4126 |
2020-12-31 11:31
|
hcSVvs17.dll 5c8e1d1f925de728c43716b028646f22 VirusTotal Malware PDB Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://75.188.107.174/psm25gengd337a47m5/ - rule_id: 205
|
1
75.188.107.174 - mailcious
|
|
1
|
7.2 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4127 |
2020-12-31 12:33
|
food.exe 28f2575135c0f9ecbda362500afd6336 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
|
|
|
11.8 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4128 |
2020-12-31 12:34
|
HTYF2ZA2EOAZBO.doc b6587ce7e4c1f63068feaf3801e321a8 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/f3at9l8fqz/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.2 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4129 |
2020-12-31 13:39
|
LAG0SVA65KPO.doc 0096aebaa999e9c381a27a36bdd71e7b Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/k8hde66k/od9rht39iuh1/0e9gsvqoi9/izdk/o0ph860/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4130 |
2020-12-31 13:39
|
i2Vx5yg5QCMTAxVL.dll 547cf9157b0a44635c204583fea074dd VirusTotal Malware PDB Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://152.170.79.100/4l8nnacxq/wn3wpbfbthrw/ - rule_id: 206
|
1
152.170.79.100 - mailcious
|
|
1
|
6.8 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4131 |
2020-12-31 14:14
|
JJV2WAM631N5.doc bdf9b5091abe7bae99a44f9558d756e5 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/prnr3xdpqou2k/fxpnq0/acan3im7hcc/agz1jtgfuqj/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.4 |
M |
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4132 |
2020-12-31 14:40
|
books.exe 5fe9efd4908ab33dd783f31f25eae08f VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed |
|
|
|
|
12.0 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4133 |
2020-12-31 14:59
|
T9j3bniXM.dll eabea1b359270f5e4f337ed4fd39860c VirusTotal Malware PDB Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://113.161.176.235/cab0vg6ka/6nf7fnrcg/v1om09gg7t667lc1u3/on6uz2ytk8/
|
1
|
|
|
6.2 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4134 |
2020-12-31 15:00
|
PU6FN9INXRSX2C.doc e2aeeff4593a9dc0e95c940bb9b1181b Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/xybnnef6j/v6ftcncnv2dmbg/sg2hpkhfc/8ou1vdztcg84kkn11vk/0p8dk85rlw6a7nx1jc/b7hwxulnff8y03/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.2 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4135 |
2020-12-31 15:31
|
vsoeWPBWj1JsLqYruxx.dll b8a8f73418dced6cd67b55ad24e691dc VirusTotal Malware PDB Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://152.170.79.100/s5hq9s/ - rule_id: 206
|
1
152.170.79.100 - mailcious
|
|
1
|
6.2 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4136 |
2020-12-31 15:32
|
V9QJM2C2BBM7QG7.doc 79c004a06cceb9354d0594fae694af00 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/s0yd7yp7n/wgqy6mlldi3/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4137 |
2020-12-31 15:55
|
1U1F9BOcwVrRM0J.dll b7326f6246a4c5e08d90897900660900 VirusTotal Malware PDB Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://75.188.107.174/fx650zzy1zc/phzc/kxxzmhl7h8d4c9lmb5u/8crbo5dlqhgz2up/ - rule_id: 205
|
1
75.188.107.174 - mailcious
|
|
1
|
6.2 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4138 |
2020-12-31 15:58
|
scr.dll f2c9485d6c488bb661d327ac959e56de VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself DNS crashed |
1
http://157.90.24.103//hx33jnDw/index.php?scr=up
|
2
foflikenoiujiiik.cn() 157.90.24.103 - malware
|
|
|
4.8 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4139 |
2020-12-31 15:59
|
NK44ITE3X.doc 2154178028c6e1626fc45b2c83962491 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/veqe5/e54wlr7z77xrhodew/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.4 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4140 |
2020-12-31 16:15
|
YczjMrrnzVVCORolbHHw.dll 17a80dcb775ebccf6f8d3441ac8ff622 VirusTotal Malware PDB Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
|
1
113.161.176.235 - mailcious
|
|
|
6.4 |
M |
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|