| 44911 |
2020-12-01 10:35
|
Calculation-1535239351-1120202... 56332adb895de05d9378d8de27c2d1ac
VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName |
|
2
angeshemaria.com(162.241.169.31) - malware
162.241.169.31 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2
ET INFO EXE - Served Attached HTTP
|
|
7.2 |
M |
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44912 |
2020-12-01 10:30
|
buildie.exe cef7c81e2921b6a1072428cefeb443b2
VirusTotal Malware PDB unpack itself DNS |
|
|
|
|
2.8 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44913 |
2020-12-01 10:29
|
AsyncClient.exe b2982f3357eca7309cdde6c7720bbc7e
VirusTotal Malware AutoRuns Code Injection Malicious Traffic Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS |
1
https://pastebin.com/raw/hbwHfEg3
|
3
pastebin.com(104.23.99.190) - mailcious
45.84.1.78
104.23.98.190 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44914 |
2020-12-01 10:21
|
565923964123873366320050276814... 843a44fc8293f876b0568ac437ebcd8a
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Windows DNS Cryptographic key |
|
2
wssicake.xyz(213.183.51.6)
213.183.51.6
|
|
|
10.2 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44915 |
2020-12-01 10:20
|
a.exe 7947c5b373eaceb9ad9797824eb5d918
VirusTotal Malware unpack itself |
|
|
|
|
2.4 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44916 |
2020-12-01 10:20
|
urevinisaj.exe ccb76815c9e96925342582ec52a93d36
VirusTotal Malware ICMP traffic malicious URLs |
|
2
gmlgml.zz.am(203.245.20.144) - mailcious
203.245.20.144 - suspicious
|
|
|
3.8 |
|
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44917 |
2020-12-01 09:55
|
1130_206410993.doc 28ab184b90b90e55e154e718eaf4cc1f
Vulnerability VirusTotal Malware Code Injection Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check ComputerName |
1
|
4
propywast.com(185.133.40.192) - mailcious
api.ipify.org(174.129.214.20)
54.235.182.194
185.133.40.192 - suspicious
|
1
ET POLICY External IP Lookup api.ipify.org
|
|
9.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44918 |
2020-12-01 09:53
|
565923964123873366320050276814... 843a44fc8293f876b0568ac437ebcd8a
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
6.4 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44919 |
2020-12-01 09:50
|
S3w3ZsAA.exe d91271a9f0236cf9391a3f5581dcd3c8
ICMP traffic malicious URLs |
|
2
gmlgml.zz.am(203.245.20.144) - mailcious
203.245.20.144 - suspicious
|
|
|
2.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44920 |
2020-12-01 08:03
|
http://149.3.170.144/gt-hot/we... bf613fe70f790d4b932601daa60a8797
Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed Downloader |
1
http://149.3.170.144/gt-hot/web.exe
|
1
|
7
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44921 |
2020-11-30 18:53
|
r.exe a5b4252c8bac59ad90a543ec1f2e4a7a
VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44922 |
2020-11-30 12:17
|
document.doc 1a37ee9af5af28b2050e16c0eb6e5865
VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader |
|
1
216.170.126.121 - suspicious
|
6
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44923 |
2020-11-30 12:16
|
tlsr.exe d524e4f850643554f0b3308142dba833
VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself malicious URLs ComputerName |
|
|
|
|
4.6 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44924 |
2020-11-30 12:13
|
Wrap.exe 9813598ca60fc1e908f8236d767b14bf
VirusTotal Malware suspicious process malicious URLs WriteConsoleW |
|
|
|
|
2.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44925 |
2020-11-30 12:07
|
Invoice_27.11.2020.doc 75ab2dba33584ea3ea57e73a21bab919
Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed |
4
http://193.57.40.74:8110/ptj
http://193.57.40.74:8110/Kn5n
http://193.57.40.74/rundll.txt
http://bit.ly/3pPvYzY
|
3
bit.ly(67.199.248.11) - mailcious
193.57.40.74 - suspicious
67.199.248.10 - suspicious
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
5.4 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|