1651 |
2020-09-06 19:45
|
de.exe b9ba656098c519038798ce1cfa7e63ea VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
24 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1652 |
2020-09-06 19:53
|
IrjNakRhGAot88.exe 2063a87e9cbca2707760f16b4faf6e3b VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://51.254.140.91:7080/UybbxM5rBznaDbpb0S9/bZtMLGrDDZqgpGjW5bT/ONQDzV3qwrt94hgSb/IK188EYGDb1WXNUNi/
|
2
|
|
|
6.2 |
|
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1653 |
2020-09-07 10:20
|
dat 2020_09_05 EZB229168.doc ce2a99caf1fa4bf703644c448c82b81b Vulnerability VirusTotal Malware Malicious Traffic unpack itself Windows Browser DNS |
2
http://xn--ruqumz1h0h.com/wp-content/zj/ http://185.215.227.107:443/Q0dq55jRm0g/LU1DkX/
|
2
159.138.11.3 185.215.227.107
|
5
ET POLICY HTTP traffic on port 443 (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
3.8 |
|
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1654 |
2020-09-07 11:00
|
LIST 20200906 19256.doc e8c455b9d0a528d8e47a5fa5c949e368 Vulnerability VirusTotal Malware Malicious Traffic unpack itself Windows Browser DNS |
2
http://185.215.227.107:443/HwkVMND8gJI/oJevjfWQAVn/7GfhaWp/BGVzwmxgqlMeO/yTBPc7Jg4Evl/nHihWcp5Pqs0Wguiv/ http://xn--ruqumz1h0h.com/wp-content/zj/
|
2
159.138.11.3 185.215.227.107
|
5
ET POLICY HTTP traffic on port 443 (POST) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
|
|
4.2 |
M |
33 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1655 |
2020-09-07 11:09
|
zero.exe 9773d366820d76e6702c6e94492caaa6 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs human activity check Windows DNS Cryptographic key DDNS crashed |
|
1
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
11.8 |
|
12 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1656 |
2020-09-07 11:09
|
UNTITLED-20200905-L15317.doc e8c455b9d0a528d8e47a5fa5c949e368 Vulnerability VirusTotal Malware Malicious Traffic unpack itself Windows Browser DNS |
2
http://185.215.227.107:443/i3T1mDGW9BF/r4YmO8i02zEhQ1oUuM3/hRWP/C1fX68aEqB8un4vj/ http://xn--ruqumz1h0h.com/wp-content/zj/
|
2
159.138.11.3 185.215.227.107
|
5
ET POLICY HTTP traffic on port 443 (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
4.2 |
M |
33 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1657 |
2020-09-07 11:12
|
invoice_124110.doc ea15e84815896ed7180041db61cb48eb Malware download VirusTotal Malware powershell Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed |
1
http://fixedsystemcorruptionswithmostgoodscanfi.duckdns.org/suvchost/svchost.vbs
|
1
|
6
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET MALWARE Windows executable base64 encoded ET HUNTING EXE Base64 Encoded potential malware ET INFO PowerShell NoProfile Command Received In Powershell Stagers ET INFO PowerShell Hidden Window Command Common In Powershell Stagers M2 ET INFO PowerShell DownloadString Command Common In Powershell Stagers
|
|
5.2 |
M |
24 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1658 |
2020-09-07 11:39
|
RQDN6e8PhdV.exe 75a0acb14dfedc69f85a7e7dbb597db2 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://85.214.28.226:8080/Lo1BZ9b3JU/PoXswfegLpRTZkoTTqr/WQuOKr/
|
2
192.158.216.73 85.214.28.226
|
1
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
|
|
7.4 |
|
25 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1659 |
2020-09-07 11:42
|
58506603.doc cfec52b8d80989c23a30a60b68b5dd45 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows Browser DNS |
2
http://moasocialcoop.com/wp-includes/u1weym/ http://85.214.28.226:8080/7cfvyKyv/XvS9jOfRFQz7VQOj8/RvmTIfnzzJfkPqJsGw/sIRQlI/VXDqUlDv/
|
3
112.175.184.95 192.158.216.73 85.214.28.226
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
|
|
6.4 |
M |
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1660 |
2020-09-07 15:41
|
Invoice.exe 01b18c1ec01a1341f043e6bb5fb4b968 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Collect installed applications AppData folder malicious URLs WriteConsoleW installed browsers check Tofsee Windows Browser DNS Software |
2
https://cyberbadger.site/cfg/ https://cyberbadger.site/log/
|
1
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.8 |
M |
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1661 |
2020-09-07 18:13
|
googlemap.exe dc4c40c4319c6503178e071707279c40 VirusTotal Malware Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName crashed |
|
|
|
|
6.8 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1662 |
2020-09-08 09:01
|
racoon.exe 74aa2a6679d3b43a88e01078eab24e1a VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.2 |
|
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1663 |
2020-09-08 10:58
|
cars.gif.exe 8ba63bca1ee0583b8278dbf1eb38b4e4 Remote Code Execution |
|
|
|
|
0.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1664 |
2020-09-08 15:38
|
ssfisjgniwerg.pdf.exe 150f42ff16bd2ae9895532a7be6284a1 VirusTotal Malware Check memory unpack itself malicious URLs crashed |
|
|
|
|
3.2 |
M |
15 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1665 |
2020-09-08 15:39
|
presh.exe e740f5933346e9e3c1cd520dc40d3e39 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
8.0 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|