| 1861 |
2020-09-23 17:26
|
0Vunqr8xOSSvsmP.exe 603539300b8fc6fbb239e86da7853ebc
Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key crashed |
|
|
|
|
12.8 |
|
53 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1862 |
2020-09-24 08:11
|
http://srksmaisw.org/manufactu... e09eef5b5566f81b46ac3ac201d6b794
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
4
http://srksmaisw.org/cdn-cgi/images/icon-exclamation.png?1376755637
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://srksmaisw.org/manufacturer/h/
http://srksmaisw.org/cdn-cgi/styles/cf.errors.css
|
2
104.24.114.68
117.18.232.200
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1863 |
2020-09-24 08:15
|
http://41.89.94.30/web/8/ 9342c8a60e85c46c6f1e1412ac5d4341
VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://12.163.208.58/j1ntFjzr/606KrLovsGscheUeaA/j5FefiCB/
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://41.89.94.30/web/8/
|
3
117.18.232.200
12.163.208.58
41.89.94.30
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
|
|
11.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1864 |
2020-09-24 09:04
|
40937_20200924_I3080.doc 643ccbc293e02d5161b7dcf15fb7c435
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://magnusdc.com/MR/
http://12.163.208.58/poBMU3/mbnjTGUAvy5UwdQrFs/m4Q7/m95vfD7djTSkdf60p/dpz6XyGcSWC/
|
2
12.163.208.58
138.201.86.169
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
|
18 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1865 |
2020-09-24 09:05
|
sTX1I.exe 1c530fb9a3106294e8763b5d79a7af8c
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://49.243.9.118/gdvIesIFCTNok/N9VF/ahxWvUsxI/2ofg6Fp7/0MuIoJnLAva39As/LLlpepEcV7NTo/
|
1
|
|
|
6.8 |
|
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1866 |
2020-09-24 09:28
|
vbc.exe e42420ac8c28ac33b082031ca1e06c68
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName |
|
|
|
|
7.4 |
|
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1867 |
2020-09-24 09:29
|
svchost.exe ecd385134aad9c9e80c2bce77c9c25f6
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
|
|
|
13.0 |
|
21 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1868 |
2020-09-24 09:50
|
UpdyyWH55.exe 53af5a617b288d7de28912fb8825a0dc
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://12.163.208.58/imRF5QG/Z2ACeRo8sr/BJYuMps/OlsZZfJ/
|
1
|
|
|
6.4 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1869 |
2020-09-24 09:52
|
vbc.exe e42420ac8c28ac33b082031ca1e06c68
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName |
|
|
|
|
7.8 |
M |
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1870 |
2020-09-24 09:53
|
8888888.png.exe c3d13518fee1a4a9755f4610dad0155d
AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName crashed |
|
|
|
|
8.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1871 |
2020-09-24 09:57
|
Iid.exe bb9700cdcbb715fd22b113c4be78890b
VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName DNS Cryptographic key |
2
http://77.74.78.80:443/3nLb5H6n5Ux499/ZBefQKL1DrCCN/iInlctpe/pYB4v5fF7I2PE/AInJbCSZMGU5yeP90Rj/
http://105.209.235.113:8080/gfLfAHHMKfby5N/
|
6
105.209.235.113
118.110.236.121
149.202.5.139
153.92.4.96
51.75.163.68
77.74.78.80
|
7
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 1
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 19
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET CNC Feodo Tracker Reported CnC Server group 22
ET POLICY HTTP traffic on port 443 (POST)
|
|
7.4 |
|
56 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1872 |
2020-09-24 10:12
|
914WYW Q41046.doc 5ca7b59650dc12663141a117dbfd01c2
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/HFKUNB4U8L3cb/J1JTLJE3Rp0hdQapp7X/RrfMD0mquQk3/05Nk6kB8kheLUjoe/
http://magnusdc.com/MR/
|
2
12.163.208.58
138.201.86.169
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
|
18 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1873 |
2020-09-24 10:13
|
SCAN.exe fadf68763da300c57f81f7b7bc1f193e
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
7.0 |
|
51 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1874 |
2020-09-24 10:14
|
document_v_200.doc 88203e59a10a8fc1db4d317a48542833
VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader |
1
http://domainsecuritycheckingforcloudfilesharei.duckdns.org/wd/vbc.exe
|
1
|
5
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
|
|
4.8 |
M |
21 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1875 |
2020-09-24 10:16
|
lagguyx.exe 250628e97d9c883b77ff9ef0b1b7c571
VirusTotal Malware Code Injection buffers extracted unpack itself malicious URLs sandbox evasion crashed |
|
|
|
|
6.4 |
|
57 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|