| 46441 |
2020-09-20 22:41
|
3kknRIqyLadKQddiLJu0.exe 8428926592a23a849523726cbb9e351b
VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://162.241.41.111:7080/tI7FfrTloY/bbIrhMUE/j9knJRpXDkkYhX/6cDRKkbD99RgsttrDp/bDtLhbb99u0/
|
3
118.243.83.70
162.241.41.111
5.189.168.53
|
|
|
7.2 |
M |
43 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46442 |
2020-09-20 22:16
|
wMntZv92S.exe 5db3652509403e30eef851f02f0e24ff
VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://162.241.41.111:7080/HOfrBOo/2iETrDPNAQzEaE8fPr/MHBP7rnh/cup6SL2z13k/
|
3
162.241.41.111
190.192.39.136
5.189.168.53
|
|
|
7.0 |
M |
42 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46443 |
2020-09-20 22:14
|
Putgs3PDYl5q.exe 550a741d0fef7a52e63020c9016ea5c8
Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/b4hv/
|
3
38.88.126.202
51.38.124.206
91.105.94.200
|
|
|
6.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46444 |
2020-09-20 22:14
|
IqKmozloSxC1qJk.exe b41e414efcad408d911484e5aad13a3b
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/OUtVwBVxzPtbJhWh/
|
3
38.88.126.202
51.38.124.206
91.105.94.200
|
|
|
7.6 |
|
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46445 |
2020-09-20 18:53
|
Putgs3PDYl5q.exe 550a741d0fef7a52e63020c9016ea5c8
Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/eZnBHazbq/3o5UV1KDOUJnVOwUU/
|
3
38.88.126.202
51.38.124.206
91.105.94.200
|
|
|
6.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46446 |
2020-09-20 18:49
|
Mes-228262.doc 276ecb6b0eae11d22873e390b0a4a93d
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
2
http://38.88.126.202:8080/HYKeZBudf/uSx1Oiun/g2jUk3v/k0kIjDOak1vj5/
http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/
|
5
103.151.217.206
148.66.138.103
38.88.126.202
51.38.124.206
91.105.94.200
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
6.6 |
M |
28 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46447 |
2020-09-20 18:29
|
document_01200.doc 2588cb56a4d1f28e05f0dc5d60e7ce2f
VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader |
1
http://66.225.194.30/zip/vbc.exe
|
1
|
6
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.4 |
|
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46448 |
2020-09-20 18:29
|
FILE_158744266936513.doc 8a7c7754300dab0670eaf86357a5463d
Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
5
http://kellymorganscience.com/wp-content/SCsWM/
http://61.19.246.238:443/bxNqCIdk/HICIsMd/4PtnFo/zYXRtxzGP8zynC3OwN/gMSBsut3/
http://dandyair.com/font-awesome/rOOAL/
http://134.209.36.254:8080/lIGaoFcQwNKUibZRZy/YxKVgK1u/YbIPVTg/zRv85GXJrvAINoReLI/n6FgRlKdiHoouj8/
https://www.tekadbatam.com/wp-content/AUiw/
|
12
101.0.116.55
104.18.34.185
120.138.30.150
134.209.36.254
137.59.187.107
157.245.99.39
46.16.62.168
61.19.246.238
67.225.175.220
71.72.196.159
94.23.216.33
94.23.237.171
|
8
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET CNC Feodo Tracker Reported CnC Server group 3
ET POLICY Terse Named Filename EXE Download - Possibly Hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
ET CNC Feodo Tracker Reported CnC Server group 19
ET POLICY HTTP traffic on port 443 (POST)
|
|
6.8 |
|
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46449 |
2020-09-19 10:48
|
BAL_15920775.doc 6a336c8fcf06f49c600fa32bc3af3b0b
Vulnerability Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
4
http://kellymorganscience.com/wp-content/SCsWM/
http://71.72.196.159/T7tp06rD2MtMTCG2PQH/dX5kajPPkdPjYa/
http://dandyair.com/font-awesome/rOOAL/
https://www.tekadbatam.com/wp-content/AUiw/
|
5
101.0.116.55
172.67.177.4
46.16.62.168
67.225.175.220
71.72.196.159
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
4.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46450 |
2020-09-19 10:47
|
NAY9VE4B.doc 3660ebad77e4eede41765692b03bb2ad
Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee Windows DNS |
4
http://kellymorganscience.com/wp-content/SCsWM/
http://71.72.196.159/1ZsUG5cF7xnFn3pG/6TftK36As60GaqJ8/XHjaOG4jUoEjxj/PVFaKiapt4Lbk0eg/LA1syIcez/
http://dandyair.com/font-awesome/rOOAL/
https://www.tekadbatam.com/wp-content/AUiw/
|
5
101.0.116.55
104.18.34.185
46.16.62.168
67.225.175.220
71.72.196.159
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
4.4 |
|
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46451 |
2020-09-18 17:53
|
S4QSx4t9ze4.exe 0c192fbf6cb765ef8ca7d6b08d76ac48
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/nkRQhbyWnkA/Pa3JCkR/xRSobNqyRx2JabOL6a/8wcio/
|
3
38.88.126.202
51.38.124.206
91.105.94.200
|
|
|
7.6 |
|
12 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46452 |
2020-09-18 17:43
|
IqKmozloSxC1qJk.exe b41e414efcad408d911484e5aad13a3b
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/vpqxW9Nu/1QOv89YoM4Qocd6/gBMO9/o6t4rNLUZtdQ/3q9rjRdkoq8m/
|
3
38.88.126.202
51.38.124.206
91.105.94.200
|
|
|
7.6 |
|
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46453 |
2020-09-18 17:24
|
wMntZv92S.exe 5db3652509403e30eef851f02f0e24ff
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://5.189.168.53:8080/dsJmNql6bOP/pykPv/yUBogouHvNw/l39gomnQfBD25jdT/LVFWgV4wB/rthsSAfkW/
|
2
190.192.39.136
5.189.168.53
|
|
|
7.2 |
|
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46454 |
2020-09-18 13:28
|
oK.exe dfbe801848516484378bc7b073de81e2
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://5.189.168.53:8080/tCms/oMFo7Wkwg/1aFH7IzGQQ/
|
2
190.192.39.136
5.189.168.53
|
|
|
7.2 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46455 |
2020-09-18 13:27
|
oK.exe dfbe801848516484378bc7b073de81e2
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://5.189.168.53:8080/q43Vvlv6YVgZ36S/kdNq0YC12oAF7GFdNbF/SNkwc8/MGYjkPUVMdfZXXSz9/v066/FyBDy/
|
2
190.192.39.136
5.189.168.53
|
|
|
7.2 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|