46006 |
2020-10-21 09:32
|
CY5nqSSJtbnOQgY2.exe 6b02115591d461da500c43c531ef061e VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://59.148.253.194:8080/fgXUwXU/0Aq2zlnP4OTuAdND/ - mailcious
|
3
164.124.101.2 173.68.199.157 59.148.253.194 - suspicious
|
|
|
7.0 |
M |
8 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46007 |
2020-10-21 09:31
|
3415201.png.exe 07d5fa7649869e710ef336500cd6474a unpack itself malicious URLs WriteConsoleW ComputerName |
|
1
|
|
|
2.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46008 |
2020-10-21 09:28
|
https://globaltechealthy.com/x... 230c5d72b8bfd4d14b4f9e55d2633345 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) - malware 117.18.232.200 - suspicious 164.124.101.2 198.54.126.81 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46009 |
2020-10-21 09:24
|
crun20.gif.exe 920851e8341b9c59d75fe0efd2c06e82 VirusTotal Malware unpack itself malicious URLs WriteConsoleW ComputerName |
|
1
|
|
|
3.6 |
M |
33 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46010 |
2020-10-21 09:24
|
ref.exe b4752ea9a091f525e65c620e11a21e91 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed |
|
1
|
|
|
11.0 |
M |
26 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46011 |
2020-10-21 09:19
|
Copy invoice #1252.doc 3210c2965e9284197cb5618b2492ae1c Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
1
http://188.226.165.170:8080/OCuKMuQWW/GfkvVful050/KKbOKeF/wLHRvJQjkFppvzHCC/X9XNNYF0ISWHQKLqf/EjggGXx/ - mailcious
|
7
luofox.com(106.54.225.198) 104.131.144.215 - suspicious 106.54.225.198 164.124.101.2 188.226.165.170 - suspicious 5.2.246.108 91.121.87.90 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.8 |
M |
25 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46012 |
2020-10-21 08:11
|
http://wearenursesvip.com/wp-i... a097f280746cd6ddaa694b849007e87f VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed keylogger |
3
http://75.188.96.231/vFwkaiFNWobTM7/ http://wearenursesvip.com/wp-includes/ZbcC/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
5
wearenursesvip.com(148.72.3.169) 117.18.232.200 - suspicious 148.72.3.169 164.124.101.2 75.188.96.231
|
2
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
12.6 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46013 |
2020-10-21 07:55
|
http://kyleesbirthdaybash.com/... 1ac2d51d0c9f165943065eab1ace3f67 VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://59.148.253.194:8080/ILcOXckigoY/HMRI8PC1Q6/VTaCG3Zu8HfwyU/VM4UltpElsAzUMzkD/3LBuQBzN6bwROG/4UceHa1lWVbY6fi/ - mailcious http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://kyleesbirthdaybash.com/wp-includes/Sco/
|
6
kyleesbirthdaybash.com(148.72.3.169) 117.18.232.200 - suspicious 148.72.3.169 164.124.101.2 173.68.199.157 59.148.253.194 - suspicious
|
2
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
13.6 |
M |
9 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46014 |
2020-10-21 07:53
|
https://globaltechealthy.com/x... b42bdc5e32b4c255ddcaf88eb84487ab Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) - malware 117.18.232.200 - suspicious 164.124.101.2 198.54.126.81 - suspicious
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46015 |
2020-10-21 07:46
|
https://globaltechealthy.com/x... b42bdc5e32b4c255ddcaf88eb84487ab Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) 117.18.232.200 - suspicious 164.124.101.2 198.54.126.81
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46016 |
2020-10-20 18:20
|
CFcnwUfBBk3KTkEW.exe 851aca30c0e2ad6b6158ca755fb74688 VirusTotal Malware Check memory RWX flags setting unpack itself |
|
1
|
|
|
1.8 |
|
8 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46017 |
2020-10-20 18:20
|
KX6b46h61WpcxYvibEeK.exe 9c18bf05c04cb7c5a423a4e74fb20c16 VirusTotal Malware Check memory RWX flags setting unpack itself |
|
1
|
|
|
1.8 |
M |
8 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46018 |
2020-10-20 17:50
|
WBXwh.exe f340e14bdf91c3f76734b4d10599fc75 VirusTotal Malware Check memory RWX flags setting unpack itself |
|
1
|
|
|
1.8 |
|
8 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46019 |
2020-10-20 17:50
|
fUV0qtOHs8f1V.exe 1899797eec0cff367f4c2b7974dae71d Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://24.230.141.169/ab89dkwa/PPODsD2XAF2u22sH/jjjsvnn8sJbbAE8/ - mailcious
|
2
164.124.101.2 24.230.141.169 - suspicious
|
|
|
5.8 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46020 |
2020-10-20 17:40
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/VX91Fabh/ffz9uON9sxZa0vRKH/0JaFLhCiuOKAmNfyQ/ - mailcious
|
2
164.124.101.2 186.189.249.2 - suspicious
|
|
|
6.2 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|