| 46561 |
2020-09-05 18:28
|
aeLLDK7W7Ip.exe 421de869d04387715f192562625e1e51
VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://50.121.220.50/199Cmp0b1h8/ThH3/MFb53m9Fe88wqb/4i4wXiS/njEXVSET9/VE86l2fM6Y9/
|
1
|
|
|
6.2 |
|
45 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46562 |
2020-09-04 16:43
|
w3CSnKac.exe 7505a7b885f2511abf8580fd5adcf6eb
VirusTotal Malware PDB RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://185.215.227.107:443/OTOWs2uX9/08D4L5C/u1VKW1lFtEY3YhX69/pLYiCbYg/
|
1
|
|
|
4.6 |
M |
6 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46563 |
2020-09-04 16:27
|
ARC 2020_09_04 Q896654.doc 640ac8879c4e61795f339ad23ffd6ab6
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
4
http://sitecgps.com/cgi-sys/suspendedpage.cgi
http://185.215.227.107:443/ntw9Wap3ho8s6/YePl/JCRodIaz/WPtnIwjWaopfPUA/
http://andrescardozo.com/programas/k/
http://sitecgps.com/assets/hj8/
|
3
185.215.227.107
204.93.167.49
65.99.205.177
|
|
|
4.0 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46564 |
2020-09-04 11:16
|
13797650_305717.doc 57df07cf0f8007d537a4fee9359e62a3
VirusTotal Malware Creates shortcut Creates executable files unpack itself |
|
|
|
|
3.6 |
M |
44 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46565 |
2020-09-04 10:10
|
Attachment-2020_09_04.doc 22bb68903763d56bc7eb098b141767a8
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
2
http://185.215.227.107:443/kSUYPAS8yRQuS5H1W/emhwmJDlu8/HEB4dvk8MOgtx9/UOqAs/
http://sitecgps.com/assets/hj8/
|
2
185.215.227.107
65.99.205.177
|
|
|
4.0 |
|
24 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46566 |
2020-09-04 09:21
|
LIST_20200904_ZNQ565.doc f61c4d24653f77ee0e6612a22a73c7cb
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
2
http://sitecgps.com/assets/hj8/
http://185.215.227.107:443/cUTW1/VIqjkG6PpLhDA8Jx/
|
2
185.215.227.107
65.99.205.177
|
|
|
4.0 |
|
22 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46567 |
2020-09-04 09:11
|
INV_08487290.doc ad950b4b1f4815dd54db2e19cb1c6c42
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
2
http://192.158.216.73/rWDLu6rH3/a68j/JUFKzJ0R4pP62J/zUCNC6ONE/
http://homokfuvo.com/files/QSNUeuP/
|
2
192.158.216.73
94.199.178.232
|
|
|
4.4 |
|
23 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46568 |
2020-09-04 09:02
|
FILE_WHU_090120_WBQ_090420.doc 2fa3e3d513be39915b4e659d6f11fbd5
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
2
http://192.158.216.73/KDbhW88vicJDMNj3cMc/1xoAi1li/YHrk57/iti5i0fCt9VsIsic/
http://homokfuvo.com/files/QSNUeuP/
|
2
192.158.216.73
94.199.178.232
|
|
|
4.4 |
|
22 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46569 |
2020-09-03 17:52
|
LIST 20200903 405.doc e0aadeb46d6591ef3176d74e683e88c6
VirusTotal Malware |
|
|
|
|
0.6 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46570 |
2020-09-03 15:20
|
arc-2020_09_03-32818.doc 933402bd5723395d7e54c6266fefd600
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
2
http://crbremen.com/WordPress_01/A/
http://50.121.220.50/DjLx3qLInehb4/UkhX1swrbJx5/
|
2
50.121.220.50
81.169.145.68
|
|
|
4.2 |
|
19 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46571 |
2020-09-03 12:13
|
dat.doc 03da98e27ded1b3f58e295702bc87eef
Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
2
http://50.121.220.50/4nRW/umkpWpyRLgAxBu/2kTC7k/JQjoH9NWrQ60H/NOvZ3hEekWx6mW/
http://50.121.220.50/4nRW/umkpWpyRLgAxBu/2kTC7k/JQjoH9NWrQ60H/NOvZ3hEekWx6mW/
http://crbremen.com/WordPress_01/A/
|
2
50.121.220.50
81.169.145.68
|
|
|
4.2 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46572 |
2020-09-03 11:44
|
Fgdhk4593576485.exe d7eb41efee6a88cdb2bc25152c33b808
Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://153.92.4.96:8080/Bxyw/
http://153.92.4.96:8080/Bxyw/
|
3
118.110.236.121
149.202.5.139
153.92.4.96
|
|
|
6.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46573 |
2020-09-03 11:36
|
niGcEd.dot d41d8cd98f00b204e9800998ecf8427e
unpack itself malicious URLs |
|
|
|
|
1.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46574 |
2020-09-03 11:28
|
dat-20200903-DIA424539.doc 7773d7daebf884681983e052946b2e6c
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs |
1
http://crbremen.com/WordPress_01/A/
|
2
crbremen.com(81.169.145.68)
81.169.145.68
|
|
|
4.0 |
|
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46575 |
2020-09-03 10:00
|
inst.exe cc90e9a3011c59d6dde742d48b152f59
VirusTotal Malware PDB unpack itself malicious URLs Remote Code Execution DNS crashed |
1
https://iplogger.org/1cJX57
|
1
|
|
|
4.6 |
|
49 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|