2386 |
2020-10-28 11:38
|
aPfjegjaF.exe 6d8eb085d7dfcfdd55f26262e51fbfdc Browser Info Stealer Emotet Malware download FTP Client Info Stealer Vidar Azorult Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Ransomware Interception Zeus OskiStealer Stealer Windows Browser Email ComputerName Cryptographic key Software crashed Downloader |
16
http://morasergiov.ac.ug/ http://217.8.117.77/oJHstwpndf.exe - malware http://morasergiov.ac.ug/vcruntime140.dll http://jamesrlongacre.ug/rc.exe http://morasergiov.ac.ug/nss3.dll http://morasergiov.ac.ug/sqlite3.dll http://jamesrlongacre.ug/ds2.exe http://jamesrlongacre.ug/index.php http://morasergiov.ac.ug/freebl3.dll http://morasergiov.ac.ug/mozglue.dll http://jamesrlongacre.ug/ac.exe http://jamesrlongacre.ug/ds1.exe http://morasergiov.ac.ug/main.php http://morasergiov.ac.ug/msvcp140.dll http://morasergiov.ac.ug/softokn3.dll https://cdn.discordapp.com/attachments/752128569169281083/770252881495326780/Uvop123
|
9
morasergiov.ac.ug(217.8.117.77) discord.com(162.159.136.232) taenaia.ac.ug(79.134.225.121) jamesrlongacre.ug(217.8.117.77) cdn.discordapp.com(162.159.130.233) - malware 79.134.225.121 - suspicious 162.159.136.232 162.159.129.233 - suspicious 217.8.117.77 - suspicious
|
11
ET DROP Spamhaus DROP Listed Traffic Inbound group 38 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE AZORult v3.3 Server Response M3 ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative) ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
|
|
27.4 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2387 |
2020-10-28 12:18
|
dat-730044.doc 86383b38ce26730817e15b0ae7191437 Vulnerability Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://www.josejuanarroyo.com/antithetical-bulblet/l/ - malware http://78.206.229.130/uKGfHwmnTEnY6/wjVGkGYqbNm/OpCtHvEIGdQVlYOcem/fDtBX5jksao28y/dxopC8I/MURSzK4WAPeY/ - mailcious
|
3
www.josejuanarroyo.com(65.254.227.224) - mailcious 78.206.229.130 - suspicious 65.254.227.224 - suspicious
|
4
ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
4.4 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2388 |
2020-10-28 12:26
|
reqrm.exe cc219392a073e3c644174607af417b93 Malware download Azorult VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Windows Browser ComputerName Cryptographic key |
1
http://workwithjoshuaking.com/ssq/cow/index.php
|
2
workwithjoshuaking.com(162.0.231.127) 162.0.231.127
|
1
ET MALWARE AZORult Variant.4 Checkin M2
|
|
14.4 |
|
38 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2389 |
2020-10-28 12:26
|
Electronic form.doc eb6a6943bf8db6a0c7003c1c869b3323 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
3
http://91.121.200.35:8080/oQduEUzyuXYOG1/iosXbeze6L0YK93Z/r3qIMIMkoLSL/NEUB/oa9411o42Xd/ - mailcious https://agenciainfluenciar.com.br/indexing/X/ - malware https://e-spaic.pt/hacks_list/LK/ - mailcious
|
6
agenciainfluenciar.com.br(107.180.71.232) - malware e-spaic.pt(161.97.75.68) - mailcious 179.15.102.2 - suspicious 107.180.71.232 - suspicious 161.97.75.68 - suspicious 91.121.200.35 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
M |
14 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2390 |
2020-10-28 18:06
|
link.exe a9cbc59987ec442437ffea45aade05ba Dridex VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Tofsee Windows ComputerName Cryptographic key |
1
http://bprbalidananiaga.co.id:443/linkbaba/PL341/index.php
|
2
bprbalidananiaga.co.id(103.253.212.238) 103.253.212.238
|
4
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY HTTP traffic on port 443 (POST)
|
|
9.4 |
M |
40 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2391 |
2020-10-28 18:14
|
5j03vVHmJpg.exe 0dd348f4aa94c0be2e84561dda14eac0 Malware Malicious Traffic Check memory RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://88.153.35.32/xVkFvi0xr0OKrwmZRS/IkvcNT3Xm/fJ2IMGEt7DTjKU00/ - mailcious
|
1
88.153.35.32 - suspicious
|
|
|
6.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2392 |
2020-10-28 18:15
|
pinac33fb.exe d204e66e0d2ca29b4c382818fa44e710 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key |
|
|
|
|
10.4 |
|
23 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2393 |
2020-10-28 18:15
|
office99fb.exe 5bc7fe05cc6777e298f4af807926dfe6 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key |
|
|
|
|
10.4 |
|
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2394 |
2020-10-28 18:28
|
office99fb.exe 5bc7fe05cc6777e298f4af807926dfe6 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key |
1
http://www.hamptonsgeneralcontractors.com/acq/?wh=0QAhRrP8y1RAj5XU33Cusl4oZQrV0aSnFtY2d6l9bccmMffCxyrW75SYWrN9oI13N2c7yo3H&YBZ0=cxlL6
|
3
www.hamptonsgeneralcontractors.com(147.154.3.56) www.exo365.ltd() 147.154.3.56
|
|
|
11.2 |
M |
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2395 |
2020-10-28 18:29
|
pinac33fb.exe d204e66e0d2ca29b4c382818fa44e710 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key |
2
http://www.qrealstate.com/v5e/?hBZ=U8uYJGSxoLyhT5pbzaQ9qctLbacRs+moGSuQsXfqB1aF5sMBe8L8sBVSRbRvl3A+E3BaxDnm&or=3f2pdRAXg http://www.ikonnfood.com/v5e/?hBZ=W6KdrNObcxIjnvFa/ckLxHjNsYQo6VSzkwlNO041eL/2JEugRfg9ANiOZrYvupe42yLeExKi&or=3f2pdRAXg
|
4
www.qrealstate.com(68.66.224.8) www.ikonnfood.com(217.160.0.167) 217.160.0.167 - suspicious 68.66.224.8 - suspicious
|
|
|
11.2 |
M |
23 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2396 |
2020-10-28 18:38
|
form.doc 77153b25765b8f500ec3b9199fde031a Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://91.121.200.35:8080/5p26GFubm/9pfmBu06/m4RahRb8CPnsVM1/Idbok7gct/Qtl4m6AYI4LTtYWO/bymnR/ - mailcious http://www.meshzs.com/wp-includes/E/
|
4
www.meshzs.com(188.166.149.118) 179.15.102.2 - suspicious 188.166.149.118 91.121.200.35 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
6.0 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2397 |
2020-10-28 18:45
|
antidami32kl.exe a6b913ac4445753786c8e62a08df5449 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed |
|
|
|
|
13.8 |
M |
22 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2398 |
2020-10-28 18:46
|
FD-6507.jpg.exe db8548d27da86c27809420b5ef7143b0 AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed |
|
|
|
|
12.4 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2399 |
2020-10-28 18:50
|
invoice.doc 373cb701b632ae6397bf97b0b3f6336b Vulnerability VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit crashed |
1
http://bvcxzlkjhgfdsapoiuytrewqwertyuiopasdfghj.ydns.eu/akin.exe - malware
|
2
bvcxzlkjhgfdsapoiuytrewqwertyuiopasdfghj.ydns.eu(103.140.251.164) - malware 103.140.251.164 - suspicious
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.8 |
M |
25 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2400 |
2020-10-28 18:53
|
INV_6347.doc b78a1fa8b1dfc94a57d1a35c3953e1fa Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://www.meshzs.com/wp-includes/E/ - malware http://91.121.200.35:8080/BKhHW3pyD/wVLE4VHOlIwgK1NBL/0FPEf/xVxOqWB2k/bFKzPnusSsEuWnLHG/v202jrsDZIbG/ - mailcious
|
4
www.meshzs.com(188.166.149.118) - malware 179.15.102.2 - suspicious 188.166.149.118 - suspicious 91.121.200.35 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
6.0 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|