| 3901 |
2020-12-23 13:42
|
build_startup.exe ae28df7eb1cddda055053dbf5cc556ce
VirusTotal Malware unpack itself |
|
|
|
|
2.4 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3902 |
2020-12-23 13:44
|
CECS9YL4OC7AW8.doc f52e278d1d56ed7f0d5cd09f8e6d08d5
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
3
http://amyzeng.net/content/mgms/
http://97.120.3.198/0mdm931xo0ychdl0/6cn5sxo7/p2ao2zavev7g9cjuds/jlud42nsfiiaoxg8k/uvmitufd/ - rule_id: 196
https://venuspowerbd.com/wp-includes/bLm/
|
7
datnenduanbd.com(210.245.90.208) - malware
amyzeng.net(205.144.171.209) - mailcious
venuspowerbd.com(104.27.181.221)
205.144.171.209 - mailcious
97.120.3.198 - mailcious
210.245.90.208 - malware
104.27.181.221
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3903 |
2020-12-23 13:47
|
Diane_2018_returns.doc 07f7e97635adccf1135b253452cc47fb
Vulnerability VirusTotal Malware unpack itself malicious URLs |
|
|
|
|
3.8 |
M |
29 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3904 |
2020-12-23 13:48
|
f43.exe e67e2f09f38101d3682eba2af617a8c5
VirusTotal Malware unpack itself |
|
|
|
|
2.4 |
M |
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3905 |
2020-12-23 13:51
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0
VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/jkm4eyypp4uappkx/a0rrlyn10/ak1fug2ovhrxs/gb6rj5zmb0/o94sv/ - rule_id: 196
|
1
|
|
1
|
6.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3906 |
2020-12-23 14:54
|
S9BB3FXEFIF87LP.doc 13e0972d407a347a35d44dca0080a27d
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/zn06zwtl/8g8qzes2n305t75vna/coocrgmis2c/ - rule_id: 196
|
3
www.aciparis.com(160.153.137.14) - malware
160.153.137.14 - mailcious
97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3907 |
2020-12-23 14:55
|
qfakh15.gif.exe 86cdc85c3d58de12bf6e8783d044a105
VirusTotal Malware unpack itself Remote Code Execution DNS crashed |
|
|
|
|
3.6 |
M |
43 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3908 |
2020-12-23 15:56
|
qfakh15.gif.exe 86cdc85c3d58de12bf6e8783d044a105
VirusTotal Malware unpack itself Remote Code Execution crashed |
|
|
|
|
3.0 |
M |
43 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3909 |
2020-12-23 15:56
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0
VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/q7ck275y/0unx5t6gukyv/x377fafw1h9g91/ - rule_id: 196
|
1
|
|
1
|
6.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3910 |
2020-12-23 16:02
|
S9BB3FXEFIF87LP.doc 13e0972d407a347a35d44dca0080a27d
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/mzob8ebb/ - rule_id: 196
|
3
sanolifescence.com(208.91.198.172) - malware
208.91.198.172 - mailcious
97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3911 |
2020-12-23 16:02
|
Sa0Cr8YFGqTvD0zWUl.dll cc0ad220328ee16a0b55cba67eabfbcd
VirusTotal Malware Report Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://202.187.222.40/nojvpql8s1sk398i/um1km3tqz/ks61zoi5n/
|
2
202.187.222.40
184.66.18.83 - mailcious
|
1
ET CNC Feodo Tracker Reported CnC Server group 8
|
|
8.4 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3912 |
2020-12-23 16:09
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0
VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/782gizd2/ - rule_id: 196
|
1
|
|
1
|
6.2 |
M |
13 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3913 |
2020-12-23 16:35
|
S9BB3FXEFIF87LP.doc 13e0972d407a347a35d44dca0080a27d
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
1
http://97.120.3.198/m6cjq3lo/i0wbhcxf8p/x3ygd/vb9g/lsyydcc/ - rule_id: 196
|
5
venuspowerbd.com(104.27.181.221) - mailcious
www.aciparis.com(160.153.137.14) - malware
160.153.137.14 - mailcious
97.120.3.198 - mailcious
104.27.181.221
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3914 |
2020-12-23 16:40
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0
VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/z9ankr3z/ - rule_id: 196
|
1
|
|
1
|
6.2 |
M |
13 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3915 |
2020-12-23 16:41
|
http://alsaudiacuttingmaster.c... b486dd954449e1c94fdf9c7a16bbdd9a
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed |
|
2
alsaudiacuttingmaster.com(66.165.248.146) - malware
66.165.248.146 - malware
|
2
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
6.2 |
M |
|
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|