2266 |
2020-10-22 09:31
|
3415201.png.exe 9d740b43f617a21bc695fcac2c9a2f92 unpack itself malicious URLs WriteConsoleW ComputerName |
|
|
|
|
2.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2267 |
2020-10-22 09:34
|
bm2oYR.exe 98dc439a8e2dbfa1d02171d9c3dcd5ed VirusTotal Malware RWX flags setting unpack itself sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://98.103.204.12:443/YRgEh2XeeZ5zN2QzA/7SZFl6VRUbzsMY/ - mailcious http://197.245.25.228/S2IbDcSYrnonhq/ - mailcious
|
2
98.103.204.12 - suspicious 197.245.25.228 - suspicious
|
1
ET POLICY HTTP traffic on port 443 (POST)
|
|
5.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2268 |
2020-10-22 09:34
|
21.psd 0843769cf069d19061f26203d7c3a5db VirusTotal Malware unpack itself malicious URLs WriteConsoleW Tor ComputerName DNS |
|
2
92.255.207.89 217.79.179.177
|
2
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 449 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 811
|
|
4.4 |
|
32 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2269 |
2020-10-22 09:35
|
http://eexcom.tk/21.gif Dridex VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
|
3
eexcom.tk(195.20.40.211) 195.20.40.211 117.18.232.200 - suspicious
|
5
ET DNS Query to a .tk domain - Likely Hostile ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY HTTP Request to a *.tk domain
|
|
4.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2270 |
2020-10-22 09:43
|
mani.exe 3134f3460dd1aa06785baa64673dfbec VirusTotal Malware suspicious privilege unpack itself |
1
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
|
|
2.8 |
M |
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2271 |
2020-10-22 09:45
|
rt.msi 761570587a2f92eea1512ff159ccef29 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check ComputerName |
3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInf1.php?info=Test$WIN7-PC$Administrator$Windows7Ultimate-71$-$WIN7-PCAdministrator - mailcious http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInfF2.php?info=Test$WIN7-PCAdministrator - mailcious
|
2
www.mia.alkhaleejpk.info(82.221.136.4) 82.221.136.4 - suspicious
|
|
|
5.2 |
M |
31 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2272 |
2020-10-22 09:45
|
winsupdater.msi d30d19062bc6668e856946c63b6e9218 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName |
2
http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInf1.php?info=Test$TEST22-PC$test22$Windows7ProfessionalN-$-$TEST22-PCtest22 - mailcious http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
2
mia.alkhaleejpk.info(82.221.136.4) - mailcious 82.221.136.4 - suspicious
|
|
|
4.4 |
M |
31 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2273 |
2020-10-22 09:58
|
wupxarch11.exe 0b422df6c3d71d2147350d11c256724e VirusTotal Malware malicious URLs WriteConsoleW |
|
|
|
|
3.8 |
M |
54 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2274 |
2020-10-22 10:02
|
http://manolidis.kaisariani.gr... 9234de38c4c101eace90ade6d72e3d22 Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed |
3
http://murari.es/wp-content/h/ http://manolidis.kaisariani.gr/tmp/5/ - mailcious http://24.178.90.49/SVmJzAp7HVY8mHNIpMM/bQtMmXnBGHnrrksr9El/
|
6
murari.es(185.179.143.59) manolidis.kaisariani.gr(185.4.133.222) - mailcious 24.178.90.49 185.4.133.222 - suspicious 185.179.143.59 117.18.232.200 - suspicious
|
4
ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
8.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2275 |
2020-10-22 11:00
|
2ZOfCYJNElui.exe ccab12e917b8ad8d7a6a3e8287670f72 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://24.178.90.49/SaOpGGPf4clTxKhIjI8/ZjLusWFu9KW3FJ/ - mailcious http://96.126.101.6:8080/0kIT1GsRZGg/Z219KFj1BzaFjv1gvh/2vzfAUPzqPln/nPIyUyki5/
|
2
24.178.90.49 - suspicious 96.126.101.6
|
|
|
6.2 |
M |
14 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2276 |
2020-10-22 11:19
|
Untitled-20201022-0613.doc 5296108ece7ff94ab27fbc2009fd3f6b Vulnerability Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Windows DNS |
2
http://www.sangamapparel.com/wp-content_old/whE/ - malware http://197.245.25.228/QYNzkDxxNR/iFqKm606R5s/TRsowSNRIJ/Bri8I/6Xp3X0FYYVmWzz/ - mailcious
|
3
www.sangamapparel.com(94.130.141.30) - malware 94.130.141.30 - suspicious 197.245.25.228 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2277 |
2020-10-22 13:27
|
Electronic form.doc 8715ec33d3b4bbbba583bfd7d7abd26e Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
3
http://adidasyeezy.store/welph/ccrcbr1xFU/ - mailcious http://www.zunan.com.tw/wp-admin/lQ59Q/ - mailcious http://vinarorganics.com/css/L0vMERYKQD/ - mailcious
|
13
vstsample.com(103.151.217.206) - malware tuneclick.co.uk(149.255.58.11) - mailcious vinarorganics.com(209.99.40.222) - mailcious atrezzos.beneficiosparaempleados.com(15.236.109.244) - mailcious adidasyeezy.store(104.27.183.91) - mailcious library.strophicmusic.com(149.255.58.11) - mailcious www.zunan.com.tw(198.55.121.47) - mailcious 104.27.182.91 209.99.40.222 - suspicious 103.151.217.206 - suspicious 15.236.109.244 - suspicious 149.255.58.11 - suspicious 198.55.121.47 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
M |
31 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2278 |
2020-10-22 14:32
|
7Y8JPQhD02tGzQA0Yc.exe 4ce948c02be68dacf9038d42f00cd097 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://167.114.153.111:8080/vl126a8N/5wiUuQmGCgMvcUic2H/RDvnC/ - mailcious
|
2
208.180.207.205 - suspicious 167.114.153.111 - suspicious
|
|
|
8.0 |
M |
44 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2279 |
2020-10-22 15:14
|
YL8670890922GB.doc 916dde0f7237842169975de9671dd651 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://murari.es/wp-content/h/ - malware http://24.178.90.49/TpAcThqgw/xrBxqAcY6Ua/ - mailcious
|
3
murari.es(185.179.143.59) - malware 24.178.90.49 - suspicious 185.179.143.59 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
M |
24 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2280 |
2020-10-22 16:36
|
Vli4aVRzVAhOOA2yxZTf.exe 3d62385f90ee174f2861c30b3bffcf87 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://24.178.90.49/EgmK3EDnonZrHy2ck/0vWGlqaP5E/ - mailcious
|
1
24.178.90.49 - suspicious
|
|
|
5.8 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|