46126 |
2020-10-16 10:07
|
AKUJJ.exe 30321b84684bca606a94a1fc1a7bceb3 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://103.3.63.137:8080/PT0GUQw2D1Phk5H/HK5MUKii5kccOkED2R/
|
2
103.3.63.137 73.100.19.104
|
|
|
7.2 |
|
5 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46127 |
2020-10-16 10:06
|
bob.exe 3aff71a139f4a5201d81b00a4a1d17c4 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://api.ipify.org/
|
2
184.73.247.141 91.199.212.52
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.6 |
|
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46128 |
2020-10-16 10:04
|
loki.exe 703eb859df4786c7d28b30fc2f3e4880 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed |
1
http://192.210.214.146/webpanel-major/inc/fdf5a7bec7bd14.php http://192.210.214.146/webpanel-major/inc/fdf5a7bec7bd14.php
|
1
|
|
|
10.4 |
|
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46129 |
2020-10-16 10:02
|
aaa.exe 6f076a92c41e53b1dd2be0c3634f6a76 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName crashed |
|
|
|
|
10.8 |
|
41 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46130 |
2020-10-16 07:54
|
http://musc.health/wp-content/... 0b9c2b29a3236158d4f2cc31360d5d6c VirusTotal Malware Report AutoRuns Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://musc.health/wp-content/h/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://192.232.229.54:7080/mBzylAX8bbwyLLU61j/
|
6
107.180.1.11 117.18.232.200 190.96.15.50 192.175.111.214 192.232.229.54 95.85.33.23
|
3
ET CNC Feodo Tracker Reported CnC Server group 12 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
13.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46131 |
2020-10-15 18:40
|
https://poptateseatery.com/pic... 41e710898f863e44ab67eea0aa981289 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 85.187.128.10
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46132 |
2020-10-15 18:34
|
https://marcussoil.com/MdF3y0f... b5daea22056dbf2a79b2249c70c5e441 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 199.188.200.254
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46133 |
2020-10-15 18:29
|
OsM6PTJoLmbhKrY.exe a9c8f8c5b9b996e6591defc49be5a2b0 RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://188.166.220.180:7080/bNjmZqMTtcMn/
|
3
125.200.20.233 188.166.220.180 93.186.197.189
|
|
|
6.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46134 |
2020-10-15 18:29
|
image.png.exe 5da34744ebd9ca37cf26af4cd879dd49 Creates executable files unpack itself malicious URLs |
|
|
|
|
2.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46135 |
2020-10-15 14:45
|
hwid.exe 90f7adfb6c4dcf3b67928bdde6584d83 VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName crashed |
|
|
|
|
3.0 |
M |
33 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46136 |
2020-10-15 14:43
|
Unicorn net.exe 5d0904228cc50d50cb6739a8e9e20e5a VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs ComputerName crashed |
|
|
|
|
4.8 |
M |
40 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46137 |
2020-10-15 14:43
|
INV_66379641.doc 6062a8c1e11a6ff0cfb7e0f28f464231 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://streammusicgroup.com/wp-content/fJiXl/ http://47.36.140.164/lZGlyOPP/TLyqm3j/0uthgm/MLH3ycMy/pUOHCTpYzSQj/
|
2
47.36.140.164 68.66.197.96
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
|
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46138 |
2020-10-15 14:26
|
L_35671667072801532865268.doc c641df2d18593f8b7de8c3c7b7bb49c1 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
4
http://47.36.140.164/QsTkfk3uQJ2FYi65Swc/Is85peWzcav2Xyr/ http://savetheboom.com/admin_access/xht/ https://popcornv.com/wp-includes/KHKX/ https://dusitserve.com/gethits/o3A/
|
5
103.29.215.207 104.18.61.239 119.59.125.211 205.186.175.166 47.36.140.164
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic
|
|
5.2 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46139 |
2020-10-15 10:13
|
wvfx9h82.jpg.exe 464bfa11ccd1c079b00b308dd8423254 VirusTotal Malware unpack itself crashed |
|
|
|
|
2.6 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46140 |
2020-10-15 10:13
|
bag.exe dd5d50506fd70f80667f33296d7f45d4 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger WMI unpack itself Check virtual network interfaces malicious URLs Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
1
http://checkip.dyndns.org/
|
2
131.186.113.70 192.185.100.181
|
5
SURICATA Applayer Detect protocol only one direction ET INFO DYNAMIC_DNS Query to *.dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.8 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|