| 4096 |
2020-12-30 17:29
|
dsyyLswkDAIIRcg.dll d881de90914041df469bf0576734130b
VirusTotal Malware Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
|
2
59.21.235.119 - mailcious
173.70.61.180 - mailcious
|
|
|
8.2 |
M |
46 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4097 |
2020-12-30 17:37
|
gWXLyGJuPM4JPivizx.dll ceb2ce1bfe85ce7351be8b94de4b20ee
VirusTotal Malware Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://138.197.99.250:8080/j9qpqfdtlp/
|
3
138.197.99.250
93.149.120.214 - mailcious
82.208.146.142
|
|
|
8.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4098 |
2020-12-30 17:51
|
PTVqbey4bnBm.dll db3572cb1e8682908b363983da4c9fb7
VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://178.153.27.12/xf5tqs6lfw3qmk/0yq6ky5fbrelnwg3nf0/90psq020/ - rule_id: 204
|
1
178.153.27.12 - mailcious
|
|
1
|
6.2 |
M |
18 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4099 |
2020-12-30 17:54
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0
VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/ejj58zwb/ - rule_id: 196
|
1
|
|
1
|
6.8 |
M |
52 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4100 |
2020-12-30 18:04
|
Xuddv7LiKgFEHF27FY3jB.dll b390b17bc1f032dcb370549abcb49205
VirusTotal Malware Report Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
|
2
24.164.79.147 - mailcious
74.58.215.226 - mailcious
|
1
ET CNC Feodo Tracker Reported CnC Server group 21
|
|
7.4 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4101 |
2020-12-30 18:05
|
ZI5536TF.doc 298892eb6a94f41c24ccba36c341a77f
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
2
http://www.adnlight.com/
https://www.adnlight.com/
|
12
thexanhmy.com(103.116.105.65) - malware
www.shortnr.xyz(205.196.222.8) - mailcious
www.taylordbackups.com(104.28.18.100) - mailcious
www.adnlight.com(31.24.154.183) - malware
nicoblogroms.com(172.67.163.254) - mailcious
valenciancountry.com(151.80.40.117) - malware
151.80.40.117 - malware
31.24.154.183 - malware
172.67.163.254
104.28.19.100 - mailcious
205.196.222.8 - mailcious
103.116.105.65 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4102 |
2020-12-30 18:30
|
DZ1GPOH49JRK1.doc 5bcaee3599cf4762fd2345aac917fd8f
Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://www.trueapparels.com/a/4k/
http://www.mypostletter.com/wp-admin/G3/
|
5
www.mypostletter.com(47.241.129.57)
www.trueapparels.com(64.20.53.58)
64.20.53.58
47.241.129.57
74.58.215.226 - mailcious
|
6
ET CNC Feodo Tracker Reported CnC Server group 21
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
4.6 |
|
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4103 |
2020-12-30 18:50
|
g9fgwEaSg8NUT6X8.dll bd1fb34a45fa07357af5b379340d997c
VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://93.149.120.214/6fbvj254/l1v6lswb/h1e2noz/whdm08h/5zloafbtb133e/ - rule_id: 203
|
1
93.149.120.214 - mailcious
|
|
1
|
7.0 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4104 |
2020-12-30 18:50
|
BL3997.doc 2ebac4353a881a01515150e9c1598934
Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://www.trueapparels.com/a/4k/
http://www.mypostletter.com/wp-admin/G3/
|
6
www.mypostletter.com(47.241.129.57)
www.trueapparels.com(64.20.53.58)
64.20.53.58
47.241.129.57
24.164.79.147 - mailcious
74.58.215.226 - mailcious
|
6
ET INFO Packed Executable Download
ET CNC Feodo Tracker Reported CnC Server group 21
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.0 |
M |
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4105 |
2020-12-30 18:55
|
KW25AR4OpIrgIfw.dll 5388bc21fa102df9331abd7c8b32e66e
VirusTotal Malware Report Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs Windows Advertising ComputerName DNS Cryptographic key |
|
2
24.164.79.147 - mailcious
74.58.215.226 - mailcious
|
1
ET CNC Feodo Tracker Reported CnC Server group 21
|
|
7.0 |
M |
24 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4106 |
2020-12-30 18:55
|
JJPX4EERMI7KC.doc 9576626f10e9f3f26788b625f9d649a0
Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://www.trueapparels.com/a/4k/
http://www.mypostletter.com/wp-admin/G3/
|
6
www.mypostletter.com(47.241.129.57)
www.trueapparels.com(64.20.53.58)
74.58.215.226 - mailcious
64.20.53.58
24.164.79.147 - mailcious
47.241.129.57
|
6
ET CNC Feodo Tracker Reported CnC Server group 21
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.0 |
M |
15 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4107 |
2020-12-30 19:09
|
picture.png.exe 918a2ef3ed55b2722bb22060fb13140b
Dridex TrickBot Malware suspicious privilege buffers extracted RWX flags setting unpack itself Check virtual network interfaces Kovter ComputerName DNS crashed |
|
3
117.222.63.100
177.11.12.93
182.16.187.251
|
2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
4.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4108 |
2020-12-30 19:14
|
JJPX4EERMI7KC.doc 9576626f10e9f3f26788b625f9d649a0
Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself Windows DNS |
|
4
www.mypostletter.com(47.241.129.57) - mailcious
47.241.129.57 - mailcious
24.164.79.147 - mailcious
74.58.215.226 - mailcious
|
5
ET CNC Feodo Tracker Reported CnC Server group 21
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
5.2 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4109 |
2020-12-31 09:13
|
app.exe 7fc1e0f14f99e5ecb3d66d06c4a8c580
VirusTotal Malware unpack itself malicious URLs Remote Code Execution |
|
|
|
|
3.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4110 |
2020-12-31 09:13
|
MTT5J3TPHW.doc fb755d47957eb0d56e6fcb9698f8eee6
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://75.188.107.174/8zpg0k8c2h/orx0v4569s/1oznmurxe1/ymr59b/qpmk/
http://mediatorstewart.com/service-msc/3zZLr/
|
3
mediatorstewart.com(192.169.217.36)
75.188.107.174
192.169.217.36
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
5.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|