1861 |
2020-09-23 17:26
|
0Vunqr8xOSSvsmP.exe 603539300b8fc6fbb239e86da7853ebc Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key crashed |
|
|
|
|
12.8 |
|
53 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1862 |
2020-09-24 08:11
|
http://srksmaisw.org/manufactu... e09eef5b5566f81b46ac3ac201d6b794 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
4
http://srksmaisw.org/cdn-cgi/images/icon-exclamation.png?1376755637 http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://srksmaisw.org/manufacturer/h/ http://srksmaisw.org/cdn-cgi/styles/cf.errors.css
|
2
104.24.114.68 117.18.232.200
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1863 |
2020-09-24 08:15
|
http://41.89.94.30/web/8/ 9342c8a60e85c46c6f1e1412ac5d4341 VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://12.163.208.58/j1ntFjzr/606KrLovsGscheUeaA/j5FefiCB/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://41.89.94.30/web/8/
|
3
117.18.232.200 12.163.208.58 41.89.94.30
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP
|
|
11.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1864 |
2020-09-24 09:04
|
40937_20200924_I3080.doc 643ccbc293e02d5161b7dcf15fb7c435 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://magnusdc.com/MR/ http://12.163.208.58/poBMU3/mbnjTGUAvy5UwdQrFs/m4Q7/m95vfD7djTSkdf60p/dpz6XyGcSWC/
|
2
12.163.208.58 138.201.86.169
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.0 |
|
18 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1865 |
2020-09-24 09:05
|
sTX1I.exe 1c530fb9a3106294e8763b5d79a7af8c VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://49.243.9.118/gdvIesIFCTNok/N9VF/ahxWvUsxI/2ofg6Fp7/0MuIoJnLAva39As/LLlpepEcV7NTo/
|
1
|
|
|
6.8 |
|
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1866 |
2020-09-24 09:28
|
vbc.exe e42420ac8c28ac33b082031ca1e06c68 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName |
|
|
|
|
7.4 |
|
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1867 |
2020-09-24 09:29
|
svchost.exe ecd385134aad9c9e80c2bce77c9c25f6 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
|
|
|
13.0 |
|
21 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1868 |
2020-09-24 09:50
|
UpdyyWH55.exe 53af5a617b288d7de28912fb8825a0dc VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://12.163.208.58/imRF5QG/Z2ACeRo8sr/BJYuMps/OlsZZfJ/
|
1
|
|
|
6.4 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1869 |
2020-09-24 09:52
|
vbc.exe e42420ac8c28ac33b082031ca1e06c68 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName |
|
|
|
|
7.8 |
M |
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1870 |
2020-09-24 09:53
|
8888888.png.exe c3d13518fee1a4a9755f4610dad0155d AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName crashed |
|
|
|
|
8.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1871 |
2020-09-24 09:57
|
Iid.exe bb9700cdcbb715fd22b113c4be78890b VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName DNS Cryptographic key |
2
http://77.74.78.80:443/3nLb5H6n5Ux499/ZBefQKL1DrCCN/iInlctpe/pYB4v5fF7I2PE/AInJbCSZMGU5yeP90Rj/ http://105.209.235.113:8080/gfLfAHHMKfby5N/
|
6
105.209.235.113 118.110.236.121 149.202.5.139 153.92.4.96 51.75.163.68 77.74.78.80
|
7
ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 1 ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 19 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET CNC Feodo Tracker Reported CnC Server group 22 ET POLICY HTTP traffic on port 443 (POST)
|
|
7.4 |
|
56 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1872 |
2020-09-24 10:12
|
914WYW Q41046.doc 5ca7b59650dc12663141a117dbfd01c2 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/HFKUNB4U8L3cb/J1JTLJE3Rp0hdQapp7X/RrfMD0mquQk3/05Nk6kB8kheLUjoe/ http://magnusdc.com/MR/
|
2
12.163.208.58 138.201.86.169
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.0 |
|
18 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1873 |
2020-09-24 10:13
|
SCAN.exe fadf68763da300c57f81f7b7bc1f193e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
7.0 |
|
51 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1874 |
2020-09-24 10:14
|
document_v_200.doc 88203e59a10a8fc1db4d317a48542833 VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader |
1
http://domainsecuritycheckingforcloudfilesharei.duckdns.org/wd/vbc.exe
|
1
|
5
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
|
|
4.8 |
M |
21 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1875 |
2020-09-24 10:16
|
lagguyx.exe 250628e97d9c883b77ff9ef0b1b7c571 VirusTotal Malware Code Injection buffers extracted unpack itself malicious URLs sandbox evasion crashed |
|
|
|
|
6.4 |
|
57 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|