| 2566 |
2020-11-04 07:57
|
http://103.153.79.195/uu.exe f9281e341d52595f2590488bfcc9ea02
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed Downloader |
2
http://www.kwalie.com/pna/?8pw0ZxbH=uk/FN62J6w3YpztMfQa/YHfiuCeqpvsgLGgV1iCJgX8aJhVM+qcyRTYrb5y37SXc9VztIekb&RZ=Y2JX5x00MdzDqxa
http://103.153.79.195/uu.exe
|
4
www.kwalie.com(164.90.156.161)
103.153.79.195 - suspicious
164.90.156.161
117.18.232.200 - suspicious
|
4
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2567 |
2020-11-04 07:59
|
https://tfweb.org/tem/fgherty.... 9f121b2a173affdaf0a04694032589c8
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
3
tfweb.org(192.232.234.66)
192.232.234.66
117.18.232.200 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2568 |
2020-11-04 08:04
|
http://103.153.79.195/uu.exe f9281e341d52595f2590488bfcc9ea02
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed Downloader |
1
http://103.153.79.195/uu.exe
|
3
www.healthy-time.info()
103.153.79.195 - suspicious
117.18.232.200 - suspicious
|
4
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2569 |
2020-11-04 09:17
|
msi.zip b7f761dd1023f9ce8fa7a3b53ebdd97a
VirusTotal Malware |
|
|
|
|
0.6 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2570 |
2020-11-04 09:31
|
msi.zip b7f761dd1023f9ce8fa7a3b53ebdd97a
VirusTotal Malware |
|
|
|
|
0.6 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2571 |
2020-11-04 09:32
|
msi.zip b7f761dd1023f9ce8fa7a3b53ebdd97a
VirusTotal Malware |
|
|
|
|
0.6 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2572 |
2020-11-04 09:33
|
msi.zip b7f761dd1023f9ce8fa7a3b53ebdd97a
VirusTotal Malware |
|
|
|
|
0.6 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2573 |
2020-11-04 09:37
|
msi.zip b7f761dd1023f9ce8fa7a3b53ebdd97a
VirusTotal Malware |
|
|
|
|
0.6 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2574 |
2020-11-04 09:40
|
msi.zip b7f761dd1023f9ce8fa7a3b53ebdd97a
VirusTotal Malware |
|
|
|
|
0.6 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2575 |
2020-11-04 09:43
|
pre.hta e5346a6a7ec54d24dc706e9ed2f109fb
crashed |
|
|
|
|
0.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2576 |
2020-11-04 09:43
|
document.doc 926c7c3b1010b8599d883fd9caa04227
VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader |
1
http://78.128.92.94/business/vbc.exe
|
1
78.128.92.94 - suspicious
|
6
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.2 |
M |
28 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2577 |
2020-11-04 09:48
|
pre.hta e5346a6a7ec54d24dc706e9ed2f109fb
suspicious privilege Check memory WMI unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName |
1
http://xeoskin.co.kr/wp/wp-includes/SimplePie/Net/cross.php?op=1 - mailcious
|
2
xeoskin.co.kr(112.175.85.236) - mailcious
112.175.85.236 - suspicious
|
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2578 |
2020-11-04 09:49
|
vbc.exe 8d03b9509b17ddc71d7420ef41396b82
Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Trojan DNS Software |
1
http://magicview.ga/ibiki/gate.php
|
2
magicview.ga(91.203.193.242) - mailcious
91.203.193.242 - suspicious
|
10
ET MALWARE Trojan Generic - POST To gate.php with no referer
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.ga Domain
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Fake 404 Response
ET INFO DNS Query for Suspicious .ga Domain
|
|
15.6 |
M |
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2579 |
2020-11-04 09:51
|
msi.zip b7f761dd1023f9ce8fa7a3b53ebdd97a
VirusTotal Malware |
|
|
|
|
0.6 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2580 |
2020-11-04 09:56
|
vbc2.exe c3625ccbd503205305fbee104c373165
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Software |
|
1
195.69.140.147 - suspicious
|
|
|
15.4 |
M |
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|