2206 |
2020-10-20 17:17
|
aisbLsiE.exe 3ed2826a1e5d25a48f0d2e92c687317f Emotet Malware download VirusTotal Malware Report Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://38.111.46.46:8080/eCpqxVDnTlwS42B1/GTqT0LRs/lMc6gOg6WdcY/ALUPbzO4r7EC5Br/dM6LEmhyxWRJafHh7v/ - mailcious http://162.241.242.173:8080/AQxg26M27Hd20/qvJ8JL/97OsKqRed0RX/DGRZkQlxpR4oc9bRGB/JBJW/If1ZL4psik/ - mailcious
|
6
134.209.36.254 - suspicious 162.241.242.173 - suspicious 164.124.101.2 2.84.135.163 - suspicious 38.111.46.46 - suspicious 67.10.155.92 - suspicious
|
5
ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 17 ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 5 ET MALWARE Win32/Emotet CnC Activity (POST) M10
|
|
9.0 |
M |
40 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2207 |
2020-10-20 17:21
|
Gj14N5aW.exe 4a8a93cfff1ea3c4251d2d12705c9a2a VirusTotal Malware Report Malicious Traffic ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://62.30.7.67:443/V4R69jWC6/ILZyVeUJ4CAKnS/21IApr/Nqwx72WZINKGmQwJ/ - mailcious http://162.241.242.173:8080/dTKsPQmI/ILxNeO/NLogweu/ - mailcious
|
7
142.44.137.67 - suspicious 162.241.242.173 - suspicious 164.124.101.2 192.158.216.73 - suspicious 62.30.7.67 - suspicious 85.152.162.105 - suspicious 85.214.28.226 - suspicious
|
5
ET CNC Feodo Tracker Reported CnC Server group 23 ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 20 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET POLICY HTTP traffic on port 443 (POST)
|
|
9.8 |
M |
59 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2208 |
2020-10-20 17:27
|
6E9zisbO9sC0owFOL.exe f8799dca3986c7ce5a501d6c93f546d0 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://91.121.87.90:8080/arNoljnh0f5/4nPhA3vv2/cbp1CkHTnRbrDplE/U1Qn0OFyTz/OlMlRR2Tj7XObl/pGG8dwHq/ - mailcious
|
3
164.124.101.2 177.130.51.198 - suspicious 91.121.87.90 - suspicious
|
|
|
8.0 |
M |
11 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2209 |
2020-10-20 17:31
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/RbSCF5bx/ - mailcious
|
2
164.124.101.2 186.189.249.2 - suspicious
|
|
|
6.2 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2210 |
2020-10-20 17:37
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/ms47DPwej1mNU/2wmbw/ - mailcious
|
2
164.124.101.2 186.189.249.2 - suspicious
|
|
|
6.2 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2211 |
2020-10-20 17:40
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/VX91Fabh/ffz9uON9sxZa0vRKH/0JaFLhCiuOKAmNfyQ/ - mailcious
|
2
164.124.101.2 186.189.249.2 - suspicious
|
|
|
6.2 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2212 |
2020-10-20 17:50
|
fUV0qtOHs8f1V.exe 1899797eec0cff367f4c2b7974dae71d Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://24.230.141.169/ab89dkwa/PPODsD2XAF2u22sH/jjjsvnn8sJbbAE8/ - mailcious
|
2
164.124.101.2 24.230.141.169 - suspicious
|
|
|
5.8 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2213 |
2020-10-20 17:50
|
WBXwh.exe f340e14bdf91c3f76734b4d10599fc75 VirusTotal Malware Check memory RWX flags setting unpack itself |
|
1
|
|
|
1.8 |
|
8 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2214 |
2020-10-20 18:20
|
KX6b46h61WpcxYvibEeK.exe 9c18bf05c04cb7c5a423a4e74fb20c16 VirusTotal Malware Check memory RWX flags setting unpack itself |
|
1
|
|
|
1.8 |
M |
8 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2215 |
2020-10-20 18:20
|
CFcnwUfBBk3KTkEW.exe 851aca30c0e2ad6b6158ca755fb74688 VirusTotal Malware Check memory RWX flags setting unpack itself |
|
1
|
|
|
1.8 |
|
8 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2216 |
2020-10-21 07:46
|
https://globaltechealthy.com/x... b42bdc5e32b4c255ddcaf88eb84487ab Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) 117.18.232.200 - suspicious 164.124.101.2 198.54.126.81
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2217 |
2020-10-21 07:53
|
https://globaltechealthy.com/x... b42bdc5e32b4c255ddcaf88eb84487ab Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) - malware 117.18.232.200 - suspicious 164.124.101.2 198.54.126.81 - suspicious
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2218 |
2020-10-21 07:55
|
http://kyleesbirthdaybash.com/... 1ac2d51d0c9f165943065eab1ace3f67 VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://59.148.253.194:8080/ILcOXckigoY/HMRI8PC1Q6/VTaCG3Zu8HfwyU/VM4UltpElsAzUMzkD/3LBuQBzN6bwROG/4UceHa1lWVbY6fi/ - mailcious http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://kyleesbirthdaybash.com/wp-includes/Sco/
|
6
kyleesbirthdaybash.com(148.72.3.169) 117.18.232.200 - suspicious 148.72.3.169 164.124.101.2 173.68.199.157 59.148.253.194 - suspicious
|
2
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
13.6 |
M |
9 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2219 |
2020-10-21 08:11
|
http://wearenursesvip.com/wp-i... a097f280746cd6ddaa694b849007e87f VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed keylogger |
3
http://75.188.96.231/vFwkaiFNWobTM7/ http://wearenursesvip.com/wp-includes/ZbcC/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
5
wearenursesvip.com(148.72.3.169) 117.18.232.200 - suspicious 148.72.3.169 164.124.101.2 75.188.96.231
|
2
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
12.6 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2220 |
2020-10-21 09:19
|
Copy invoice #1252.doc 3210c2965e9284197cb5618b2492ae1c Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
1
http://188.226.165.170:8080/OCuKMuQWW/GfkvVful050/KKbOKeF/wLHRvJQjkFppvzHCC/X9XNNYF0ISWHQKLqf/EjggGXx/ - mailcious
|
7
luofox.com(106.54.225.198) 104.131.144.215 - suspicious 106.54.225.198 164.124.101.2 188.226.165.170 - suspicious 5.2.246.108 91.121.87.90 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.8 |
M |
25 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|