46411 |
2020-09-22 11:26
|
vbc.exe 4dc66eac38eb30156c164e698b112623 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed |
|
|
|
|
7.8 |
M |
24 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46412 |
2020-09-22 11:25
|
rc.exe a205712a031be2c61db9cd98c1c29a14 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder malicious URLs Tofsee Interception Windows DNS |
1
https://cdn.discordapp.com/attachments/750959070755815488/751062419425460264/Dexj123
|
3
162.159.129.233 194.5.98.95 23.212.13.232
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.0 |
M |
47 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46413 |
2020-09-22 11:21
|
REP_N7PBJ5T.doc 1aa20f02c09fe66562ea0aa4ed35d2bc Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://24.43.32.186/aKaqW9Yh0JepmmyF/KYmRC2YBcSIm/pznYXRqV9FqkO39/ http://fulfillmententertainment.com/cgi-bin/jO/
|
2
208.91.199.181 24.43.32.186
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
|
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46414 |
2020-09-22 10:45
|
document_100201.doc 7acabd714807844ac9d9ecd321cb98b7 Malware download VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader |
1
http://shareallfilesthroughsecureexchangesystem.duckdns.org/doc/vbc.exe
|
1
|
6
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
|
|
4.8 |
|
25 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46415 |
2020-09-22 10:25
|
sxr1XHOvHEap.exe 6e1574b84616c5162bbf120fc3b3b4a0 Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://190.191.171.72/Sw3At1JA63FVs/EV2FfdNWN0ZauDs03/
|
1
|
|
|
5.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46416 |
2020-09-22 10:12
|
p_1701vg9ts1.jpg.exe 264cc8acfd74b2dc61c4601ebed22625 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW DNS |
|
1
|
1
ET POLICY DNS Query to a Reverse Proxy Service Observed
|
|
5.8 |
|
60 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46417 |
2020-09-22 10:10
|
MAIN.exe 7c357e54f775f0042c2d8e36d0c38fa9 Dridex TrickBot VirusTotal Malware PDB Malicious Traffic unpack itself Check virtual network interfaces malicious URLs Tofsee Kovter ComputerName DNS |
3
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt https://172.98.192.214/cSVlo1FeFAInvJDJkZ9P99GLwSTqIGUF https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
|
3
172.98.192.214 23.228.232.82 91.199.212.52
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
|
|
5.8 |
M |
48 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46418 |
2020-09-22 10:08
|
Untitled-20200922-ET732.doc 7ce8d9626a27fb9e48df5ed6aa330727 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://amvp-py.com/amvp/r/ http://76.168.54.203/5xkks59cKhCuHE/7VkJhbC3xUxqSuj/zLIPuLR5cA64DtkLqo/SA79HsTYLdGL/vIuqD5IV5B4K/
|
2
|
4
ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.0 |
|
19 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46419 |
2020-09-21 16:29
|
DmUxQiZ.exe 9ef36eb6666cbd816063b6a067993c82 Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/aCVxu/Zzbu7kT/qOHYon7OD/MxjnxkQ8e14Bmcp8QSi/o4Q5yfK4pXj/cHp5NbVAwgfADmEw1C/
|
3
38.88.126.202 51.38.124.206 91.105.94.200
|
|
|
7.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46420 |
2020-09-21 16:24
|
MES-20200921-67994.doc 26a77528506cd55eb3c4c2fd5d9604ce Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
3
http://38.88.126.202:8080/9US6uXFmW64v/MRFYS2hyY14cCl3Rl1/9i8Foo3T7kGVQr/Ara1bNfHvjqGdorHqJq/kHciaR7fYy/ http://wynn838.com/wp-content/B/ https://wynn838.com/wp-content/B/
|
4
104.24.96.237 38.88.126.202 51.38.124.206 91.105.94.200
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.4 |
|
11 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46421 |
2020-09-21 16:10
|
Dat 20200920 P78951.doc 276ecb6b0eae11d22873e390b0a4a93d Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
2
http://shahqutubuddin.org/U/ http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/
|
5
103.151.217.206 148.66.138.103 209.151.194.240 51.38.124.206 91.105.94.200
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
6.4 |
M |
36 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46422 |
2020-09-21 14:40
|
Offer-ART200904-20phz.exe 39f083bf241eb90c900c26460e25fa6c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed |
|
|
|
|
15.6 |
|
40 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46423 |
2020-09-21 13:45
|
Offer-ART200904-20phz.exe 39f083bf241eb90c900c26460e25fa6c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed |
|
|
|
|
15.6 |
|
40 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46424 |
2020-09-21 13:38
|
Offer-ART200904-20phz.exe 39f083bf241eb90c900c26460e25fa6c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed |
|
|
|
|
15.6 |
|
40 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46425 |
2020-09-21 13:32
|
Offer-ART200904-20phz.exe 39f083bf241eb90c900c26460e25fa6c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed |
|
|
|
|
15.0 |
|
40 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|