2086 |
2020-10-15 08:22
|
http://facanha.com.br/wp-admin... 4bfaf3190e6038fd8d3810c5de9c8b0c VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://125.200.20.233/kPXWeX/e5Eur8/UMl315oag1m/jBOvRokBc6dto/goOtUhjzy99zd1Zy/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://facanha.com.br/wp-admin/Nwi134V/
|
3
117.18.232.200 125.200.20.233 191.6.208.15
|
3
ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
11.6 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2087 |
2020-10-15 09:25
|
UGjwUexoviq4.exe 8bea58197754428e72b9caef3bc9bdfa VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://47.36.140.164/2ojSBPXQGKZLA/1lkPP4am7/wlQ5uo/6PYUPzeM0DmgM8D/
|
1
|
|
|
6.2 |
|
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2088 |
2020-10-15 09:25
|
f402wq.jpg.exe 464bfa11ccd1c079b00b308dd8423254 VirusTotal Malware unpack itself crashed |
|
|
|
|
2.6 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2089 |
2020-10-15 09:25
|
usbviewer.exe bc89ccd9f7b8c62579d6f66b8d19e0a6 VirusTotal Malware suspicious privilege Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
5.4 |
M |
58 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2090 |
2020-10-15 10:13
|
yxpysrf.exe 0653740a7dbbc6e8bcc2bfe650f328db VirusTotal Malware Check memory Checks debugger unpack itself AppData folder malicious URLs |
|
|
|
|
2.6 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2091 |
2020-10-15 10:13
|
bag.exe dd5d50506fd70f80667f33296d7f45d4 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger WMI unpack itself Check virtual network interfaces malicious URLs Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
1
http://checkip.dyndns.org/
|
2
131.186.113.70 192.185.100.181
|
5
SURICATA Applayer Detect protocol only one direction ET INFO DYNAMIC_DNS Query to *.dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.8 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2092 |
2020-10-15 10:13
|
wvfx9h82.jpg.exe 464bfa11ccd1c079b00b308dd8423254 VirusTotal Malware unpack itself crashed |
|
|
|
|
2.6 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2093 |
2020-10-15 14:26
|
L_35671667072801532865268.doc c641df2d18593f8b7de8c3c7b7bb49c1 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
4
http://47.36.140.164/QsTkfk3uQJ2FYi65Swc/Is85peWzcav2Xyr/ http://savetheboom.com/admin_access/xht/ https://popcornv.com/wp-includes/KHKX/ https://dusitserve.com/gethits/o3A/
|
5
103.29.215.207 104.18.61.239 119.59.125.211 205.186.175.166 47.36.140.164
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic
|
|
5.2 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2094 |
2020-10-15 14:43
|
INV_66379641.doc 6062a8c1e11a6ff0cfb7e0f28f464231 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://streammusicgroup.com/wp-content/fJiXl/ http://47.36.140.164/lZGlyOPP/TLyqm3j/0uthgm/MLH3ycMy/pUOHCTpYzSQj/
|
2
47.36.140.164 68.66.197.96
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
|
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2095 |
2020-10-15 14:43
|
Unicorn net.exe 5d0904228cc50d50cb6739a8e9e20e5a VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs ComputerName crashed |
|
|
|
|
4.8 |
M |
40 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2096 |
2020-10-15 14:45
|
hwid.exe 90f7adfb6c4dcf3b67928bdde6584d83 VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName crashed |
|
|
|
|
3.0 |
M |
33 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2097 |
2020-10-15 18:29
|
image.png.exe 5da34744ebd9ca37cf26af4cd879dd49 Creates executable files unpack itself malicious URLs |
|
|
|
|
2.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2098 |
2020-10-15 18:29
|
OsM6PTJoLmbhKrY.exe a9c8f8c5b9b996e6591defc49be5a2b0 RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://188.166.220.180:7080/bNjmZqMTtcMn/
|
3
125.200.20.233 188.166.220.180 93.186.197.189
|
|
|
6.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2099 |
2020-10-15 18:34
|
https://marcussoil.com/MdF3y0f... b5daea22056dbf2a79b2249c70c5e441 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 199.188.200.254
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2100 |
2020-10-15 18:40
|
https://poptateseatery.com/pic... 41e710898f863e44ab67eea0aa981289 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 85.187.128.10
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|