45961 |
2020-10-22 09:43
|
mani.exe 3134f3460dd1aa06785baa64673dfbec VirusTotal Malware suspicious privilege unpack itself |
1
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
|
|
2.8 |
M |
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45962 |
2020-10-22 09:35
|
http://eexcom.tk/21.gif Dridex VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
|
3
eexcom.tk(195.20.40.211) 195.20.40.211 117.18.232.200 - suspicious
|
5
ET DNS Query to a .tk domain - Likely Hostile ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY HTTP Request to a *.tk domain
|
|
4.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45963 |
2020-10-22 09:34
|
21.psd 0843769cf069d19061f26203d7c3a5db VirusTotal Malware unpack itself malicious URLs WriteConsoleW Tor ComputerName DNS |
|
2
92.255.207.89 217.79.179.177
|
2
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 449 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 811
|
|
4.4 |
|
32 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45964 |
2020-10-22 09:34
|
bm2oYR.exe 98dc439a8e2dbfa1d02171d9c3dcd5ed VirusTotal Malware RWX flags setting unpack itself sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://98.103.204.12:443/YRgEh2XeeZ5zN2QzA/7SZFl6VRUbzsMY/ - mailcious http://197.245.25.228/S2IbDcSYrnonhq/ - mailcious
|
2
98.103.204.12 - suspicious 197.245.25.228 - suspicious
|
1
ET POLICY HTTP traffic on port 443 (POST)
|
|
5.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45965 |
2020-10-22 09:31
|
3415201.png.exe 9d740b43f617a21bc695fcac2c9a2f92 unpack itself malicious URLs WriteConsoleW ComputerName |
|
|
|
|
2.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45966 |
2020-10-22 09:19
|
sserv.jpg.exe 644a0fa49064b97023ac6564c1770083 Troldesh VirusTotal Malware AutoRuns Check memory buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces malicious URLs sandbox evasion installed browsers check Ransomware Windows Browser Tor ComputerName DNS |
|
9
145.239.7.168 193.23.244.244 - suspicious 128.31.0.39 - suspicious 194.109.206.212 - suspicious 86.59.21.38 - suspicious 208.83.223.34 - suspicious 217.79.179.177 92.255.207.89 171.25.193.9 - suspicious
|
8
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 773 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 449 ET JA3 Hash - [Abuse.ch] Possible Troldesh Ransomware SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Ransomware.Troldesh) ET POLICY TLS possible TOR SSL traffic ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 811 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 220 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 359
|
|
10.8 |
M |
63 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45967 |
2020-10-22 09:02
|
069878.doc 8715ec33d3b4bbbba583bfd7d7abd26e Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
3
http://adidasyeezy.store/welph/ccrcbr1xFU/ http://www.zunan.com.tw/wp-admin/lQ59Q/ http://vinarorganics.com/css/L0vMERYKQD/
|
13
vstsample.com(103.151.217.206) tuneclick.co.uk(149.255.58.11) vinarorganics.com(209.99.40.222) atrezzos.beneficiosparaempleados.com(15.236.109.244) - mailcious adidasyeezy.store(172.67.203.5) library.strophicmusic.com(149.255.58.11) www.zunan.com.tw(198.55.121.47) 104.27.182.91 209.99.40.222 - suspicious 103.151.217.206 - suspicious 15.236.109.244 - suspicious 149.255.58.11 - suspicious 198.55.121.47
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
28 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45968 |
2020-10-22 07:43
|
http://www.sangamapparel.com/w... 99c68e287bacf0cb33d28bf2a98830f1 VirusTotal Malware AutoRuns Code Injection Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
2
http://www.sangamapparel.com/wp-content_old/whE/ http://98.103.204.12:443/Kbp8BKgS/ - mailcious
|
5
www.sangamapparel.com(94.130.141.30) 197.245.25.228 94.130.141.30 98.103.204.12 - suspicious 117.18.232.200 - suspicious
|
3
ET POLICY HTTP traffic on port 443 (POST) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
13.6 |
M |
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45969 |
2020-10-21 18:26
|
tl.exe 0ca40808fdaccc210951a3c46bd79415 VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
3.8 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45970 |
2020-10-21 18:25
|
Payment status2.doc 4dd2ee913c78cc48fc3e728bdc06f5ac Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
2
http://5.2.246.108/bmKEactzCEk/i1sG1/oW5mlF9OX9WXqQww/ulgPKIcKj/ - mailcious https://atrezzos.beneficiosparaempleados.com/wp-admin/kzqh1zM/
|
3
atrezzos.beneficiosparaempleados.com(15.236.109.244) - mailcious 15.236.109.244 - suspicious 5.2.246.108 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
15 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45971 |
2020-10-21 16:27
|
h3OwzPRI6vEG1KuC3.exe b45533152cb79846a4a35300941be962 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/KQWmuVF3I/tpg1URM1Eblw/KVkMrQ3WKUG/0UROPU/MWWN4mDtdtlVy53/xp5RLEJ/ - mailcious
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.8 |
M |
16 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45972 |
2020-10-21 16:26
|
Scan_00003984849905654356.exe 29eaa8092a2847b8b13922f9e97441a0 VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
3.2 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45973 |
2020-10-21 16:22
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/udYOLLZlvuP7XP7h21d/rt5TRiX9LJr/ - mailcious
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45974 |
2020-10-21 16:18
|
W4O1NAY.exe 1fbffee16a716bc28add2eb40a33c6e0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/ZrZr/MEXXrQwKBmUsOrtUf/QL8e8FFbhmcv/mNRaX/II3U3s/ - mailcious
|
2
59.148.253.194 - suspicious 173.68.199.157 - suspicious
|
|
|
7.2 |
M |
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45975 |
2020-10-21 16:18
|
Scan_00003984849905654356.exe 29eaa8092a2847b8b13922f9e97441a0 VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
3.2 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|