46186 |
2020-10-13 13:42
|
8708.xlsb a40b8cf49de71d2997b86d59db29abd6 Malware download Malware Creates executable files unpack itself malicious URLs Windows DNS Downloader |
1
http://www.advisertours.com/0810.gif
|
1
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4
|
|
5.2 |
|
24 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46187 |
2020-10-13 13:41
|
8814.xlsb 627b15200d7251c17a48fe0c17194350 Creates executable files unpack itself malicious URLs |
|
|
|
|
3.6 |
|
17 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46188 |
2020-10-13 13:41
|
11526.xlsb ac311971c1930486304a5fddaaccdbd3 Creates executable files unpack itself malicious URLs |
|
|
|
|
3.6 |
|
16 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46189 |
2020-10-13 13:36
|
7626.xlsb 37170f53ffb4f46ea99df3696e7ddbd9 Creates executable files unpack itself malicious URLs |
|
|
|
|
3.6 |
|
14 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46190 |
2020-10-13 11:23
|
13319.xlsb c4cf9fdd2a0887452a4e06fa9394bd80 VirusTotal Malware Creates executable files unpack itself malicious URLs |
|
|
|
|
4.2 |
|
16 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46191 |
2020-10-13 11:22
|
http://www.advisertours.com/08... ca26ad3cfd67703c3e7a4855407725b5 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://www.advisertours.com/0810.gif http://www.advisertours.com/favicon.ico http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 192.185.76.253
|
4
ET POLICY PE EXE or DLL Windows file download HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
5.0 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46192 |
2020-10-13 11:21
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5 VirusTotal Malware unpack itself WriteConsoleW ComputerName |
|
|
|
|
2.2 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46193 |
2020-10-13 11:18
|
31811.xlsb 77227bdd7ca19a8d74919d8668447a02 Malware download VirusTotal Malware Creates executable files unpack itself malicious URLs Windows DNS Downloader |
1
http://www.advisertours.com/0810.gif
|
1
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4
|
|
5.8 |
|
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46194 |
2020-10-13 11:17
|
27603.xlsb 411c832c81fcff7f4de125a18d59c7f2 Malware download VirusTotal Malware Creates executable files unpack itself malicious URLs Windows DNS Downloader |
1
http://www.advisertours.com/0810.gif
|
1
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4
|
|
5.8 |
|
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46195 |
2020-10-13 11:17
|
11411.xlsb 82d081156241d64397f065631a75ae80 Malware download VirusTotal Malware Creates executable files unpack itself malicious URLs Windows DNS Downloader |
1
http://www.advisertours.com/0810.gif
|
1
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4
|
|
6.0 |
|
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46196 |
2020-10-13 11:16
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5 VirusTotal Malware unpack itself malicious URLs WriteConsoleW ComputerName |
|
|
|
|
3.0 |
|
46 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46197 |
2020-10-13 10:23
|
47694201-20200919-YB449177.doc 4c99a6917c48b0dc5f30045683c43840 ENERGETIC BEAR Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
1
http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/
|
8
103.151.217.206 148.66.138.103 181.30.61.163 189.2.177.210 38.88.126.202 51.38.124.206 54.37.42.48 91.105.94.200
|
8
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 24 ET CNC Feodo Tracker Reported CnC Server group 11 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET CNC Feodo Tracker Reported CnC Server group 17
|
|
6.8 |
|
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46198 |
2020-10-13 10:11
|
de.exe 1bdf4969e039dce5e33bc0322e5cea21 VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
4.4 |
M |
50 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46199 |
2020-10-13 09:50
|
cr.exe d39be521d865df3ab5f3142e22427167 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://api.ipify.org/
|
2
54.225.195.221 91.199.212.52
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.2 |
|
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46200 |
2020-10-13 09:50
|
Xehmigm.exe 9f1f5ecb148e6e648a6a2466b29f7f2d Browser Info Stealer LokiBot Emotet Malware download FTP Client Info Stealer VirusTotal Malware c&c Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted RWX flags setting unpack itself malicious URLs installed browsers check Interception Browser ComputerName DNS Software |
2
http://millsmiltinon.com/wuendkfptojHYhkfkmuofktnbujgmfkgtdeitobregvdgetyhsk/Xehmuth http://104.223.143.132/ecflix/Panel/five/fre.php http://104.223.143.132/ecflix/Panel/five/fre.php
|
3
104.223.143.132 162.159.136.232 45.14.112.133
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
|
16.0 |
M |
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|