44431 |
2020-12-23 10:40
|
w.jpg.exe 02bc3167a931c04b510e431cca825cc8 VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
2.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44432 |
2020-12-23 09:31
|
vbc.exe db542dfd79175f5c8c0ab1f20a8fe1d1 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed |
|
|
|
|
10.8 |
M |
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44433 |
2020-12-23 09:29
|
w.jpg.exe 02bc3167a931c04b510e431cca825cc8 VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
2.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44434 |
2020-12-23 09:18
|
LP39W4L.doc 9f6785612b0ce7efbc9558ba9f51c043 Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee Windows DNS |
1
http://50.116.111.59:8080/588upizw9mn4bjd3/ - rule_id: 193
|
7
infosisconsultancy.com(166.62.27.186) - malware heaventoearth.com(50.62.198.97) - malware 166.62.27.186 - malware 197.87.160.216 - mailcious 78.188.225.105 - mailcious 50.62.198.97 - malware 50.116.111.59 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
http://50.116.111.59:8080/
|
7.6 |
M |
32 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44435 |
2020-12-23 09:16
|
uwyoiynmmqopx.exe e7e96c9207162499c8a9ab553d8855e9 VirusTotal Malware |
|
|
|
|
2.0 |
M |
49 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44436 |
2020-12-23 09:07
|
datos.exe 5a67e5c4236e16b4ed8cf12576946eb0 Dridex TrickBot ENERGETIC BEAR VirusTotal Malware AutoRuns Malicious Traffic Check memory buffers extracted Creates shortcut Creates executable files unpack itself malicious URLs AntiVM_Disk sandbox evasion anti-virtualization IP Check VM Disk Size Check Tofsee Ransomware Kovter Windows Tor ComputerName Remote Code Execution DNS keylogger |
7
http://139.162.210.252/tor/server/fp/0ac4c4d8bca8da7bae6be3fea87442e724353cbf http://176.123.5.193/tor/server/fp/ccf38c8682e5936852f6f33a0a333aff30ca453f http://23.129.64.192/tor/server/fp/a29d2a78a8a954819e220cefbebce95d2fcfa54d http://91.250.242.12/tor/server/fp/951307ba74e44a9c9c208b2f134cda2409944075 http://91.234.19.55/tor/server/fp/204dfd2a2c6a0dc1fa0eacb495218e0b661704fd http://89.35.34.33/tor/server/fp/2aba1345fc9975152372f42d06a1a7dcc870c2f5 https://api.ipify.org/
|
14
api.ipify.org(54.225.220.115) time-a.nist.gov(129.6.15.28) 91.234.19.55 100.15.249.55 193.23.244.244 - mailcious 23.129.64.192 178.164.158.82 139.162.210.252 176.123.5.193 89.35.34.33 129.6.15.28 94.16.116.137 23.21.252.4 91.250.242.12
|
18
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 359 SURICATA HTTP Request abnormal Content-Encoding header ET POLICY TOR Consensus Data Requested SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 205 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 154 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET P2P Tor Get Server Request ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 824 ET POLICY TLS possible TOR SSL traffic ET TOR Known Tor Exit Node Traffic group 23 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 23 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 804 ET TOR Known Tor Exit Node Traffic group 150 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 150 ET TOR Known Tor Exit Node Traffic group 90 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 91 ET COMPROMISED Known Compromised or Hostile Host Traffic group 24
|
|
10.6 |
M |
53 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44437 |
2020-12-23 09:06
|
19934.5.exe 63166f4636e5156006b25b214f8708ca VirusTotal Malware PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Tofsee ComputerName DNS |
1
https://pastebin.com/raw/tYFULNB5
|
3
pastebin.com(104.23.99.190) - mailcious 185.81.157.186 - malware 104.23.98.190 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.0 |
M |
60 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44438 |
2020-12-23 08:01
|
http://jomorder.co/wp-admin/l9... 46212534ccb9c29480ac03b9d9b61f45 Dridex VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://jomorder.co/wp-admin/l995meuTde1MTpf/
|
2
jomorder.co(103.27.74.190) 103.27.74.190
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44439 |
2020-12-22 18:35
|
19932.0.exe a990743dc1d517be8fdbd9c16c32919e VirusTotal Malware PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Tofsee ComputerName DNS |
1
https://pastebin.com/raw/tYFULNB5
|
3
pastebin.com(104.23.99.190) - mailcious 185.81.157.186 - malware 104.23.99.190 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.0 |
M |
45 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44440 |
2020-12-22 18:35
|
45.exe c2c24dbead6a0c0e3028869440216664 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself malicious URLs |
|
|
|
|
3.2 |
M |
50 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44441 |
2020-12-22 18:28
|
4.5.exe e00c93a8d92089c7c76fbe9494756767 VirusTotal Cryptocurrency Miner Malware Cryptocurrency PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Auto service Check virtual network interfaces malicious URLs Tofsee Windows ComputerName DNS |
2
http://185.81.157.186/testmin/5.11x64.png https://pastebin.com/raw/g9Nyq98E
|
3
pastebin.com(104.23.98.190) - mailcious 104.23.99.190 - mailcious 185.81.157.186 - malware
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY Cryptocurrency Miner Checkin
|
|
11.8 |
M |
49 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44442 |
2020-12-22 18:25
|
4.5.jpg.exe 11acdd3bc366b04cbca2b5727d836ceb VirusTotal Cryptocurrency Miner Malware Cryptocurrency PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Auto service Check virtual network interfaces suspicious process malicious URLs Tofsee Windows ComputerName DNS |
3
http://185.81.157.186/files/ex/551x64.png https://pastebin.com/raw/g9Nyq98E https://pastebin.com/raw/NkK1HH5V
|
3
pastebin.com(104.23.98.190) - mailcious 104.23.99.190 - mailcious 185.81.157.186 - malware
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY Cryptocurrency Miner Checkin
|
|
12.4 |
M |
29 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44443 |
2020-12-22 16:40
|
reg.exe c62b1e8e806ff0d93d1579721f2b2052 VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Detects VMWare suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows Cryptographic key crashed |
|
|
|
|
11.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44444 |
2020-12-22 16:40
|
Paradox.exe 18db4025efcafb1584789e0fbdd3db2a VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself malicious URLs Windows DNS Cryptographic key |
|
|
|
|
3.6 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44445 |
2020-12-22 16:28
|
reg.exe c62b1e8e806ff0d93d1579721f2b2052 VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Detects VMWare suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows Cryptographic key crashed |
|
|
|
|
11.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|