44911 |
2020-12-01 10:35
|
Calculation-1535239351-1120202... 56332adb895de05d9378d8de27c2d1ac VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName |
|
2
angeshemaria.com(162.241.169.31) - malware 162.241.169.31 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET INFO EXE - Served Attached HTTP
|
|
7.2 |
M |
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44912 |
2020-12-01 10:30
|
buildie.exe cef7c81e2921b6a1072428cefeb443b2 VirusTotal Malware PDB unpack itself DNS |
|
|
|
|
2.8 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44913 |
2020-12-01 10:29
|
AsyncClient.exe b2982f3357eca7309cdde6c7720bbc7e VirusTotal Malware AutoRuns Code Injection Malicious Traffic Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS |
1
https://pastebin.com/raw/hbwHfEg3
|
3
pastebin.com(104.23.99.190) - mailcious 45.84.1.78 104.23.98.190 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44914 |
2020-12-01 10:21
|
565923964123873366320050276814... 843a44fc8293f876b0568ac437ebcd8a VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Windows DNS Cryptographic key |
|
2
wssicake.xyz(213.183.51.6) 213.183.51.6
|
|
|
10.2 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44915 |
2020-12-01 10:20
|
a.exe 7947c5b373eaceb9ad9797824eb5d918 VirusTotal Malware unpack itself |
|
|
|
|
2.4 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44916 |
2020-12-01 10:20
|
urevinisaj.exe ccb76815c9e96925342582ec52a93d36 VirusTotal Malware ICMP traffic malicious URLs |
|
2
gmlgml.zz.am(203.245.20.144) - mailcious 203.245.20.144 - suspicious
|
|
|
3.8 |
|
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44917 |
2020-12-01 09:55
|
1130_206410993.doc 28ab184b90b90e55e154e718eaf4cc1f Vulnerability VirusTotal Malware Code Injection Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check ComputerName |
1
|
4
propywast.com(185.133.40.192) - mailcious api.ipify.org(174.129.214.20) 54.235.182.194 185.133.40.192 - suspicious
|
1
ET POLICY External IP Lookup api.ipify.org
|
|
9.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44918 |
2020-12-01 09:53
|
565923964123873366320050276814... 843a44fc8293f876b0568ac437ebcd8a VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
6.4 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44919 |
2020-12-01 09:50
|
S3w3ZsAA.exe d91271a9f0236cf9391a3f5581dcd3c8 ICMP traffic malicious URLs |
|
2
gmlgml.zz.am(203.245.20.144) - mailcious 203.245.20.144 - suspicious
|
|
|
2.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44920 |
2020-12-01 08:03
|
http://149.3.170.144/gt-hot/we... bf613fe70f790d4b932601daa60a8797 Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed Downloader |
1
http://149.3.170.144/gt-hot/web.exe
|
1
|
7
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44921 |
2020-11-30 18:53
|
r.exe a5b4252c8bac59ad90a543ec1f2e4a7a VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44922 |
2020-11-30 12:17
|
document.doc 1a37ee9af5af28b2050e16c0eb6e5865 VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader |
|
1
216.170.126.121 - suspicious
|
6
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44923 |
2020-11-30 12:16
|
tlsr.exe d524e4f850643554f0b3308142dba833 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself malicious URLs ComputerName |
|
|
|
|
4.6 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44924 |
2020-11-30 12:13
|
Wrap.exe 9813598ca60fc1e908f8236d767b14bf VirusTotal Malware suspicious process malicious URLs WriteConsoleW |
|
|
|
|
2.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44925 |
2020-11-30 12:07
|
Invoice_27.11.2020.doc 75ab2dba33584ea3ea57e73a21bab919 Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed |
4
http://193.57.40.74:8110/ptj http://193.57.40.74:8110/Kn5n http://193.57.40.74/rundll.txt http://bit.ly/3pPvYzY
|
3
bit.ly(67.199.248.11) - mailcious 193.57.40.74 - suspicious 67.199.248.10 - suspicious
|
6
ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server) ET MALWARE Possible Windows executable sent when remote host claims to send a Text File ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
5.4 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|