1639 |
2020-09-05 18:28
|
aeLLDK7W7Ip.exe 421de869d04387715f192562625e1e51
VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://50.121.220.50/199Cmp0b1h8/ThH3/MFb53m9Fe88wqb/4i4wXiS/njEXVSET9/VE86l2fM6Y9/
|
1
|
|
|
6.2 |
|
45 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1640 |
2020-09-06 16:11
|
FILE_YF0Y95G0ZEYSREVF.doc cfec52b8d80989c23a30a60b68b5dd45
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
3
http://85.214.28.226:8080/w8D0kPxwbOi/gpNn9LojoH0sP0n1/mmsPqbT45/JUZxFkcLnxWh/
http://moasocialcoop.com/wp-includes/u1weym/
http://142.44.137.67:443/DxdpCRy/asFX/
|
4
112.175.184.95
142.44.137.67
192.158.216.73
85.214.28.226
|
|
|
5.4 |
|
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1641 |
2020-09-06 16:15
|
MsAulis.msi 0a23faaf405c629e9202cbc90611b576
VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check ComputerName DNS |
19
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSYagvY3tfizDNoybzVSPFZmSEm0wQUe2jOKarAF75JeuHlP9an90WPNTICEAaup2usRqnoz%2BbSnkWq8DM%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
http://go.microsoft.com/fwlink/?LinkId=863262
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
http://vdsappauthservice.net/taskshandlers/DBhandle/primary_main.php
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEArLKLpGXuU5CHZ0cPPNxhI%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAhdVzcVDf62qbKvihXxmKE%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAswd91agjdOkRDgp23ldbI%3D
https://download.microsoft.com/download/0/5/C/05C1EC0E-D5EE-463B-BFE3-9311376A6809/NDP472-KB4054531-Web.exe
|
9
142.44.137.67
104.75.8.97
117.18.237.29
121.254.136.16
13.225.125.106
13.225.125.107
23.53.224.34
8.246.130.254
94.156.175.61
|
|
|
5.2 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1642 |
2020-09-06 16:39
|
k18.exe c11a421caaff63a52120eccb8c95dcb0
VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://185.215.227.107:443/tHCO/oJOXjRn/ncMJpho/
|
1
|
|
|
5.2 |
|
24 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1643 |
2020-09-06 16:47
|
EEH9D9A0Z9FLPGXD.doc cfec52b8d80989c23a30a60b68b5dd45
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
3
http://142.44.137.67:443/Z34OgZ/YtNcfx4Lh/nm0hCG8694cCaY/MTb34cdz5QN/BUXs28fHdm/
http://moasocialcoop.com/wp-includes/u1weym/
http://85.214.28.226:8080/NGLF2G5CnLXSnRBn/JntafcK3/iKvfN9LU3/OYdIYL8pVnuw/Og4TqK9Ia/
|
4
112.175.184.95
142.44.137.67
192.158.216.73
85.214.28.226
|
|
|
5.4 |
|
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1644 |
2020-09-06 16:57
|
UNTITLED-20200905-L15317.doc e8c455b9d0a528d8e47a5fa5c949e368
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
2
http://185.215.227.107:443/jqabzZ/KUHObKdvDEZJsQ/t9cqG3A5u/
http://xn--ruqumz1h0h.com/wp-content/zj/
|
2
159.138.11.3
185.215.227.107
|
|
|
4.2 |
|
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1645 |
2020-09-06 17:03
|
ET6099512779FH.doc cfec52b8d80989c23a30a60b68b5dd45
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
3
http://142.44.137.67:443/2pnfm8N84RhZMkj/6kvC5omyHBamO1RA/o2OLUOHipJi/ooq1h5i/
http://85.214.28.226:8080/KHTE9uRNSMYEf/37iHwWO1vvZmHdoK/Vkaig1sAPoH/LpQ1pXT50mcsutl/
http://moasocialcoop.com/wp-includes/u1weym/
|
4
112.175.184.95
142.44.137.67
192.158.216.73
85.214.28.226
|
|
|
5.4 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1646 |
2020-09-06 18:31
|
FW4616202003GQ.doc cfec52b8d80989c23a30a60b68b5dd45
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
3
http://142.44.137.67:443/XcfM/TC1uwTEyrQwi3Ef/3AbwZf76UPkG2TN8Y/
http://85.214.28.226:8080/gWzOKxGEDSqsS3Gy/
http://moasocialcoop.com/wp-includes/u1weym/
|
4
112.175.184.95
142.44.137.67
192.158.216.73
85.214.28.226
|
|
|
5.4 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1647 |
2020-09-06 18:36
|
Gjd1Or4Q.exe 439ac48a3e169714de266e3503d57e7c
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName Remote Code Execution DNS Cryptographic key |
4
http://162.241.242.173:8080/zzD5qcu89zg/19SOLR/
http://85.214.28.226:8080/tsnF/
http://62.30.7.67:443/qqEs/
http://142.44.137.67:443/pAEtP4/2jDsFz/hW9F4fEenoOh/H5q1lMze5nz/Ud5nCgrc/
|
10
142.44.137.67
162.241.242.173
169.239.182.217
192.158.216.73
216.208.76.186
62.30.7.67
74.120.55.163
78.24.219.147
85.152.162.105
85.214.28.226
|
|
|
9.0 |
|
24 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1648 |
2020-09-06 18:44
|
Rep 20200906 HR42342.doc e8c455b9d0a528d8e47a5fa5c949e368
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
2
http://185.215.227.107:443/V9tVNKspZpz/8rVmtUl8hFpJMy/tTUpHt/JchBtaD/yglh/EX9xMTvp/
http://xn--ruqumz1h0h.com/wp-content/zj/
|
2
159.138.11.3
185.215.227.107
|
|
|
4.2 |
M |
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1649 |
2020-09-06 19:27
|
49506127272955206113.doc cfec52b8d80989c23a30a60b68b5dd45
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
3
http://85.214.28.226:8080/3teekZUfXl4/YDae7CGNIF3MYals/lbUHv9RRQ/0GfHPY6x2wgP/
http://142.44.137.67:443/aWx5aW7/GCsg/
http://moasocialcoop.com/wp-includes/u1weym/
|
4
112.175.184.95
142.44.137.67
192.158.216.73
85.214.28.226
|
|
|
5.4 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1650 |
2020-09-06 19:39
|
fdz05Ki510949321.exe efb7e9c3a0640199dfeabbec4ddaf49a
VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://51.254.140.91:7080/AUfZjXoivmNtZvf8/kAlhyxZyTfpj/NKNH2PdUPOBx6a/RgRKDxvwFRtJ0jP0Nb/RMjvR8UWka/
|
2
|
|
|
6.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|