44401 |
2020-12-23 18:23
|
bine.exe 643d71110f8f60590bd795e97317bd86 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
|
|
|
|
9.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44402 |
2020-12-23 18:21
|
YREKQN5ZLNQ.doc 6a129baf7b95f27a985be69e4bc724c9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/zzy9swtzxmsf9t/binacwuo5zg8wkfu1e/x6ydic3r/jnb3sc/7f3v3j151mmwc/ - rule_id: 196
|
3
www.aciparis.com(160.153.137.14) - malware 160.153.137.14 - mailcious 97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44403 |
2020-12-23 18:21
|
yarobelo.scr c7c46db118df6a8d6c9deb69fa6b765b Browser Info Stealer FTP Client Info Stealer Charming Kitten VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://api.ipify.org/
|
5
api.ipify.org(23.21.42.25) crt.comodoca.com(91.199.212.52) 91.199.212.52 95.216.137.135 54.225.220.115
|
2
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 833 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.0 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44404 |
2020-12-23 18:05
|
winscr.exe 3574650da1cff1dff8f334feafeadd5a Troldesh Charming Kitten VirusTotal Malware AutoRuns Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces malicious URLs sandbox evasion Ransomware Windows Tor ComputerName Remote Code Execution DNS |
|
5
82.149.227.126 171.25.193.9 - mailcious 194.109.206.212 - mailcious 95.216.137.135 88.90.251.2
|
4
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 833 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 745 ET JA3 Hash - [Abuse.ch] Possible Troldesh Ransomware SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Ransomware.Troldesh)
|
|
9.4 |
M |
59 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44405 |
2020-12-23 18:05
|
yarobelo.scr c7c46db118df6a8d6c9deb69fa6b765b Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://api.ipify.org/
|
4
api.ipify.org(54.225.66.103) crt.comodoca.com(91.199.212.52) 54.225.169.28 91.199.212.52
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.6 |
M |
18 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44406 |
2020-12-23 16:41
|
http://alsaudiacuttingmaster.c... b486dd954449e1c94fdf9c7a16bbdd9a VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed |
|
2
alsaudiacuttingmaster.com(66.165.248.146) - malware 66.165.248.146 - malware
|
2
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
6.2 |
M |
|
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44407 |
2020-12-23 16:40
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/z9ankr3z/ - rule_id: 196
|
1
|
|
1
|
6.2 |
M |
13 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44408 |
2020-12-23 16:35
|
S9BB3FXEFIF87LP.doc 13e0972d407a347a35d44dca0080a27d Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
1
http://97.120.3.198/m6cjq3lo/i0wbhcxf8p/x3ygd/vb9g/lsyydcc/ - rule_id: 196
|
5
venuspowerbd.com(104.27.181.221) - mailcious www.aciparis.com(160.153.137.14) - malware 160.153.137.14 - mailcious 97.120.3.198 - mailcious 104.27.181.221
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44409 |
2020-12-23 16:09
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/782gizd2/ - rule_id: 196
|
1
|
|
1
|
6.2 |
M |
13 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44410 |
2020-12-23 16:02
|
Sa0Cr8YFGqTvD0zWUl.dll cc0ad220328ee16a0b55cba67eabfbcd VirusTotal Malware Report Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://202.187.222.40/nojvpql8s1sk398i/um1km3tqz/ks61zoi5n/
|
2
202.187.222.40 184.66.18.83 - mailcious
|
1
ET CNC Feodo Tracker Reported CnC Server group 8
|
|
8.4 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44411 |
2020-12-23 16:02
|
S9BB3FXEFIF87LP.doc 13e0972d407a347a35d44dca0080a27d Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/mzob8ebb/ - rule_id: 196
|
3
sanolifescence.com(208.91.198.172) - malware 208.91.198.172 - mailcious 97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44412 |
2020-12-23 15:56
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/q7ck275y/0unx5t6gukyv/x377fafw1h9g91/ - rule_id: 196
|
1
|
|
1
|
6.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44413 |
2020-12-23 15:56
|
qfakh15.gif.exe 86cdc85c3d58de12bf6e8783d044a105 VirusTotal Malware unpack itself Remote Code Execution crashed |
|
|
|
|
3.0 |
M |
43 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44414 |
2020-12-23 14:55
|
qfakh15.gif.exe 86cdc85c3d58de12bf6e8783d044a105 VirusTotal Malware unpack itself Remote Code Execution DNS crashed |
|
|
|
|
3.6 |
M |
43 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44415 |
2020-12-23 14:54
|
S9BB3FXEFIF87LP.doc 13e0972d407a347a35d44dca0080a27d Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/zn06zwtl/8g8qzes2n305t75vna/coocrgmis2c/ - rule_id: 196
|
3
www.aciparis.com(160.153.137.14) - malware 160.153.137.14 - mailcious 97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|