| 48796 |
2020-07-04 17:20
|
http://microsoft-cloud15.co.za... a13c552928abfb758269de74a93d4ae5
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit crashed |
2
http://microsoft-cloud15.co.za/msofficeupdate.exe
https://microsoft-cloud15.co.za/msofficeupdate.exe
|
2
microsoft-cloud15.co.za(102.130.112.195)
102.130.112.195
|
|
|
6.0 |
M |
22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48797 |
2020-07-04 17:19
|
jshp1.exe 515074db9c35d1bb7e84fbc597066247
VirusTotal Malware PDB |
|
|
|
|
1.6 |
|
8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48798 |
2020-07-04 17:17
|
http://gothw.club/jshp1.exe 515074db9c35d1bb7e84fbc597066247
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://gothw.club/jshp1.exe
https://gothw.club/jshp1.exe
|
2
gothw.club(185.250.206.69)
185.250.206.69
|
|
|
5.8 |
M |
8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48799 |
2020-07-04 17:12
|
http://192.3.31.220/646rEJfSIw... ba65baa1bfae7883cbe38c7c0dc9259d
VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
2
http://192.3.31.220/646rEJfSIwVXtF3.exe
https://192.3.31.220/646rEJfSIwVXtF3.exe
|
1
|
|
|
6.6 |
M |
15 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48800 |
2020-07-04 16:42
|
http://180.214.238.5/receipt/i... 7d1ae6451a783f3e146561b05f82fd1f
VirusTotal Malware Code Injection Malicious Traffic unpack itself Windows utilities Windows DNS |
8
http://180.214.238.5/receipt/invoice_120012.doc
http://180.214.238.5/receipt/
http://180.214.238.5/receipt/
http://180.214.238.5/receipt/invoice_120012.doc
http://180.214.238.5/receipt
http://180.214.238.5/receipt/
http://180.214.238.5/receipt
http://180.214.238.5/chprvdoc/svchost.exe
https://180.214.238.5/receipt/invoice_120012.doc
https://180.214.238.5/receipt/
https://180.214.238.5/receipt
https://180.214.238.5/receipt/
https://180.214.238.5/receipt
https://180.214.238.5/receipt/
https://180.214.238.5/receipt
https://180.214.238.5/receipt/
https://180.214.238.5/receipt/invoice_120012.doc
https://180.214.238.5/chprvdoc/svchost.exe
|
1
|
|
|
4.2 |
M |
25 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48801 |
2020-07-04 16:41
|
http://180.214.238.5/receipt/i...
VirusTotal Malware Code Injection Malicious Traffic unpack itself Windows utilities Windows DNS |
2
http://180.214.238.5/receipt/invoice_120012.doc
https://180.214.238.5/receipt/invoice_120012.doc
|
1
|
|
|
4.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48802 |
2020-07-04 16:38
|
http://boasteel.us/june29n.exe 8228c3e9e9b81de8fb244196fab6da0d
VirusTotal Malware Code Injection buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder sandbox evasion Windows Exploit crashed |
2
http://boasteel.us/june29n.exe
https://boasteel.us/june29n.exe
|
2
boasteel.us(87.120.36.182)
87.120.36.182
|
|
|
8.8 |
M |
47 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48803 |
2020-07-04 16:36
|
http://boasteel.us/june29n.exe 8228c3e9e9b81de8fb244196fab6da0d
VirusTotal Malware Code Injection buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder sandbox evasion Windows Exploit crashed |
2
http://boasteel.us/june29n.exe
https://boasteel.us/june29n.exe
|
2
boasteel.us(87.120.36.182)
87.120.36.182
|
|
|
8.8 |
M |
47 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48804 |
2020-07-04 12:26
|
http://raymondjaon.ug/rac2.exe 944e549ba4db11ea3f94a2873ffbe693
VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities Check virtual network interfaces AppData folder malicious URLs Windows Exploit DNS crashed |
8
http://apps.identrust.com/roots/dstrootcax3.p7c
http://raymondjaon.ug/rac2.exe
http://34.65.10.107/gate/log.php
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
https://raymondjaon.ug/rac2.exe
https://apps.identrust.com/roots/dstrootcax3.p7c
https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
https://34.65.10.107/gate/log.php
|
9
raymondjaon.ug(217.8.117.45)
apps.identrust.com(192.35.177.64)
www.download.windowsupdate.com(119.207.64.11)
telete.in(195.201.225.248)
119.207.64.8
192.35.177.64
195.201.225.248
217.8.117.45
34.65.10.107
|
|
|
12.4 |
M |
35 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48805 |
2020-07-04 12:24
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48806 |
2020-07-04 12:23
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48807 |
2020-07-04 11:49
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48808 |
2020-07-04 10:23
|
rac2.exe 944e549ba4db11ea3f94a2873ffbe693
VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs Ransomware Windows Email ComputerName DNS |
20
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
http://34.65.10.107/gate/libs.zip
http://raymondjaon.ug/ac.exe
http://apps.identrust.com/roots/dstrootcax3.p7c
http://raymondjaon.ug/ds2.exe
http://raymondjaon.ug/rc.exe
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/gate/log.php
http://34.65.10.107/file_handler/file.php?hash=472b8711bfdb0fd6dc22761973653afc48de03f4&js=9c9b7a27e53f7d53178457a3dc3868ce0e30d2b2&callback=http://34.65.10.107/gate
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
http://34.65.10.107/gate/sqlite3.dll
http://raymondjaon.ug/ds1.exe
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/gate/libs.zip
https://apps.identrust.com/roots/dstrootcax3.p7c
https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
https://34.65.10.107/gate/log.php
https://34.65.10.107/gate/sqlite3.dll
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/file_handler/file.php?hash=472b8711bfdb0fd6dc22761973653afc48de03f4&js=9c9b7a27e53f7d53178457a3dc3868ce0e30d2b2&callback=http://34.65.10.107/gate
https://raymondjaon.ug/rc.exe
https://raymondjaon.ug/ac.exe
https://raymondjaon.ug/ds1.exe
https://raymondjaon.ug/ds2.exe
|
9
telete.in(195.201.225.248)
apps.identrust.com(192.35.177.64)
raymondjaon.ug(217.8.117.45)
www.download.windowsupdate.com(23.67.53.27)
192.35.177.64
195.201.225.248
217.8.117.45
23.67.53.32
34.65.10.107
|
|
|
17.2 |
M |
35 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48809 |
2020-07-04 10:18
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
4
http://raymondjaon.ug/rac2.exe
http://www.bing.com/favicon.ico
https://raymondjaon.ug/rac2.exe
https://www.bing.com/favicon.ico
|
5
watson.microsoft.com(52.158.209.219)
raymondjaon.ug(217.8.117.45)
204.79.197.200
217.8.117.45
51.143.111.81
|
|
|
5.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48810 |
2020-07-04 10:08
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit DNS crashed |
4
http://raymondjaon.ug/rac2.exe
http://www.bing.com/favicon.ico
https://raymondjaon.ug/rac2.exe
https://www.bing.com/favicon.ico
|
5
watson.microsoft.com(51.143.111.81)
raymondjaon.ug(217.8.117.45)
204.79.197.200
217.8.117.45
52.158.209.219
|
|
|
6.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|