| 45946 |
2020-10-22 19:37
|
tl.exe cad70078636cc2bc01019e66c90c8144
VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
3.8 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45947 |
2020-10-22 19:35
|
message.vbs 06466e239d3389ff30cfeddb71624bed
Malware powershell Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut Creates executable files ICMP traffic unpack itself Check virtual network interfaces malicious URLs WriteConsoleW Windows Java ComputerName DNS Cryptographic key DDNS keylogger |
1
http://185.172.110.201/dkhh/hades.jpg - malware
|
5
google.com(172.217.175.78)
jollymorgan.myq-see.com(198.23.192.204)
185.172.110.201 - suspicious
172.217.24.78
198.23.192.204
|
3
ET INFO Observed DNS Query to .myq-see .com DDNS Domain
ET SHELLCODE Possible %41%41%41%41 Heap Spray Attempt
ET WEB_CLIENT Hex Obfuscation of replace Javascript Function % Encoding
|
|
17.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45948 |
2020-10-22 18:13
|
Chrome.exe 74222e2523e271c551f8c0e50af1ae19
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Checks debugger buffers extracted exploit crash unpack itself malicious URLs IP Check Tofsee Ransomware Windows Exploit Browser Tor Email Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt
https://api.ipify.org/
|
4
api.ipify.org(54.225.169.28)
crt.comodoca.com(91.199.212.52)
91.199.212.52
50.17.193.91
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.2 |
M |
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45949 |
2020-10-22 17:50
|
BAL_JHP_100120_OOI_102220.doc fc5c2e307bbfe9488674c0e149d39736
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
3
http://24.178.90.49/h9KbPK1gLEI/XXlZTim7tH/EzXDn/36caQbGNEEY7ZG/ - mailcious
http://eubanks7.com/administrator/ubdDbB/ - malware
http://96.126.101.6:8080/YDl07q2mBXY/901iVTaPm2iAZmfD/ - mailcious
|
4
eubanks7.com(69.65.3.162) - mailcious
24.178.90.49 - suspicious
96.126.101.6 - suspicious
69.65.3.162 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
5.2 |
M |
28 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45950 |
2020-10-22 17:44
|
vbc.exe c996760f664ce16cb93116e4325c8dbe
PDB Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
2.0 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45951 |
2020-10-22 16:36
|
Vli4aVRzVAhOOA2yxZTf.exe 3d62385f90ee174f2861c30b3bffcf87
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://24.178.90.49/EgmK3EDnonZrHy2ck/0vWGlqaP5E/ - mailcious
|
1
24.178.90.49 - suspicious
|
|
|
5.8 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45952 |
2020-10-22 15:14
|
YL8670890922GB.doc 916dde0f7237842169975de9671dd651
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://murari.es/wp-content/h/ - malware
http://24.178.90.49/TpAcThqgw/xrBxqAcY6Ua/ - mailcious
|
3
murari.es(185.179.143.59) - malware
24.178.90.49 - suspicious
185.179.143.59 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
5.2 |
M |
24 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45953 |
2020-10-22 14:32
|
7Y8JPQhD02tGzQA0Yc.exe 4ce948c02be68dacf9038d42f00cd097
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://167.114.153.111:8080/vl126a8N/5wiUuQmGCgMvcUic2H/RDvnC/ - mailcious
|
2
208.180.207.205 - suspicious
167.114.153.111 - suspicious
|
|
|
8.0 |
M |
44 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45954 |
2020-10-22 13:27
|
Electronic form.doc 8715ec33d3b4bbbba583bfd7d7abd26e
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
3
http://adidasyeezy.store/welph/ccrcbr1xFU/ - mailcious
http://www.zunan.com.tw/wp-admin/lQ59Q/ - mailcious
http://vinarorganics.com/css/L0vMERYKQD/ - mailcious
|
13
vstsample.com(103.151.217.206) - malware
tuneclick.co.uk(149.255.58.11) - mailcious
vinarorganics.com(209.99.40.222) - mailcious
atrezzos.beneficiosparaempleados.com(15.236.109.244) - mailcious
adidasyeezy.store(104.27.183.91) - mailcious
library.strophicmusic.com(149.255.58.11) - mailcious
www.zunan.com.tw(198.55.121.47) - mailcious
104.27.182.91
209.99.40.222 - suspicious
103.151.217.206 - suspicious
15.236.109.244 - suspicious
149.255.58.11 - suspicious
198.55.121.47 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
M |
31 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45955 |
2020-10-22 11:19
|
Untitled-20201022-0613.doc 5296108ece7ff94ab27fbc2009fd3f6b
Vulnerability Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Windows DNS |
2
http://www.sangamapparel.com/wp-content_old/whE/ - malware
http://197.245.25.228/QYNzkDxxNR/iFqKm606R5s/TRsowSNRIJ/Bri8I/6Xp3X0FYYVmWzz/ - mailcious
|
3
www.sangamapparel.com(94.130.141.30) - malware
94.130.141.30 - suspicious
197.245.25.228 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
5.2 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45956 |
2020-10-22 11:00
|
2ZOfCYJNElui.exe ccab12e917b8ad8d7a6a3e8287670f72
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://24.178.90.49/SaOpGGPf4clTxKhIjI8/ZjLusWFu9KW3FJ/ - mailcious
http://96.126.101.6:8080/0kIT1GsRZGg/Z219KFj1BzaFjv1gvh/2vzfAUPzqPln/nPIyUyki5/
|
2
24.178.90.49 - suspicious
96.126.101.6
|
|
|
6.2 |
M |
14 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45957 |
2020-10-22 10:02
|
http://manolidis.kaisariani.gr... 9234de38c4c101eace90ade6d72e3d22
Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed |
3
http://murari.es/wp-content/h/
http://manolidis.kaisariani.gr/tmp/5/ - mailcious
http://24.178.90.49/SVmJzAp7HVY8mHNIpMM/bQtMmXnBGHnrrksr9El/
|
6
murari.es(185.179.143.59)
manolidis.kaisariani.gr(185.4.133.222) - mailcious
24.178.90.49
185.4.133.222 - suspicious
185.179.143.59
117.18.232.200 - suspicious
|
4
ET POLICY Terse Named Filename EXE Download - Possibly Hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
8.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45958 |
2020-10-22 09:58
|
wupxarch11.exe 0b422df6c3d71d2147350d11c256724e
VirusTotal Malware malicious URLs WriteConsoleW |
|
|
|
|
3.8 |
M |
54 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45959 |
2020-10-22 09:45
|
winsupdater.msi d30d19062bc6668e856946c63b6e9218
VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName |
2
http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInf1.php?info=Test$TEST22-PC$test22$Windows7ProfessionalN-$-$TEST22-PCtest22 - mailcious
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
2
mia.alkhaleejpk.info(82.221.136.4) - mailcious
82.221.136.4 - suspicious
|
|
|
4.4 |
M |
31 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45960 |
2020-10-22 09:45
|
rt.msi 761570587a2f92eea1512ff159ccef29
VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check ComputerName |
3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInf1.php?info=Test$WIN7-PC$Administrator$Windows7Ultimate-71$-$WIN7-PCAdministrator - mailcious
http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInfF2.php?info=Test$WIN7-PCAdministrator - mailcious
|
2
www.mia.alkhaleejpk.info(82.221.136.4)
82.221.136.4 - suspicious
|
|
|
5.2 |
M |
31 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|