1726 |
2020-09-15 09:49
|
snIARqs7Vdv.exe 9f2287414784f5d13e35e2f4e84ac965 VirusTotal Malware Report Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://104.32.141.43/WokfYsgTn/6QwmTFsbX6KBM/OjhLMXwjX8OXl/aWMieJjdLS/
|
1
|
1
ET CNC Feodo Tracker Reported CnC Server group 1
|
|
5.6 |
M |
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1727 |
2020-09-15 10:08
|
vbc.exe b409ac3b40d3d2203663c0f5f2c58ccf Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key crashed |
|
|
|
|
13.2 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1728 |
2020-09-15 10:20
|
NebVJPzJCCZJannXGY1k.exe 9f2287414784f5d13e35e2f4e84ac965 VirusTotal Malware Report Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://104.156.59.7:8080/ffhNtnnimWP/Fo00sAUFztuXLIB/jizj6LoMzGt/xYfIQ1JYKUFH3MktuW/06KfKJ7m7fKlYW6wnc/EzF0vHRc7IEntSfTh8u/
|
2
104.156.59.7 104.32.141.43
|
1
ET CNC Feodo Tracker Reported CnC Server group 1
|
|
6.6 |
M |
8 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1729 |
2020-09-15 10:28
|
Wy9JDENBGQaD32Hbji.exe d808c29b4242eeba4f67f31a0669ddc5 VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://45.79.16.230:7080/Iub962m6DrgcnW/zY9rd2Y/2MuZjbNx/
|
2
220.147.247.145 45.79.16.230
|
|
|
5.6 |
M |
6 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1730 |
2020-09-15 10:48
|
uzo.exe 7236b609fe63f7e878c033acc2e3786d VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key |
1
http://www.crew33.com/bnc/?Ev1=DpOFDhDAhj+oHa6aSz2tNROEMhozvWihimB4M8iJ7pvlgbxPBh+TOnNXo0Lpm5rsfmP3BU5jNYt3K7oB&ejN=xP3DUfwPwr
|
1
|
|
|
9.8 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1731 |
2020-09-15 11:21
|
PO_09152020EX.doc 2cef4a6caec772e2c4c65a500acaa4eb Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself Tofsee DNS |
4
http://www.greaudstudio.com/docs/Z/ http://www.gozowindmill.com/meteo/97/ http://104.156.59.7:8080/HHIV9hxT94ccT/ZgxBhc0802/ https://blog.socialpill.in/jdzetd/fZuInax/
|
6
103.210.237.241 104.156.59.7 104.27.140.48 104.27.148.14 104.32.141.43 157.245.102.121
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 1
|
|
5.4 |
|
23 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1732 |
2020-09-16 07:25
|
http://loungegangnam.com/4W/dz... c5a3073b16a861279469aec6cb9f47f4 VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed keylogger |
3
http://51.38.124.206/ataQiKRdqIhQ/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://loungegangnam.com/4W/dz/
|
4
112.175.184.99 117.18.232.200 155.186.0.121 51.38.124.206
|
2
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
14.0 |
|
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1733 |
2020-09-16 09:10
|
BAL_AT8056288204IY.doc ea10272ff8945d895c22341b89d540e9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
3
http://134.209.36.254:8080/rRaYw7i09AXSlp4V/WPslS/BzyMAuBcgkl6w/ http://104.156.59.7:8080/zWKW0fN42nxyfaauz4F/DBpXlzsBWGUySjej/ https://rubycityvietnam.com/wp-admin/1c0NVtp/
|
6
104.156.59.7 104.238.71.109 129.226.225.102 134.209.36.254 45.252.248.29 75.80.124.4
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
|
15 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1734 |
2020-09-16 09:13
|
555555555.png.exe 7e2e2f8082f61e7707e2f467e1f66d95 AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName crashed |
|
|
|
|
8.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1735 |
2020-09-16 09:36
|
Print_Preview.exe 06f42898d5b2303c0b455d3152ced044 VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Remote Code Execution |
|
|
|
|
3.0 |
|
5 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1736 |
2020-09-16 09:39
|
vbc.exe 84aa72d50e9154b0507298fa900abc4a VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Tor ComputerName crashed |
|
|
|
|
10.6 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1737 |
2020-09-16 15:13
|
invoice_241568.doc 44417608ef46c480abb130decadf70da LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed |
2
http://remzclot.ga/etc/main/l09/ap0s/home.php http://remzclot.ga/etc/main/l09/ap0s/home.php http://coltec.ga/~zadmin/temp/0ap.exe
|
1
|
12
ET INFO DNS Query for Suspicious .ga Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
|
|
4.8 |
|
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1738 |
2020-09-16 15:20
|
http://gooddns.ir/bobbyx/bobby... Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 194.180.224.87
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1739 |
2020-09-16 16:26
|
3MsaSRC.exe ebe09665b995c11759610242a1d45a8e VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://75.80.124.4/QDEh/JPmyzeznc/sMgL/
|
1
|
|
|
6.4 |
|
17 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1740 |
2020-09-16 16:36
|
winlog.exe 61c8ee9e802a17db2db3c18ad499aa7e VirusTotal Malware Check memory Creates executable files AppData folder malicious URLs |
|
|
|
|
2.6 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|