46321 |
2020-09-27 09:06
|
dat 1298705.doc a0c26a6c93b6dfdc81e4e4c1d3319c0a Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://192.241.146.84:8080/sQIy/De9s7UKkV2jBHTr/qBPeoguXBRB4x/SexAAX2owd5s/3U3nNP3pnV/ http://ibccglobal.com/thankyou2/ARA/
|
5
12.163.208.58 192.241.146.84 3.13.43.20 45.33.35.74 87.106.253.248
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
7.0 |
M |
35 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46322 |
2020-09-26 09:46
|
z9WLb.exe d8a3360224deb8eadee1f71de8e86f9e VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://87.106.253.248:8080/VMswPt1JWh18qi0y/0vngTFvdfG251/I1oyLMtdUhZoVWGTCL/sDApHgdOuDG7h/GtQpXQ92DShKdDVaj63/
|
3
12.163.208.58 45.33.35.74 87.106.253.248
|
|
|
8.0 |
|
21 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46323 |
2020-09-26 09:46
|
https://www.urban-vpn.network/... 01527bfc480e2a2d52be7fc1f3a792a8 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 192.64.118.23
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46324 |
2020-09-26 09:42
|
ben12.exe af2fa8cb5232e309f32ee5be495948d2 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
8.0 |
M |
21 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46325 |
2020-09-26 09:39
|
vbc.exe 3b99b7ad44158bb1a6a3692c5c7fe141 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software |
1
http://babaseoa.com/cartel/five/fre.php http://babaseoa.com/cartel/five/fre.php
|
1
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response
|
|
13.4 |
M |
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46326 |
2020-09-26 09:39
|
3.exe 6cfd9e4c91e40289c1336092f523fbb9 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
8.6 |
M |
45 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46327 |
2020-09-26 09:39
|
kbsjwHYV.exe 85200f081372c8451249dd6d8792c5f9 Report PDB RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
5
157.245.138.101 162.144.42.60 162.241.41.111 190.85.46.52 49.243.9.118
|
1
ET CNC Feodo Tracker Reported CnC Server group 4
|
|
6.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46328 |
2020-09-26 09:34
|
cjwe.exe 88bb74f36b0640b2c521ce68d0100e14 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization |
|
|
|
|
2.8 |
|
51 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46329 |
2020-09-26 09:31
|
fReqf9Fu8CQ4VUp.exe 2139e1f1f06d263e13ea57637d7ace2a VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process AppData folder malicious URLs WriteConsoleW VMware anti-virtualization Ransomware Windows Tor ComputerName Software crashed keylogger |
|
|
|
|
17.0 |
|
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46330 |
2020-09-26 09:30
|
372813350864526504319.doc 169136d627042f3812e95267eb2f20cb Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://174.106.122.139/OrJwtE/ http://fulfillmententertainment.com/cgi-bin/WrD/
|
2
174.106.122.139 208.91.199.181
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.4 |
M |
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46331 |
2020-09-25 15:09
|
3517 20200924 7939892.doc c6e1a560d13267285359ff54b78cbb7c Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/w1G9/ http://h2a1.com/uf8vu/U/
|
2
12.163.208.58 195.201.163.40
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.4 |
|
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46332 |
2020-09-25 14:54
|
linkercre.exe acc9728c11b4de0ed1bd7c45bafad61f VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization |
|
|
|
|
2.8 |
|
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46333 |
2020-09-25 14:03
|
https://www.sanambakshi.com/wp... 5c50a1af9fe8c9136fc5738a3154b3ec Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 209.205.123.182
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46334 |
2020-09-25 12:21
|
FILE_07306859.doc 169136d627042f3812e95267eb2f20cb Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Windows DNS |
3
http://104.236.246.93:8080/UNpU2BxSYUWkBydQmL/KaGkit0Qm70mKQp7g/6kRZAopn4c84ZcDti5/ http://fulfillmententertainment.com/cgi-bin/WrD/ http://173.249.6.108:443/sPNVpqWEZPSoxOvF/8y8SyFK/tVZRnMloZsPkbS3s/5aPePev1BKswsh2DATe/TegYoC/
|
7
104.236.246.93 137.59.187.107 159.203.116.47 173.249.6.108 174.106.122.139 174.45.13.118 208.91.199.181
|
6
ET CNC Feodo Tracker Reported CnC Server group 3 ET POLICY HTTP traffic on port 443 (POST) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET CNC Feodo Tracker Reported CnC Server group 5
|
|
6.8 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46335 |
2020-09-25 09:36
|
DAT_20200925_866.doc 480d54fb2e42340e62b8f550dcc8e5f9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/VQbLXqp47U5LQA6wwF/B1mlDH/b3a1C9r/aPnQsROWJyUzp3H/eXFn/ http://transfersuvan.com/wp-admin/1J/
|
2
12.163.208.58 186.64.117.145
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.0 |
|
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|