1636 |
2020-09-04 11:16
|
13797650_305717.doc 57df07cf0f8007d537a4fee9359e62a3 VirusTotal Malware Creates shortcut Creates executable files unpack itself |
|
|
|
|
3.6 |
M |
44 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1637 |
2020-09-04 16:27
|
ARC 2020_09_04 Q896654.doc 640ac8879c4e61795f339ad23ffd6ab6 Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
4
http://sitecgps.com/cgi-sys/suspendedpage.cgi http://185.215.227.107:443/ntw9Wap3ho8s6/YePl/JCRodIaz/WPtnIwjWaopfPUA/ http://andrescardozo.com/programas/k/ http://sitecgps.com/assets/hj8/
|
3
185.215.227.107 204.93.167.49 65.99.205.177
|
|
|
4.0 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1638 |
2020-09-04 16:43
|
w3CSnKac.exe 7505a7b885f2511abf8580fd5adcf6eb VirusTotal Malware PDB RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://185.215.227.107:443/OTOWs2uX9/08D4L5C/u1VKW1lFtEY3YhX69/pLYiCbYg/
|
1
|
|
|
4.6 |
M |
6 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1639 |
2020-09-05 18:28
|
aeLLDK7W7Ip.exe 421de869d04387715f192562625e1e51 VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://50.121.220.50/199Cmp0b1h8/ThH3/MFb53m9Fe88wqb/4i4wXiS/njEXVSET9/VE86l2fM6Y9/
|
1
|
|
|
6.2 |
|
45 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1640 |
2020-09-06 16:11
|
FILE_YF0Y95G0ZEYSREVF.doc cfec52b8d80989c23a30a60b68b5dd45 Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
3
http://85.214.28.226:8080/w8D0kPxwbOi/gpNn9LojoH0sP0n1/mmsPqbT45/JUZxFkcLnxWh/ http://moasocialcoop.com/wp-includes/u1weym/ http://142.44.137.67:443/DxdpCRy/asFX/
|
4
112.175.184.95 142.44.137.67 192.158.216.73 85.214.28.226
|
|
|
5.4 |
|
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1641 |
2020-09-06 16:15
|
MsAulis.msi 0a23faaf405c629e9202cbc90611b576 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check ComputerName DNS |
19
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSYagvY3tfizDNoybzVSPFZmSEm0wQUe2jOKarAF75JeuHlP9an90WPNTICEAaup2usRqnoz%2BbSnkWq8DM%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D http://go.microsoft.com/fwlink/?LinkId=863262 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl http://vdsappauthservice.net/taskshandlers/DBhandle/primary_main.php http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEArLKLpGXuU5CHZ0cPPNxhI%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAhdVzcVDf62qbKvihXxmKE%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAswd91agjdOkRDgp23ldbI%3D https://download.microsoft.com/download/0/5/C/05C1EC0E-D5EE-463B-BFE3-9311376A6809/NDP472-KB4054531-Web.exe
|
9
142.44.137.67 104.75.8.97 117.18.237.29 121.254.136.16 13.225.125.106 13.225.125.107 23.53.224.34 8.246.130.254 94.156.175.61
|
|
|
5.2 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1642 |
2020-09-06 16:39
|
k18.exe c11a421caaff63a52120eccb8c95dcb0 VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://185.215.227.107:443/tHCO/oJOXjRn/ncMJpho/
|
1
|
|
|
5.2 |
|
24 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1643 |
2020-09-06 16:47
|
EEH9D9A0Z9FLPGXD.doc cfec52b8d80989c23a30a60b68b5dd45 Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
3
http://142.44.137.67:443/Z34OgZ/YtNcfx4Lh/nm0hCG8694cCaY/MTb34cdz5QN/BUXs28fHdm/ http://moasocialcoop.com/wp-includes/u1weym/ http://85.214.28.226:8080/NGLF2G5CnLXSnRBn/JntafcK3/iKvfN9LU3/OYdIYL8pVnuw/Og4TqK9Ia/
|
4
112.175.184.95 142.44.137.67 192.158.216.73 85.214.28.226
|
|
|
5.4 |
|
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1644 |
2020-09-06 16:57
|
UNTITLED-20200905-L15317.doc e8c455b9d0a528d8e47a5fa5c949e368 Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
2
http://185.215.227.107:443/jqabzZ/KUHObKdvDEZJsQ/t9cqG3A5u/ http://xn--ruqumz1h0h.com/wp-content/zj/
|
2
159.138.11.3 185.215.227.107
|
|
|
4.2 |
|
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1645 |
2020-09-06 17:03
|
ET6099512779FH.doc cfec52b8d80989c23a30a60b68b5dd45 Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
3
http://142.44.137.67:443/2pnfm8N84RhZMkj/6kvC5omyHBamO1RA/o2OLUOHipJi/ooq1h5i/ http://85.214.28.226:8080/KHTE9uRNSMYEf/37iHwWO1vvZmHdoK/Vkaig1sAPoH/LpQ1pXT50mcsutl/ http://moasocialcoop.com/wp-includes/u1weym/
|
4
112.175.184.95 142.44.137.67 192.158.216.73 85.214.28.226
|
|
|
5.4 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1646 |
2020-09-06 18:31
|
FW4616202003GQ.doc cfec52b8d80989c23a30a60b68b5dd45 Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
3
http://142.44.137.67:443/XcfM/TC1uwTEyrQwi3Ef/3AbwZf76UPkG2TN8Y/ http://85.214.28.226:8080/gWzOKxGEDSqsS3Gy/ http://moasocialcoop.com/wp-includes/u1weym/
|
4
112.175.184.95 142.44.137.67 192.158.216.73 85.214.28.226
|
|
|
5.4 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1647 |
2020-09-06 18:36
|
Gjd1Or4Q.exe 439ac48a3e169714de266e3503d57e7c VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName Remote Code Execution DNS Cryptographic key |
4
http://162.241.242.173:8080/zzD5qcu89zg/19SOLR/ http://85.214.28.226:8080/tsnF/ http://62.30.7.67:443/qqEs/ http://142.44.137.67:443/pAEtP4/2jDsFz/hW9F4fEenoOh/H5q1lMze5nz/Ud5nCgrc/
|
10
142.44.137.67 162.241.242.173 169.239.182.217 192.158.216.73 216.208.76.186 62.30.7.67 74.120.55.163 78.24.219.147 85.152.162.105 85.214.28.226
|
|
|
9.0 |
|
24 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1648 |
2020-09-06 18:44
|
Rep 20200906 HR42342.doc e8c455b9d0a528d8e47a5fa5c949e368 Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
2
http://185.215.227.107:443/V9tVNKspZpz/8rVmtUl8hFpJMy/tTUpHt/JchBtaD/yglh/EX9xMTvp/ http://xn--ruqumz1h0h.com/wp-content/zj/
|
2
159.138.11.3 185.215.227.107
|
|
|
4.2 |
M |
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1649 |
2020-09-06 19:27
|
49506127272955206113.doc cfec52b8d80989c23a30a60b68b5dd45 Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
3
http://85.214.28.226:8080/3teekZUfXl4/YDae7CGNIF3MYals/lbUHv9RRQ/0GfHPY6x2wgP/ http://142.44.137.67:443/aWx5aW7/GCsg/ http://moasocialcoop.com/wp-includes/u1weym/
|
4
112.175.184.95 142.44.137.67 192.158.216.73 85.214.28.226
|
|
|
5.4 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1650 |
2020-09-06 19:39
|
fdz05Ki510949321.exe efb7e9c3a0640199dfeabbec4ddaf49a VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://51.254.140.91:7080/AUfZjXoivmNtZvf8/kAlhyxZyTfpj/NKNH2PdUPOBx6a/RgRKDxvwFRtJ0jP0Nb/RMjvR8UWka/
|
2
|
|
|
6.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|