45946 |
2020-10-22 19:37
|
tl.exe cad70078636cc2bc01019e66c90c8144 VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
3.8 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45947 |
2020-10-22 19:35
|
message.vbs 06466e239d3389ff30cfeddb71624bed Malware powershell Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut Creates executable files ICMP traffic unpack itself Check virtual network interfaces malicious URLs WriteConsoleW Windows Java ComputerName DNS Cryptographic key DDNS keylogger |
1
http://185.172.110.201/dkhh/hades.jpg - malware
|
5
google.com(172.217.175.78) jollymorgan.myq-see.com(198.23.192.204) 185.172.110.201 - suspicious 172.217.24.78 198.23.192.204
|
3
ET INFO Observed DNS Query to .myq-see .com DDNS Domain ET SHELLCODE Possible %41%41%41%41 Heap Spray Attempt ET WEB_CLIENT Hex Obfuscation of replace Javascript Function % Encoding
|
|
17.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45948 |
2020-10-22 18:13
|
Chrome.exe 74222e2523e271c551f8c0e50af1ae19 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Checks debugger buffers extracted exploit crash unpack itself malicious URLs IP Check Tofsee Ransomware Windows Exploit Browser Tor Email Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://api.ipify.org/
|
4
api.ipify.org(54.225.169.28) crt.comodoca.com(91.199.212.52) 91.199.212.52 50.17.193.91
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.2 |
M |
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45949 |
2020-10-22 17:50
|
BAL_JHP_100120_OOI_102220.doc fc5c2e307bbfe9488674c0e149d39736 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
3
http://24.178.90.49/h9KbPK1gLEI/XXlZTim7tH/EzXDn/36caQbGNEEY7ZG/ - mailcious http://eubanks7.com/administrator/ubdDbB/ - malware http://96.126.101.6:8080/YDl07q2mBXY/901iVTaPm2iAZmfD/ - mailcious
|
4
eubanks7.com(69.65.3.162) - mailcious 24.178.90.49 - suspicious 96.126.101.6 - suspicious 69.65.3.162 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
M |
28 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45950 |
2020-10-22 17:44
|
vbc.exe c996760f664ce16cb93116e4325c8dbe PDB Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
2.0 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45951 |
2020-10-22 16:36
|
Vli4aVRzVAhOOA2yxZTf.exe 3d62385f90ee174f2861c30b3bffcf87 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://24.178.90.49/EgmK3EDnonZrHy2ck/0vWGlqaP5E/ - mailcious
|
1
24.178.90.49 - suspicious
|
|
|
5.8 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45952 |
2020-10-22 15:14
|
YL8670890922GB.doc 916dde0f7237842169975de9671dd651 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://murari.es/wp-content/h/ - malware http://24.178.90.49/TpAcThqgw/xrBxqAcY6Ua/ - mailcious
|
3
murari.es(185.179.143.59) - malware 24.178.90.49 - suspicious 185.179.143.59 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
M |
24 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45953 |
2020-10-22 14:32
|
7Y8JPQhD02tGzQA0Yc.exe 4ce948c02be68dacf9038d42f00cd097 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://167.114.153.111:8080/vl126a8N/5wiUuQmGCgMvcUic2H/RDvnC/ - mailcious
|
2
208.180.207.205 - suspicious 167.114.153.111 - suspicious
|
|
|
8.0 |
M |
44 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45954 |
2020-10-22 13:27
|
Electronic form.doc 8715ec33d3b4bbbba583bfd7d7abd26e Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
3
http://adidasyeezy.store/welph/ccrcbr1xFU/ - mailcious http://www.zunan.com.tw/wp-admin/lQ59Q/ - mailcious http://vinarorganics.com/css/L0vMERYKQD/ - mailcious
|
13
vstsample.com(103.151.217.206) - malware tuneclick.co.uk(149.255.58.11) - mailcious vinarorganics.com(209.99.40.222) - mailcious atrezzos.beneficiosparaempleados.com(15.236.109.244) - mailcious adidasyeezy.store(104.27.183.91) - mailcious library.strophicmusic.com(149.255.58.11) - mailcious www.zunan.com.tw(198.55.121.47) - mailcious 104.27.182.91 209.99.40.222 - suspicious 103.151.217.206 - suspicious 15.236.109.244 - suspicious 149.255.58.11 - suspicious 198.55.121.47 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
M |
31 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45955 |
2020-10-22 11:19
|
Untitled-20201022-0613.doc 5296108ece7ff94ab27fbc2009fd3f6b Vulnerability Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Windows DNS |
2
http://www.sangamapparel.com/wp-content_old/whE/ - malware http://197.245.25.228/QYNzkDxxNR/iFqKm606R5s/TRsowSNRIJ/Bri8I/6Xp3X0FYYVmWzz/ - mailcious
|
3
www.sangamapparel.com(94.130.141.30) - malware 94.130.141.30 - suspicious 197.245.25.228 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45956 |
2020-10-22 11:00
|
2ZOfCYJNElui.exe ccab12e917b8ad8d7a6a3e8287670f72 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://24.178.90.49/SaOpGGPf4clTxKhIjI8/ZjLusWFu9KW3FJ/ - mailcious http://96.126.101.6:8080/0kIT1GsRZGg/Z219KFj1BzaFjv1gvh/2vzfAUPzqPln/nPIyUyki5/
|
2
24.178.90.49 - suspicious 96.126.101.6
|
|
|
6.2 |
M |
14 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45957 |
2020-10-22 10:02
|
http://manolidis.kaisariani.gr... 9234de38c4c101eace90ade6d72e3d22 Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed |
3
http://murari.es/wp-content/h/ http://manolidis.kaisariani.gr/tmp/5/ - mailcious http://24.178.90.49/SVmJzAp7HVY8mHNIpMM/bQtMmXnBGHnrrksr9El/
|
6
murari.es(185.179.143.59) manolidis.kaisariani.gr(185.4.133.222) - mailcious 24.178.90.49 185.4.133.222 - suspicious 185.179.143.59 117.18.232.200 - suspicious
|
4
ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
8.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45958 |
2020-10-22 09:58
|
wupxarch11.exe 0b422df6c3d71d2147350d11c256724e VirusTotal Malware malicious URLs WriteConsoleW |
|
|
|
|
3.8 |
M |
54 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45959 |
2020-10-22 09:45
|
winsupdater.msi d30d19062bc6668e856946c63b6e9218 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName |
2
http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInf1.php?info=Test$TEST22-PC$test22$Windows7ProfessionalN-$-$TEST22-PCtest22 - mailcious http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
2
mia.alkhaleejpk.info(82.221.136.4) - mailcious 82.221.136.4 - suspicious
|
|
|
4.4 |
M |
31 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45960 |
2020-10-22 09:45
|
rt.msi 761570587a2f92eea1512ff159ccef29 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check ComputerName |
3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInf1.php?info=Test$WIN7-PC$Administrator$Windows7Ultimate-71$-$WIN7-PCAdministrator - mailcious http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInfF2.php?info=Test$WIN7-PCAdministrator - mailcious
|
2
www.mia.alkhaleejpk.info(82.221.136.4) 82.221.136.4 - suspicious
|
|
|
5.2 |
M |
31 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|