| 2251 |
2020-10-21 15:57
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
2
59.148.253.194 - suspicious
173.68.199.157 - suspicious
|
|
|
7.8 |
|
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2252 |
2020-10-21 16:03
|
h3OwzPRI6vEG1KuC3.exe b45533152cb79846a4a35300941be962
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
2
59.148.253.194 - suspicious
173.68.199.157 - suspicious
|
|
|
7.2 |
|
16 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2253 |
2020-10-21 16:08
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/AJ4jGVGbqFJ397J1/J60T3/tZSCd2VWETi/v1qkNXh3CREM0K8Y9EO/Qc0gcqvuVXo88i/ - mailcious
|
2
59.148.253.194 - suspicious
173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2254 |
2020-10-21 16:13
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/NAg2sfS2q/3NFnVc4/AnbnVWRZItue/iQXyg4Y/ - mailcious
|
2
59.148.253.194 - suspicious
173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2255 |
2020-10-21 16:16
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/shgGAFAF/vKtug/w7wV/oRaWjC6G9lerOucUoo/uC2qgiNCrgLHnByJ/ - mailcious
|
2
59.148.253.194 - suspicious
173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2256 |
2020-10-21 16:18
|
Scan_00003984849905654356.exe 29eaa8092a2847b8b13922f9e97441a0
VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
3.2 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2257 |
2020-10-21 16:18
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/ZrZr/MEXXrQwKBmUsOrtUf/QL8e8FFbhmcv/mNRaX/II3U3s/ - mailcious
|
2
59.148.253.194 - suspicious
173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2258 |
2020-10-21 16:22
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/udYOLLZlvuP7XP7h21d/rt5TRiX9LJr/ - mailcious
|
2
59.148.253.194 - suspicious
173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2259 |
2020-10-21 16:26
|
Scan_00003984849905654356.exe 29eaa8092a2847b8b13922f9e97441a0
VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
3.2 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2260 |
2020-10-21 16:27
|
h3OwzPRI6vEG1KuC3.exe b45533152cb79846a4a35300941be962
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/KQWmuVF3I/tpg1URM1Eblw/KVkMrQ3WKUG/0UROPU/MWWN4mDtdtlVy53/xp5RLEJ/ - mailcious
|
2
59.148.253.194 - suspicious
173.68.199.157 - suspicious
|
|
|
7.8 |
M |
16 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2261 |
2020-10-21 18:25
|
Payment status2.doc 4dd2ee913c78cc48fc3e728bdc06f5ac
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
2
http://5.2.246.108/bmKEactzCEk/i1sG1/oW5mlF9OX9WXqQww/ulgPKIcKj/ - mailcious
https://atrezzos.beneficiosparaempleados.com/wp-admin/kzqh1zM/
|
3
atrezzos.beneficiosparaempleados.com(15.236.109.244) - mailcious
15.236.109.244 - suspicious
5.2.246.108 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
15 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2262 |
2020-10-21 18:26
|
tl.exe 0ca40808fdaccc210951a3c46bd79415
VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
3.8 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2263 |
2020-10-22 07:43
|
http://www.sangamapparel.com/w... 99c68e287bacf0cb33d28bf2a98830f1
VirusTotal Malware AutoRuns Code Injection Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
2
http://www.sangamapparel.com/wp-content_old/whE/
http://98.103.204.12:443/Kbp8BKgS/ - mailcious
|
5
www.sangamapparel.com(94.130.141.30)
197.245.25.228
94.130.141.30
98.103.204.12 - suspicious
117.18.232.200 - suspicious
|
3
ET POLICY HTTP traffic on port 443 (POST)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
13.6 |
M |
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2264 |
2020-10-22 09:02
|
069878.doc 8715ec33d3b4bbbba583bfd7d7abd26e
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
3
http://adidasyeezy.store/welph/ccrcbr1xFU/
http://www.zunan.com.tw/wp-admin/lQ59Q/
http://vinarorganics.com/css/L0vMERYKQD/
|
13
vstsample.com(103.151.217.206)
tuneclick.co.uk(149.255.58.11)
vinarorganics.com(209.99.40.222)
atrezzos.beneficiosparaempleados.com(15.236.109.244) - mailcious
adidasyeezy.store(172.67.203.5)
library.strophicmusic.com(149.255.58.11)
www.zunan.com.tw(198.55.121.47)
104.27.182.91
209.99.40.222 - suspicious
103.151.217.206 - suspicious
15.236.109.244 - suspicious
149.255.58.11 - suspicious
198.55.121.47
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
28 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2265 |
2020-10-22 09:19
|
sserv.jpg.exe 644a0fa49064b97023ac6564c1770083
Troldesh VirusTotal Malware AutoRuns Check memory buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces malicious URLs sandbox evasion installed browsers check Ransomware Windows Browser Tor ComputerName DNS |
|
9
145.239.7.168
193.23.244.244 - suspicious
128.31.0.39 - suspicious
194.109.206.212 - suspicious
86.59.21.38 - suspicious
208.83.223.34 - suspicious
217.79.179.177
92.255.207.89
171.25.193.9 - suspicious
|
8
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 773
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 449
ET JA3 Hash - [Abuse.ch] Possible Troldesh Ransomware
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Ransomware.Troldesh)
ET POLICY TLS possible TOR SSL traffic
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 811
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 220
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 359
|
|
10.8 |
M |
63 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|