| 46321 |
2020-09-27 09:06
|
dat 1298705.doc a0c26a6c93b6dfdc81e4e4c1d3319c0a
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://192.241.146.84:8080/sQIy/De9s7UKkV2jBHTr/qBPeoguXBRB4x/SexAAX2owd5s/3U3nNP3pnV/
http://ibccglobal.com/thankyou2/ARA/
|
5
12.163.208.58
192.241.146.84
3.13.43.20
45.33.35.74
87.106.253.248
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
7.0 |
M |
35 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46322 |
2020-09-26 09:46
|
z9WLb.exe d8a3360224deb8eadee1f71de8e86f9e
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://87.106.253.248:8080/VMswPt1JWh18qi0y/0vngTFvdfG251/I1oyLMtdUhZoVWGTCL/sDApHgdOuDG7h/GtQpXQ92DShKdDVaj63/
|
3
12.163.208.58
45.33.35.74
87.106.253.248
|
|
|
8.0 |
|
21 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46323 |
2020-09-26 09:46
|
https://www.urban-vpn.network/... 01527bfc480e2a2d52be7fc1f3a792a8
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200
192.64.118.23
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46324 |
2020-09-26 09:42
|
ben12.exe af2fa8cb5232e309f32ee5be495948d2
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
8.0 |
M |
21 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46325 |
2020-09-26 09:39
|
vbc.exe 3b99b7ad44158bb1a6a3692c5c7fe141
Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software |
1
http://babaseoa.com/cartel/five/fre.php
http://babaseoa.com/cartel/five/fre.php
|
1
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Fake 404 Response
|
|
13.4 |
M |
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46326 |
2020-09-26 09:39
|
3.exe 6cfd9e4c91e40289c1336092f523fbb9
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
8.6 |
M |
45 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46327 |
2020-09-26 09:39
|
kbsjwHYV.exe 85200f081372c8451249dd6d8792c5f9
Report PDB RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
5
157.245.138.101
162.144.42.60
162.241.41.111
190.85.46.52
49.243.9.118
|
1
ET CNC Feodo Tracker Reported CnC Server group 4
|
|
6.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46328 |
2020-09-26 09:34
|
cjwe.exe 88bb74f36b0640b2c521ce68d0100e14
VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization |
|
|
|
|
2.8 |
|
51 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46329 |
2020-09-26 09:31
|
fReqf9Fu8CQ4VUp.exe 2139e1f1f06d263e13ea57637d7ace2a
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process AppData folder malicious URLs WriteConsoleW VMware anti-virtualization Ransomware Windows Tor ComputerName Software crashed keylogger |
|
|
|
|
17.0 |
|
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46330 |
2020-09-26 09:30
|
372813350864526504319.doc 169136d627042f3812e95267eb2f20cb
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://174.106.122.139/OrJwtE/
http://fulfillmententertainment.com/cgi-bin/WrD/
|
2
174.106.122.139
208.91.199.181
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
5.4 |
M |
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46331 |
2020-09-25 15:09
|
3517 20200924 7939892.doc c6e1a560d13267285359ff54b78cbb7c
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/w1G9/
http://h2a1.com/uf8vu/U/
|
2
12.163.208.58
195.201.163.40
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
5.4 |
|
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46332 |
2020-09-25 14:54
|
linkercre.exe acc9728c11b4de0ed1bd7c45bafad61f
VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization |
|
|
|
|
2.8 |
|
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46333 |
2020-09-25 14:03
|
https://www.sanambakshi.com/wp... 5c50a1af9fe8c9136fc5738a3154b3ec
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200
209.205.123.182
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46334 |
2020-09-25 12:21
|
FILE_07306859.doc 169136d627042f3812e95267eb2f20cb
Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Windows DNS |
3
http://104.236.246.93:8080/UNpU2BxSYUWkBydQmL/KaGkit0Qm70mKQp7g/6kRZAopn4c84ZcDti5/
http://fulfillmententertainment.com/cgi-bin/WrD/
http://173.249.6.108:443/sPNVpqWEZPSoxOvF/8y8SyFK/tVZRnMloZsPkbS3s/5aPePev1BKswsh2DATe/TegYoC/
|
7
104.236.246.93
137.59.187.107
159.203.116.47
173.249.6.108
174.106.122.139
174.45.13.118
208.91.199.181
|
6
ET CNC Feodo Tracker Reported CnC Server group 3
ET POLICY HTTP traffic on port 443 (POST)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
ET CNC Feodo Tracker Reported CnC Server group 5
|
|
6.8 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46335 |
2020-09-25 09:36
|
DAT_20200925_866.doc 480d54fb2e42340e62b8f550dcc8e5f9
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/VQbLXqp47U5LQA6wwF/B1mlDH/b3a1C9r/aPnQsROWJyUzp3H/eXFn/
http://transfersuvan.com/wp-admin/1J/
|
2
12.163.208.58
186.64.117.145
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
|
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|