2296 |
2020-10-23 20:34
|
uzo.exe 48520b30c57caafbf360c5e71920b82a VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
2
http://www.videosdownloader.world/pna/?Qzr=lCkM/WNlHDQhPNNCLgigIn5TsqjRkZBYQe3/3x3aWICa8ZqoM9hoiIzVhwhkLA/ae94goVfc&MJBx=FdCtDF7XaZvxp8w0 http://www.mataangin.net/pna/?Qzr=o/AJFgPg/rbDqSsFRatFNqFF87My87PbRraUcI3XxD6SDEHBVw/9QUHgwqVD98MMlV6r5EQQ&MJBx=FdCtDF7XaZvxp8w0
|
4
www.videosdownloader.world(104.31.70.123) www.mataangin.net(216.58.197.147) 74.125.203.121 104.31.70.123 - suspicious
|
2
ET INFO Observed DNS Query to .world TLD ET INFO HTTP Request to Suspicious *.world Domain
|
|
9.6 |
M |
9 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2297 |
2020-10-23 20:36
|
presh.exe 0a9d84384de463aabdecb558364b7fb8 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs |
1
http://www.zekmer.com/glt/?v4=z+jsdghqXIBzHzcwNQBJFFUB20Iq6ajocFUFpR4BfVUNFKQjr26H9Gtmme6BTxiiwmG9c7BY&Hp=V48HzvXX
|
4
www.zekmer.com(213.186.33.5) www.organizationfun.net(109.238.192.244) 109.238.192.244 213.186.33.5 - suspicious
|
|
|
12.2 |
M |
32 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2298 |
2020-10-24 20:45
|
document.doc c442eddb89f85c2c9aca3a7155413b0e VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader |
1
http://75.127.1.211/svch/vbc.exe
|
1
75.127.1.211 - suspicious
|
6
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.2 |
|
23 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2299 |
2020-10-24 21:12
|
3415201.png.exe 8ae42eb5c0a95502f49a77dada2c28c6 AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName crashed |
|
|
|
|
8.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2300 |
2020-10-24 21:16
|
aa.exe 34bbaf88d62ba189eb03bd77d951bd6d suspicious privilege Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
1.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2301 |
2020-10-24 21:18
|
Invoice 0015683.doc 3f0d1297b898cc4b868d373bd3b1f38d Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee Windows DNS |
5
http://stopinfo.vhostgo.com/info3.html?data=jiafunongye.com%2Fapplication%2FNJ3Ta¬e=%E7%97%85%E6%AF%92%E9%93%BE%E6%8E%A5%E6%9C%AA%E5%88%A0%E9%99%A4&type=1 http://amarteargentina.com.ar/wp-admin/GOAvrV/ - mailcious http://188.226.165.170:8080/ujQT3Imbl2G/pDHVVAaZp7lORlJ3Ixy/k51ux/GaQ4KvtL/Q8r6Aadb/sJEcvi/ - mailcious http://jiafunongye.com/application/NJ3Ta/ - mailcious https://acheterdrogues.com/wp-admin/m/ - mailcious
|
12
acheterdrogues.com(104.18.49.158) - mailcious jiafunongye.com(211.149.252.72) - mailcious hcareconcepts.com(51.81.109.122) - malware stopinfo.vhostgo.com(211.149.246.250) amarteargentina.com.ar(66.97.40.114) - mailcious 78.90.78.210 - suspicious 211.149.246.250 66.97.40.114 - suspicious 188.226.165.170 - suspicious 104.18.48.158 - suspicious 211.149.252.72 - suspicious 51.81.109.122 - suspicious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
7.4 |
M |
41 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2302 |
2020-10-24 21:23
|
svch.exe fbd5505ecef3f543390d46b8131dc8b6 Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key crashed |
|
|
|
|
8.6 |
M |
24 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2303 |
2020-10-24 21:27
|
vbc.exe c1c3d7e9e852772094e696187d458a8b Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
9.4 |
M |
36 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2304 |
2020-10-24 21:41
|
6.exe 4096b3e3291c36b97303873dd6c34b0f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW IP Check Windows ComputerName |
1
|
2
ip-api.com(208.95.112.1) 208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
|
12.8 |
M |
14 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2305 |
2020-10-24 21:41
|
vr1qunng5d.exe 88e7ebf0175b0aa6827e063c46203e58 Malware Malicious Traffic ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://188.226.165.170:8080/Pniftk8P/gGs2RmTSCCYKfM5hY/JhHo4KMCwNd9/nFXHL4IifaliN33DzPJ/XnbJi2L/ - mailcious
|
2
188.226.165.170 - suspicious 78.90.78.210 - suspicious
|
|
|
7.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2306 |
2020-10-26 09:58
|
jCEfNBgNKuQdfM.exe 42f8fed7b14d4181d8486e4c4448830c VirusTotal Malware Report RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://200.116.145.225:443/HPqWp/r16U55UEr6OBOJQOap/ - mailcious
|
1
200.116.145.225 - suspicious
|
2
ET CNC Feodo Tracker Reported CnC Server group 13 ET POLICY HTTP traffic on port 443 (POST)
|
|
5.8 |
M |
55 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2307 |
2020-10-26 10:00
|
ac.exe 91573753a7b75dde5ca1420bf85a60a2 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows |
|
3
agentpurple.ac.ug() agentttt.ac.ug(79.134.225.40) 79.134.225.40
|
|
|
10.4 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2308 |
2020-10-26 10:04
|
ds1.exe ce56f130c12f75c8b26151d1c3a6de37 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs crashed |
|
|
|
|
10.0 |
M |
43 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2309 |
2020-10-26 10:08
|
ds1.exe ce56f130c12f75c8b26151d1c3a6de37 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs crashed |
|
|
|
|
9.0 |
M |
43 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2310 |
2020-10-26 10:19
|
avv.exe 5790ee7642277ac3ab4df17ba016754d VirusTotal Malware AutoRuns PDB Creates executable files Disables Windows Security malicious URLs Firewall state off Windows |
1
|
2
worm.ws(217.8.117.10) - malware 217.8.117.10 - suspicious
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 38
|
|
6.4 |
M |
39 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|