46276 |
2020-10-06 14:01
|
FILE-982.doc 967f1d69e065008f106804ee61098f1c Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself Tofsee Windows DNS |
2
http://movewithketty.com/cgi-bin/LXr/ http://pixnbeats.com/chanakua.org/6/
|
4
185.182.56.215 202.22.141.45 37.187.161.206 67.227.236.51
|
6
ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 17 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.8 |
M |
40 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46277 |
2020-10-05 13:25
|
bsID9Df7gaL7m.exe 999155c6a3500884f97b931a6ef7615e VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://216.47.196.104/m1n7jnJ7hmo/FZFbRSye27o5cl9Yx/Xa9fqQ/Ss2z/7FB2qy/3FMWN3X/
|
6
202.22.141.45 202.29.239.162 216.47.196.104 37.187.161.206 80.87.201.221 82.76.111.249
|
|
|
8.2 |
|
39 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46278 |
2020-10-05 12:29
|
www1.jpg.exe 4db4b3223f415040578fd8e778b8dfc3 VirusTotal Malware PDB Check memory Disables Windows Security Check virtual network interfaces malicious URLs sandbox evasion Interception Windows ComputerName DNS |
|
2
118.178.182.118 119.63.197.151
|
|
|
7.8 |
M |
49 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46279 |
2020-10-03 21:57
|
b5XB3jmcJ0mtQbpWj.exe 11757095b5dd044a7a77d63bb793ef50 VirusTotal Malware Report PDB RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
|
6
116.91.240.96 162.144.42.60 167.71.227.113 190.85.46.52 202.166.170.43 95.216.205.155
|
1
ET CNC Feodo Tracker Reported CnC Server group 4
|
|
7.6 |
M |
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46280 |
2020-10-03 21:55
|
invoice_241568.doc 44417608ef46c480abb130decadf70da LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed |
2
http://remzclot.ga/etc/main/l09/ap0s/home.php http://remzclot.ga/etc/main/l09/ap0s/home.php http://coltec.ga/~zadmin/temp/0ap.exe
|
1
|
12
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO HTTP POST Request to Suspicious *.ga Domain ET INFO DNS Query for Suspicious .ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
|
5.6 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46281 |
2020-10-03 21:54
|
invoice_441261.doc 5dc831eecdd5939d9c6755a2b470e9c8 Malware download Malware buffers extracted exploit crash unpack itself malicious URLs Windows Exploit DNS crashed |
1
http://wsdyscmtonhumanrightjusticeorganizwsgqm.duckdns.org/scmdoc/win32.exe
|
2
103.140.251.213 192.71.172.18
|
6
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
|
|
4.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46282 |
2020-10-03 21:12
|
RROHve.exe 4f58f683df4543cc02524651192e9cba Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://216.47.196.104/N9MjHLtetvka3E/JmYadeKBwEljta9fy3/jRMBjkKXF/
|
6
202.22.141.45 202.29.239.162 216.47.196.104 37.187.161.206 80.87.201.221 82.76.111.249
|
|
|
7.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46283 |
2020-09-30 20:40
|
lA6MvCickSX5mc9Y.exe 61c456a5b4a77515fefc3af850d71fe3 VirusTotal Malware Malicious Traffic malicious URLs DNS |
1
http://202.22.141.45/ewiis/5nHYMKcH/ljDiQ5F1/5vGf1ZcnxQjj/lKHU/ZQaUCCT/
|
1
|
|
|
3.2 |
|
18 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46284 |
2020-09-30 20:19
|
fintec-reg-v-choosep_ec.doc be1a60e084a3c4b90690525a948465bb Vulnerability VirusTotal Malware unpack itself malicious URLs |
|
|
|
|
3.2 |
|
11 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46285 |
2020-09-30 20:19
|
yX9a2ECe.exe 2e8d3206e0d22475c9d8fe330fe4ad01 Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key crashed |
1
http://104.193.103.61/Z6afBs/
|
1
|
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46286 |
2020-09-30 19:39
|
svchost.exe 30ca43566091a3eb6a630b29c0e5392b VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows DNS |
5
http://www.themoddgroup.com/gtb/?FrJX9b9=XqjXUETAMGKfbnsAyBsMYRFns0fLNydGEEL7tGXqLrEefd3e2nC0vuFBmjV96RXhAorc+yBV&Vnt4_=-Z1l70ePPdgPeTa http://www.graececonsulting.com/gtb/?FrJX9b9=XoVH2d2Y6RH6Ro6HLwKi4FvAmAFxsdwkgEUusXeqbIFKvXyc+McLaZzg696Ft3yQ4tNMvop5&Vnt4_=-Z1l70ePPdgPeTa http://www.mazasilva.com/gtb/?FrJX9b9=VIfvXW6qTTRAsgzLl5ioIZmWRgGE3uRXS37yG7CINe/Xm4NQYZK7JpLFC0KGePAN4hYbo8kk&Vnt4_=-Z1l70ePPdgPeTa http://www.7d5d.com/gtb/?FrJX9b9=1G0L2cPZQDC0bOjvtlRaxPfDL2VKkBs36i+3MFfFelky3inoQv+Xlk3osJ7LSYbAt2T0k+TY&Vnt4_=-Z1l70ePPdgPeTa http://www.jobshustle.com/gtb/?FrJX9b9=wWlT1BRylSJzglLH1tCils+P2OhcKsGzU/MuA7mYILjB69/72YWob4aXpcif1Ovutq6xNgYq&Vnt4_=-Z1l70ePPdgPeTa
|
4
182.50.132.242 195.216.150.16 208.68.39.3 34.102.136.180
|
|
|
7.6 |
|
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46287 |
2020-09-30 19:38
|
ojcano.exe ecc5855fdc2946ff4b5c3146a13b1db5 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization |
|
|
|
|
2.6 |
M |
32 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46288 |
2020-09-30 19:34
|
rgAWw6Z7PWEks.exe c557f972fcdcb299d79e0ccfc253202a VirusTotal Malware Malicious Traffic malicious URLs DNS |
1
http://5.196.108.189:8080/iurWllfggMFRe/PRJwn/80p6u/wJlqzlCSpkPNoFyvafW/
|
2
38.18.235.242 5.196.108.189
|
|
|
4.2 |
|
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46289 |
2020-09-30 19:32
|
newfile.exe f97f261075ab2aa2bffa7e55db878dd9 VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
3.8 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46290 |
2020-09-30 19:29
|
avast.exe 0e664edfe79ac513cdd99c467a2e836b VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName |
|
|
|
|
3.4 |
|
45 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|