2251 |
2020-10-21 15:57
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.8 |
|
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2252 |
2020-10-21 16:03
|
h3OwzPRI6vEG1KuC3.exe b45533152cb79846a4a35300941be962 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.2 |
|
16 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2253 |
2020-10-21 16:08
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/AJ4jGVGbqFJ397J1/J60T3/tZSCd2VWETi/v1qkNXh3CREM0K8Y9EO/Qc0gcqvuVXo88i/ - mailcious
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2254 |
2020-10-21 16:13
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/NAg2sfS2q/3NFnVc4/AnbnVWRZItue/iQXyg4Y/ - mailcious
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2255 |
2020-10-21 16:16
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/shgGAFAF/vKtug/w7wV/oRaWjC6G9lerOucUoo/uC2qgiNCrgLHnByJ/ - mailcious
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2256 |
2020-10-21 16:18
|
Scan_00003984849905654356.exe 29eaa8092a2847b8b13922f9e97441a0 VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
3.2 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2257 |
2020-10-21 16:18
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/ZrZr/MEXXrQwKBmUsOrtUf/QL8e8FFbhmcv/mNRaX/II3U3s/ - mailcious
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2258 |
2020-10-21 16:22
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/udYOLLZlvuP7XP7h21d/rt5TRiX9LJr/ - mailcious
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2259 |
2020-10-21 16:26
|
Scan_00003984849905654356.exe 29eaa8092a2847b8b13922f9e97441a0 VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
3.2 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2260 |
2020-10-21 16:27
|
h3OwzPRI6vEG1KuC3.exe b45533152cb79846a4a35300941be962 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/KQWmuVF3I/tpg1URM1Eblw/KVkMrQ3WKUG/0UROPU/MWWN4mDtdtlVy53/xp5RLEJ/ - mailcious
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.8 |
M |
16 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2261 |
2020-10-21 18:25
|
Payment status2.doc 4dd2ee913c78cc48fc3e728bdc06f5ac Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
2
http://5.2.246.108/bmKEactzCEk/i1sG1/oW5mlF9OX9WXqQww/ulgPKIcKj/ - mailcious https://atrezzos.beneficiosparaempleados.com/wp-admin/kzqh1zM/
|
3
atrezzos.beneficiosparaempleados.com(15.236.109.244) - mailcious 15.236.109.244 - suspicious 5.2.246.108 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
15 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2262 |
2020-10-21 18:26
|
tl.exe 0ca40808fdaccc210951a3c46bd79415 VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
3.8 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2263 |
2020-10-22 07:43
|
http://www.sangamapparel.com/w... 99c68e287bacf0cb33d28bf2a98830f1 VirusTotal Malware AutoRuns Code Injection Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
2
http://www.sangamapparel.com/wp-content_old/whE/ http://98.103.204.12:443/Kbp8BKgS/ - mailcious
|
5
www.sangamapparel.com(94.130.141.30) 197.245.25.228 94.130.141.30 98.103.204.12 - suspicious 117.18.232.200 - suspicious
|
3
ET POLICY HTTP traffic on port 443 (POST) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
13.6 |
M |
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2264 |
2020-10-22 09:02
|
069878.doc 8715ec33d3b4bbbba583bfd7d7abd26e Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
3
http://adidasyeezy.store/welph/ccrcbr1xFU/ http://www.zunan.com.tw/wp-admin/lQ59Q/ http://vinarorganics.com/css/L0vMERYKQD/
|
13
vstsample.com(103.151.217.206) tuneclick.co.uk(149.255.58.11) vinarorganics.com(209.99.40.222) atrezzos.beneficiosparaempleados.com(15.236.109.244) - mailcious adidasyeezy.store(172.67.203.5) library.strophicmusic.com(149.255.58.11) www.zunan.com.tw(198.55.121.47) 104.27.182.91 209.99.40.222 - suspicious 103.151.217.206 - suspicious 15.236.109.244 - suspicious 149.255.58.11 - suspicious 198.55.121.47
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
28 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2265 |
2020-10-22 09:19
|
sserv.jpg.exe 644a0fa49064b97023ac6564c1770083 Troldesh VirusTotal Malware AutoRuns Check memory buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces malicious URLs sandbox evasion installed browsers check Ransomware Windows Browser Tor ComputerName DNS |
|
9
145.239.7.168 193.23.244.244 - suspicious 128.31.0.39 - suspicious 194.109.206.212 - suspicious 86.59.21.38 - suspicious 208.83.223.34 - suspicious 217.79.179.177 92.255.207.89 171.25.193.9 - suspicious
|
8
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 773 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 449 ET JA3 Hash - [Abuse.ch] Possible Troldesh Ransomware SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Ransomware.Troldesh) ET POLICY TLS possible TOR SSL traffic ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 811 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 220 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 359
|
|
10.8 |
M |
63 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|