2656 |
2020-11-06 10:45
|
n2.exe 31dd83fcd01a7696ea76f960b6a05592 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.4 |
M |
33 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2657 |
2020-11-06 10:48
|
priority3-word.doc 01b461a688d740775311e53c60109509 Vulnerability unpack itself malicious URLs |
|
|
|
|
2.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2658 |
2020-11-06 10:49
|
Recycle.exe 9307f47769c237710365aaa4ca511fe7 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed |
|
1
172.217.25.14 - suspicious
|
|
|
8.6 |
M |
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2659 |
2020-11-06 10:52
|
document3.doc d5c72a79881e7245bcb3fe135d4143f5 LokiBot Malware download Vulnerability VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit Trojan DNS crashed |
2
http://magicview.ga/webxpo/gate.php - mailcious http://duracom.ga/SD3/win32.exe - malware
|
3
magicview.ga(46.173.214.75) - mailcious duracom.ga(46.173.214.75) - malware 46.173.214.75 - suspicious
|
13
ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET POLICY PE EXE or DLL Windows file download HTTP
|
|
5.8 |
M |
36 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2660 |
2020-11-06 11:03
|
http://ps.popcash.net/go/27536... a954a876386a7bb1541498370036cb31 Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
11
http://ps.popcash.net/go/275368/567202 - mailcious http://ps.popcash.net/ad/ad?p=275368&w=567202&t=6e236c90efedc53e&r=&vw=0&vh=0 - mailcious https://simplegrg.shop/favicon.ico https://simplegrg.shop/home/base64.min.js https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/aes.min.js https://simplegrg.shop/home/image.php https://shachibato-anime.shop/ https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js https://cdnjs.cloudflare.com/ajax/libs/zepto/1.2.0/zepto.min.js https://simplegrg.shop/home/?key=8BCE03840BE4E829 https://simplegrg.shop/home?key=8BCE03840BE4E829
|
9
ps.popcash.net(52.201.162.15) - mailcious cdnjs.cloudflare.com(104.16.19.94) - mailcious simplegrg.shop(185.178.208.137) shachibato-anime.shop(185.178.208.164) 185.178.208.164 - suspicious 104.16.18.94 52.203.234.71 185.178.208.137 117.18.232.200 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
5.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2661 |
2020-11-06 11:06
|
reservation.exe 59d5f66f4cd5889b1e825239097a5974 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs Tofsee Ransomware Windows Tor ComputerName DNS Cryptographic key crashed |
1
https://456345746g546646.gb.net//inc/040b73a6c5b6ac.php
|
3
456345746g546646.gb.net() 103.153.182.50 117.18.232.200 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.6 |
M |
53 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2662 |
2020-11-06 11:10
|
tyx.exe 32e7a6c613f21394c0f89b8b948e4f01 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed |
|
|
|
|
13.0 |
M |
36 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2663 |
2020-11-06 11:26
|
document3.doc d5c72a79881e7245bcb3fe135d4143f5 LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit Trojan DNS crashed |
2
http://magicview.ga/webxpo/gate.php - mailcious http://duracom.ga/SD3/win32.exe - malware
|
4
magicview.ga(46.173.214.75) - mailcious duracom.ga(46.173.214.75) - malware 46.173.214.75 - suspicious 172.217.25.14 - suspicious
|
13
ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET POLICY PE EXE or DLL Windows file download HTTP
|
|
5.8 |
M |
36 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2664 |
2020-11-06 13:20
|
https://sunspalato.com/wp-cont... 289d3afec6ddf67f84277c0bacac2d1f Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
4
sunspalato.com(18.159.119.57) - malware 172.217.25.14 - suspicious 18.159.119.57 - suspicious 117.18.232.200 - suspicious
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2665 |
2020-11-06 13:25
|
7123853.xlsb ff10e6466f4031b5d873be6efea559b6 VirusTotal Malware Check memory Checks debugger Creates shortcut Creates executable files unpack itself malicious URLs WriteConsoleW ComputerName crashed |
|
|
|
|
4.8 |
M |
5 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2666 |
2020-11-06 14:18
|
reservation.exe 59d5f66f4cd5889b1e825239097a5974 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs Tofsee Ransomware Windows Tor ComputerName Cryptographic key crashed |
1
https://456345746g546646.gb.net//inc/040b73a6c5b6ac.php - mailcious
|
2
456345746g546646.gb.net() - mailcious 103.153.182.50
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.0 |
M |
53 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2667 |
2020-11-08 22:07
|
scan00002346_Doc.exe 94e005d8a11e1bcc17b6fdae777e5b62 VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
2.8 |
M |
56 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2668 |
2020-11-08 22:09
|
VSP2091.exe 7abcfd428e72ce9cc2bdeef462e31523 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key |
|
1
172.217.25.14 - suspicious
|
|
|
11.6 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2669 |
2020-11-08 22:10
|
svchost.jpg.exe 5c21ea2caa5fa83d2f91a97da6702cee VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs Windows ComputerName |
|
|
|
|
4.8 |
M |
57 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2670 |
2020-11-08 22:11
|
Scan copy.exe 2e3783f9a6d09de8e60564c7a8c9370a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Software |
|
2
sieqwarteg.com(185.147.80.211) - mailcious 178.250.157.171
|
|
|
14.4 |
M |
47 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|