2131 |
2020-10-18 15:46
|
gk.exe ee536c45fd3fa66da13cb0b15774bd16 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://221.147.142.214/Qu9JBMsbMPLvwaR/YbO2MuusZrGSf3/AajR7xNy/ts97bsmiMrig/EMcQi/EDMPtpBJCtad/
|
1
|
|
|
6.8 |
|
32 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2132 |
2020-10-19 07:54
|
https://docsecure.top/xls/0056... d694f94ba539e86d95c6a3671dd6b455 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00569905.xls
|
2
117.18.232.200 8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2133 |
2020-10-19 07:59
|
http://flowerdeliverypasadena.... 2bdc8f8afab8ee9ba26576c526d0940b VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://221.147.142.214/5ppQWBDnD6xsz0/bU5WdybLOsx4s9ydOD/yuAatcr03S6XkO/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://flowerdeliverypasadena.com/wp-content/J8tPsVAF4/
|
3
104.247.73.198 117.18.232.200 221.147.142.214
|
3
ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
11.8 |
M |
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2134 |
2020-10-19 09:18
|
REP_20201018_L386.doc 57bf98d84c86b699f5173c9f624ba0ba Vulnerability VirusTotal Malware unpack itself malicious URLs |
|
|
|
|
3.6 |
M |
38 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2135 |
2020-10-19 09:21
|
eh.exe 4d0f2cb16083c2c99e05cdb59f2d3243 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
7.2 |
M |
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2136 |
2020-10-19 09:28
|
https://docsecure.top/xls/0061... 92e79228771983699fc0cfe8dfa7f407 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00613486.xls
|
2
117.18.232.200 8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2137 |
2020-10-19 09:29
|
eh.exe 4d0f2cb16083c2c99e05cdb59f2d3243 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
8.6 |
M |
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2138 |
2020-10-19 10:34
|
Wkhuldcw8s2x4nsXa.exe 684ba2ea81a8e9ab031260cbf0dd5db8 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://2.45.176.233/rPor/kwcwCsOqqnt/haqARQeG/
|
1
|
|
|
6.6 |
|
26 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2139 |
2020-10-19 10:37
|
test2.hta d8c6560478cca57bb84a2c37228c44bf Code Injection RWX flags setting unpack itself Windows utilities Windows |
|
|
|
|
2.2 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2140 |
2020-10-19 10:40
|
http://google.com 7c5b5c860e570c3a102b9ad3b70d5250 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
14
http://ssl.gstatic.com/gb/images/i1_1967ca6a.png http://www.google.com/ http://www.google.com/favicon.ico http://google.com/ http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://id.google.com/verify/AHGvNoz67299XAAw47xz8dx2N0jUdvDfJPI-xpYa0-aMA903QE7EmGdb5HLbauvbTfQrEfQmuaVNT7l8BXkflu72YB62QyZfILm_k1UFFTLGmPcwVzPOMg https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA https://www.google.com/gen_204?atyp=i&zx=1603071496312&ogsr=1&ei=Eu6MX7erObG2mAXImrzYDQ&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1 https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.40L1XIQnUK4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo87VqKnhJy5DXHDJekiAyngLi-Q2w/cb=gapi.loaded_0 https://www.gstatic.com/og/_/ss/k=og.og2.PgfxfGqQF7o.L.I9.O/m=lg/excm=in,fot/d=1/ed=1/ct=zgms/rs=AA2YrTtXOZGBi97nSWVF5_lQHggN-0axqA https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=lat/exm=in,fot,def/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA https://ssl.gstatic.com/gb/images/a/911e3628e6.png https://ssl.gstatic.com/gb/images/p1_e53fc7b4.png
|
6
172.217.163.228 172.217.174.195 172.217.24.78 172.217.25.3 216.58.200.67 216.58.200.78
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2141 |
2020-10-19 10:42
|
http://google.com 5c8e481fca1860d15244132ca413e8ea Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
10
http://ssl.gstatic.com/gb/images/i1_1967ca6a.png http://www.google.com/ http://www.google.com/favicon.ico http://google.com/ http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://id.google.com/verify/AHGvNow70cKTzJ4YAiZ9bQ-bGyUfv6hsoNbwOSaa3e4cSAOdXAQTzx4UfvQpPWuCQmp-bGiRcdgi8qIkwFg0Kwf0zip6VLRqLyFEfG-W5XRBBI3VW3PX5w https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA https://www.google.com/gen_204?atyp=i&zx=1603071699078&ogsr=1&ei=3O6MX86NFJGS0gSGmo-QDw&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1 https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.40L1XIQnUK4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo87VqKnhJy5DXHDJekiAyngLi-Q2w/cb=gapi.loaded_0
|
5
172.217.161.163 172.217.174.195 172.217.174.206 172.217.24.78 216.58.200.4
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2142 |
2020-10-19 10:46
|
pegasun.exe e202bc7ccc1682624be91fe0b86d10ce MachineGuid Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Windows Browser ComputerName Cryptographic key |
|
|
|
|
5.8 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2143 |
2020-10-19 10:47
|
8yPNq.exe 72f119c6e945eace409d20d7e6973804 Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/Q0R9VIMz/
|
1
|
|
|
5.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2144 |
2020-10-19 10:53
|
Document13177.xlsb 136d90dfdc8d28ccfc090f1d09c9bd18 Dridex Malware Creates executable files unpack itself malicious URLs Tofsee DNS |
1
http://solosur.com/1610.gif
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2145 |
2020-10-19 10:53
|
Document13177.xlsb 136d90dfdc8d28ccfc090f1d09c9bd18 unpack itself malicious URLs |
|
|
|
|
1.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|