46336 |
2020-09-25 09:33
|
rockdo.exe 8a15c8a728a55af5c246c7bea63b643f VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization |
|
|
|
|
2.2 |
|
16 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46337 |
2020-09-25 09:29
|
3196288-2020_09_24-7609.doc bb2741248b19b165380971e05fa62d6c Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/xkMtaIHR68S/NHiDIlU1qpWXZh0JxtX/wyeFPXCodIGsN/bKsPJtf/VtR1Z6YQItOxM2kkQ/yKMsptr0Lia/ http://pagearrow.com/wordpress/xF/
|
2
12.163.208.58 23.225.152.164
|
4
ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
|
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46338 |
2020-09-25 09:29
|
Wa3j.exe 613a7e20b550f35969a79250c5cc0868 Report RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
5
157.245.138.101 162.144.42.60 162.241.41.111 190.85.46.52 49.243.9.118
|
1
ET CNC Feodo Tracker Reported CnC Server group 4
|
|
6.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46339 |
2020-09-25 09:15
|
OA.exe 29b5cc17485d16ea6f070ceea579e1e0 VirusTotal Malware Report Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://104.236.246.93:8080/qRBg/ http://173.249.6.108:443/EYlWUhAj/
|
6
104.236.246.93 137.59.187.107 159.203.116.47 173.249.6.108 174.106.122.139 174.45.13.118
|
3
ET POLICY HTTP traffic on port 443 (POST) ET CNC Feodo Tracker Reported CnC Server group 3 ET CNC Feodo Tracker Reported CnC Server group 5
|
|
8.4 |
|
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46340 |
2020-09-25 09:12
|
REP 2020_09_25 3194.doc 3a49fcefd6c99f69b2155be8b3c3c7a9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/NtyAfs/ http://transfersuvan.com/wp-admin/1J/
|
2
12.163.208.58 186.64.117.145
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46341 |
2020-09-25 08:06
|
http://mianusman.com/cgi-bin/F... eb0ab656dfecbaa3d4e5223fdc821b05 VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://mianusman.com/cgi-bin/Fo/ http://12.163.208.58/FwDMqn8LQgIIyk/
|
3
117.18.232.200 12.163.208.58 162.144.180.15
|
2
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
11.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46342 |
2020-09-25 07:46
|
http://198.12.66.108/jojo.exe ad6564701054b692bcf47b5feb6324a2 Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities Check virtual network interfaces malicious URLs WriteConsoleW Tofsee Windows Exploit Browser Email ComputerName DNS Cryptographic key crashed keylogger |
7
http://198.12.66.108/jojo.exe http://crt.comodoca.com/COMODORSAAddTrustCA.crt http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://paste.nrecom.net/view/raw/19b8a0c3 https://paste.nrecom.net/view/raw/f4b7e260 https://paste.nrecom.net/view/raw/c8cdc044 https://api.ipify.org/
|
5
117.18.232.200 198.12.66.108 37.120.174.218 54.204.14.42 91.199.212.52
|
4
ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
16.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46343 |
2020-09-24 22:31
|
TfQ.exe ac1dc7138e5ad5eb7eec5e0dd55b0a81 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://12.163.208.58/XCgLQdw4nsT0R/qsVZHuSNKY0/
|
2
12.163.208.58 54.235.83.248
|
|
|
6.4 |
|
14 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46344 |
2020-09-24 22:29
|
jojo.exe ad6564701054b692bcf47b5feb6324a2 Browser Info Stealer Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs WriteConsoleW Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key crashed keylogger |
5
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://paste.nrecom.net/view/raw/19b8a0c3 https://paste.nrecom.net/view/raw/f4b7e260 https://paste.nrecom.net/view/raw/c8cdc044 https://api.ipify.org/
|
3
37.120.174.218 54.235.83.248 91.199.212.52
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.0 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46345 |
2020-09-24 22:23
|
PayPal_Desktop.exe 5bac35338745a985faeff08097e0b865 VirusTotal Malware |
|
|
|
|
1.2 |
|
21 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46346 |
2020-09-24 21:46
|
wupxarch.exe bd4b03e6127a34ecab890f6eb1546634 VirusTotal Malware malicious URLs WriteConsoleW |
|
|
|
|
3.8 |
|
51 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46347 |
2020-09-24 21:44
|
BAL_PO_09242020EX.doc de64f4c63e5a2da21e05c18a85a895c0 Vulnerability Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://174.106.122.139/0ii8vxhqROB/lIg2JW11W0dgxvk/ http://www.firhajshoes.com/wp-admin/RgaiT/
|
2
166.62.28.114 174.106.122.139
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
4.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46348 |
2020-09-24 21:43
|
yyxc3c.jpeg.exe 871c3af229204f1b42629653571536df VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
3.0 |
|
24 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46349 |
2020-09-24 21:43
|
ozm5q0dx.gif.exe b944c443789ddd25f9561899a59ea54c VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
3.2 |
|
30 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46350 |
2020-09-24 11:15
|
nnab.exe 4c259a2d95207832b822e99db15d0bdd VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion crashed |
|
|
|
|
6.0 |
M |
47 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|