2101 |
2020-10-16 07:54
|
http://musc.health/wp-content/... 0b9c2b29a3236158d4f2cc31360d5d6c VirusTotal Malware Report AutoRuns Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://musc.health/wp-content/h/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://192.232.229.54:7080/mBzylAX8bbwyLLU61j/
|
6
107.180.1.11 117.18.232.200 190.96.15.50 192.175.111.214 192.232.229.54 95.85.33.23
|
3
ET CNC Feodo Tracker Reported CnC Server group 12 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
13.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2102 |
2020-10-16 10:02
|
aaa.exe 6f076a92c41e53b1dd2be0c3634f6a76 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName crashed |
|
|
|
|
10.8 |
|
41 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2103 |
2020-10-16 10:04
|
loki.exe 703eb859df4786c7d28b30fc2f3e4880 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed |
1
http://192.210.214.146/webpanel-major/inc/fdf5a7bec7bd14.php http://192.210.214.146/webpanel-major/inc/fdf5a7bec7bd14.php
|
1
|
|
|
10.4 |
|
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2104 |
2020-10-16 10:06
|
bob.exe 3aff71a139f4a5201d81b00a4a1d17c4 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://api.ipify.org/
|
2
184.73.247.141 91.199.212.52
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.6 |
|
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2105 |
2020-10-16 10:07
|
AKUJJ.exe 30321b84684bca606a94a1fc1a7bceb3 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://103.3.63.137:8080/PT0GUQw2D1Phk5H/HK5MUKii5kccOkED2R/
|
2
103.3.63.137 73.100.19.104
|
|
|
7.2 |
|
5 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2106 |
2020-10-16 15:26
|
c5xfte.dll 29b3fb0c606603e980e207f9739eb36b VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
2.8 |
|
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2107 |
2020-10-16 15:49
|
loki.exe 703eb859df4786c7d28b30fc2f3e4880 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed |
1
http://192.210.214.146/webpanel-major/inc/fdf5a7bec7bd14.php http://192.210.214.146/webpanel-major/inc/fdf5a7bec7bd14.php http://192.210.214.146/webpanel-major/inc/fdf5a7bec7bd14.php
|
1
|
|
|
10.4 |
M |
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2108 |
2020-10-16 15:51
|
loki.exe 703eb859df4786c7d28b30fc2f3e4880 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed |
1
http://192.210.214.146/webpanel-major/inc/fdf5a7bec7bd14.php http://192.210.214.146/webpanel-major/inc/fdf5a7bec7bd14.php
|
1
|
|
|
10.4 |
M |
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2109 |
2020-10-16 16:00
|
default.bak 6ba233d220cc58e7b467754039413948 Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName |
|
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2110 |
2020-10-16 16:45
|
AKUJJ.exe 30321b84684bca606a94a1fc1a7bceb3 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://103.3.63.137:8080/Y9AULtdf6YC/e4jU0c/L76aA/xLzWx4zLZVlscyNsg3/9gbS5Nbi/JcABLN53YY2/
|
2
103.3.63.137 73.100.19.104
|
|
|
7.2 |
M |
4 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2111 |
2020-10-16 18:08
|
bBA0mMhqacDQ55b.exe f2769dca375d549623a671049200f07d VirusTotal Malware Report PDB RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://192.232.229.54:7080/DkDLJUxG/
|
4
190.96.15.50 192.175.111.214 192.232.229.54 95.85.33.23
|
1
ET CNC Feodo Tracker Reported CnC Server group 12
|
|
6.8 |
|
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2112 |
2020-10-16 18:49
|
InKY0ujCqKHXZp1.exe 5e5dee7718bb44b682b9b36851ba3292 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software |
1
http://magicview.ga/chang/gate.php http://magicview.ga/chang/gate.php
|
1
|
10
ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
|
13.0 |
|
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2113 |
2020-10-16 19:08
|
Yz3bqgXVP7uzS.exe 681c2d0bf87234946735a09f4e1d9d87 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://184.180.181.202/pQxsxvO6nyo9E/bF0ghBXTc/
|
1
|
|
|
6.4 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2114 |
2020-10-16 19:18
|
MaQ.exe 441ca675e13c108f60770ffae503373a Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://103.3.63.137:8080/7RuS/AuOfPKc/PhFZsQuA0O9Vpx7Ap/
|
2
103.3.63.137 73.100.19.104
|
|
|
6.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2115 |
2020-10-16 19:57
|
http://p4uclasses.com/wp-conte... c50585be1cd654bacfb15679146c7394 VirusTotal Malware Report AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed keylogger |
3
http://192.175.111.214:8080/zTJA9/BLJIIi/WFWLze15XRWKd4YPE5u/EwRx/ http://p4uclasses.com/wp-content/G/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
117.18.232.200 162.241.85.119 190.96.15.50 192.175.111.214
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET CNC Feodo Tracker Reported CnC Server group 12
|
|
13.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|