| 2131 |
2020-10-18 15:46
|
gk.exe ee536c45fd3fa66da13cb0b15774bd16
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://221.147.142.214/Qu9JBMsbMPLvwaR/YbO2MuusZrGSf3/AajR7xNy/ts97bsmiMrig/EMcQi/EDMPtpBJCtad/
|
1
|
|
|
6.8 |
|
32 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2132 |
2020-10-19 07:54
|
https://docsecure.top/xls/0056... d694f94ba539e86d95c6a3671dd6b455
Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00569905.xls
|
2
117.18.232.200
8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
|
|
7.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2133 |
2020-10-19 07:59
|
http://flowerdeliverypasadena.... 2bdc8f8afab8ee9ba26576c526d0940b
VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://221.147.142.214/5ppQWBDnD6xsz0/bU5WdybLOsx4s9ydOD/yuAatcr03S6XkO/
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://flowerdeliverypasadena.com/wp-content/J8tPsVAF4/
|
3
104.247.73.198
117.18.232.200
221.147.142.214
|
3
ET POLICY Terse Named Filename EXE Download - Possibly Hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
11.8 |
M |
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2134 |
2020-10-19 09:18
|
REP_20201018_L386.doc 57bf98d84c86b699f5173c9f624ba0ba
Vulnerability VirusTotal Malware unpack itself malicious URLs |
|
|
|
|
3.6 |
M |
38 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2135 |
2020-10-19 09:21
|
eh.exe 4d0f2cb16083c2c99e05cdb59f2d3243
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
7.2 |
M |
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2136 |
2020-10-19 09:28
|
https://docsecure.top/xls/0061... 92e79228771983699fc0cfe8dfa7f407
Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00613486.xls
|
2
117.18.232.200
8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
|
|
7.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2137 |
2020-10-19 09:29
|
eh.exe 4d0f2cb16083c2c99e05cdb59f2d3243
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
8.6 |
M |
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2138 |
2020-10-19 10:34
|
Wkhuldcw8s2x4nsXa.exe 684ba2ea81a8e9ab031260cbf0dd5db8
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://2.45.176.233/rPor/kwcwCsOqqnt/haqARQeG/
|
1
|
|
|
6.6 |
|
26 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2139 |
2020-10-19 10:37
|
test2.hta d8c6560478cca57bb84a2c37228c44bf
Code Injection RWX flags setting unpack itself Windows utilities Windows |
|
|
|
|
2.2 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2140 |
2020-10-19 10:40
|
http://google.com 7c5b5c860e570c3a102b9ad3b70d5250
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
14
http://ssl.gstatic.com/gb/images/i1_1967ca6a.png
http://www.google.com/
http://www.google.com/favicon.ico
http://google.com/
http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png
https://www.google.com/images/hpp/Chrome_Owned_96x96.png
https://id.google.com/verify/AHGvNoz67299XAAw47xz8dx2N0jUdvDfJPI-xpYa0-aMA903QE7EmGdb5HLbauvbTfQrEfQmuaVNT7l8BXkflu72YB62QyZfILm_k1UFFTLGmPcwVzPOMg
https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA
https://www.google.com/gen_204?atyp=i&zx=1603071496312&ogsr=1&ei=Eu6MX7erObG2mAXImrzYDQ&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.40L1XIQnUK4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo87VqKnhJy5DXHDJekiAyngLi-Q2w/cb=gapi.loaded_0
https://www.gstatic.com/og/_/ss/k=og.og2.PgfxfGqQF7o.L.I9.O/m=lg/excm=in,fot/d=1/ed=1/ct=zgms/rs=AA2YrTtXOZGBi97nSWVF5_lQHggN-0axqA
https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=lat/exm=in,fot,def/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA
https://ssl.gstatic.com/gb/images/a/911e3628e6.png
https://ssl.gstatic.com/gb/images/p1_e53fc7b4.png
|
6
172.217.163.228
172.217.174.195
172.217.24.78
172.217.25.3
216.58.200.67
216.58.200.78
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2141 |
2020-10-19 10:42
|
http://google.com 5c8e481fca1860d15244132ca413e8ea
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
10
http://ssl.gstatic.com/gb/images/i1_1967ca6a.png
http://www.google.com/
http://www.google.com/favicon.ico
http://google.com/
http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png
https://www.google.com/images/hpp/Chrome_Owned_96x96.png
https://id.google.com/verify/AHGvNow70cKTzJ4YAiZ9bQ-bGyUfv6hsoNbwOSaa3e4cSAOdXAQTzx4UfvQpPWuCQmp-bGiRcdgi8qIkwFg0Kwf0zip6VLRqLyFEfG-W5XRBBI3VW3PX5w
https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA
https://www.google.com/gen_204?atyp=i&zx=1603071699078&ogsr=1&ei=3O6MX86NFJGS0gSGmo-QDw&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.40L1XIQnUK4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo87VqKnhJy5DXHDJekiAyngLi-Q2w/cb=gapi.loaded_0
|
5
172.217.161.163
172.217.174.195
172.217.174.206
172.217.24.78
216.58.200.4
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2142 |
2020-10-19 10:46
|
pegasun.exe e202bc7ccc1682624be91fe0b86d10ce
MachineGuid Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Windows Browser ComputerName Cryptographic key |
|
|
|
|
5.8 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2143 |
2020-10-19 10:47
|
8yPNq.exe 72f119c6e945eace409d20d7e6973804
Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/Q0R9VIMz/
|
1
|
|
|
5.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2144 |
2020-10-19 10:53
|
Document13177.xlsb 136d90dfdc8d28ccfc090f1d09c9bd18
Dridex Malware Creates executable files unpack itself malicious URLs Tofsee DNS |
1
http://solosur.com/1610.gif
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2145 |
2020-10-19 10:53
|
Document13177.xlsb 136d90dfdc8d28ccfc090f1d09c9bd18
unpack itself malicious URLs |
|
|
|
|
1.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|