| 46276 |
2020-10-06 14:01
|
FILE-982.doc 967f1d69e065008f106804ee61098f1c
Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself Tofsee Windows DNS |
2
http://movewithketty.com/cgi-bin/LXr/
http://pixnbeats.com/chanakua.org/6/
|
4
185.182.56.215
202.22.141.45
37.187.161.206
67.227.236.51
|
6
ET CNC Feodo Tracker Reported CnC Server group 14
ET CNC Feodo Tracker Reported CnC Server group 17
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
5.8 |
M |
40 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46277 |
2020-10-05 13:25
|
bsID9Df7gaL7m.exe 999155c6a3500884f97b931a6ef7615e
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://216.47.196.104/m1n7jnJ7hmo/FZFbRSye27o5cl9Yx/Xa9fqQ/Ss2z/7FB2qy/3FMWN3X/
|
6
202.22.141.45
202.29.239.162
216.47.196.104
37.187.161.206
80.87.201.221
82.76.111.249
|
|
|
8.2 |
|
39 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46278 |
2020-10-05 12:29
|
www1.jpg.exe 4db4b3223f415040578fd8e778b8dfc3
VirusTotal Malware PDB Check memory Disables Windows Security Check virtual network interfaces malicious URLs sandbox evasion Interception Windows ComputerName DNS |
|
2
118.178.182.118
119.63.197.151
|
|
|
7.8 |
M |
49 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46279 |
2020-10-03 21:57
|
b5XB3jmcJ0mtQbpWj.exe 11757095b5dd044a7a77d63bb793ef50
VirusTotal Malware Report PDB RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
|
6
116.91.240.96
162.144.42.60
167.71.227.113
190.85.46.52
202.166.170.43
95.216.205.155
|
1
ET CNC Feodo Tracker Reported CnC Server group 4
|
|
7.6 |
M |
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46280 |
2020-10-03 21:55
|
invoice_241568.doc 44417608ef46c480abb130decadf70da
LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed |
2
http://remzclot.ga/etc/main/l09/ap0s/home.php
http://remzclot.ga/etc/main/l09/ap0s/home.php
http://coltec.ga/~zadmin/temp/0ap.exe
|
1
|
12
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET INFO HTTP POST Request to Suspicious *.ga Domain
ET INFO DNS Query for Suspicious .ga Domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
|
5.6 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46281 |
2020-10-03 21:54
|
invoice_441261.doc 5dc831eecdd5939d9c6755a2b470e9c8
Malware download Malware buffers extracted exploit crash unpack itself malicious URLs Windows Exploit DNS crashed |
1
http://wsdyscmtonhumanrightjusticeorganizwsgqm.duckdns.org/scmdoc/win32.exe
|
2
103.140.251.213
192.71.172.18
|
6
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
|
|
4.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46282 |
2020-10-03 21:12
|
RROHve.exe 4f58f683df4543cc02524651192e9cba
Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://216.47.196.104/N9MjHLtetvka3E/JmYadeKBwEljta9fy3/jRMBjkKXF/
|
6
202.22.141.45
202.29.239.162
216.47.196.104
37.187.161.206
80.87.201.221
82.76.111.249
|
|
|
7.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46283 |
2020-09-30 20:40
|
lA6MvCickSX5mc9Y.exe 61c456a5b4a77515fefc3af850d71fe3
VirusTotal Malware Malicious Traffic malicious URLs DNS |
1
http://202.22.141.45/ewiis/5nHYMKcH/ljDiQ5F1/5vGf1ZcnxQjj/lKHU/ZQaUCCT/
|
1
|
|
|
3.2 |
|
18 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46284 |
2020-09-30 20:19
|
fintec-reg-v-choosep_ec.doc be1a60e084a3c4b90690525a948465bb
Vulnerability VirusTotal Malware unpack itself malicious URLs |
|
|
|
|
3.2 |
|
11 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46285 |
2020-09-30 20:19
|
yX9a2ECe.exe 2e8d3206e0d22475c9d8fe330fe4ad01
Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key crashed |
1
http://104.193.103.61/Z6afBs/
|
1
|
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46286 |
2020-09-30 19:39
|
svchost.exe 30ca43566091a3eb6a630b29c0e5392b
VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows DNS |
5
http://www.themoddgroup.com/gtb/?FrJX9b9=XqjXUETAMGKfbnsAyBsMYRFns0fLNydGEEL7tGXqLrEefd3e2nC0vuFBmjV96RXhAorc+yBV&Vnt4_=-Z1l70ePPdgPeTa
http://www.graececonsulting.com/gtb/?FrJX9b9=XoVH2d2Y6RH6Ro6HLwKi4FvAmAFxsdwkgEUusXeqbIFKvXyc+McLaZzg696Ft3yQ4tNMvop5&Vnt4_=-Z1l70ePPdgPeTa
http://www.mazasilva.com/gtb/?FrJX9b9=VIfvXW6qTTRAsgzLl5ioIZmWRgGE3uRXS37yG7CINe/Xm4NQYZK7JpLFC0KGePAN4hYbo8kk&Vnt4_=-Z1l70ePPdgPeTa
http://www.7d5d.com/gtb/?FrJX9b9=1G0L2cPZQDC0bOjvtlRaxPfDL2VKkBs36i+3MFfFelky3inoQv+Xlk3osJ7LSYbAt2T0k+TY&Vnt4_=-Z1l70ePPdgPeTa
http://www.jobshustle.com/gtb/?FrJX9b9=wWlT1BRylSJzglLH1tCils+P2OhcKsGzU/MuA7mYILjB69/72YWob4aXpcif1Ovutq6xNgYq&Vnt4_=-Z1l70ePPdgPeTa
|
4
182.50.132.242
195.216.150.16
208.68.39.3
34.102.136.180
|
|
|
7.6 |
|
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46287 |
2020-09-30 19:38
|
ojcano.exe ecc5855fdc2946ff4b5c3146a13b1db5
VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization |
|
|
|
|
2.6 |
M |
32 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46288 |
2020-09-30 19:34
|
rgAWw6Z7PWEks.exe c557f972fcdcb299d79e0ccfc253202a
VirusTotal Malware Malicious Traffic malicious URLs DNS |
1
http://5.196.108.189:8080/iurWllfggMFRe/PRJwn/80p6u/wJlqzlCSpkPNoFyvafW/
|
2
38.18.235.242
5.196.108.189
|
|
|
4.2 |
|
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46289 |
2020-09-30 19:32
|
newfile.exe f97f261075ab2aa2bffa7e55db878dd9
VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
3.8 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46290 |
2020-09-30 19:29
|
avast.exe 0e664edfe79ac513cdd99c467a2e836b
VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName |
|
|
|
|
3.4 |
|
45 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|