| 1006 |
2020-07-27 23:37
|
ynlGo5.exe 873f57fbb5b1d477dee03e239ffbd0e4
AutoRuns unpack itself Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Advertising ComputerName DNS Cryptographic key |
1
http://185.94.252.13:443/IPAr4suxlMefb/ihey/
|
2
|
|
|
10.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1007 |
2020-07-27 23:44
|
4aWaRWqMftN8Eag.exe 507eb8cc7d37d56796ec1396202edbe5
Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://71.208.216.10/OMjodWxGwhK90B9z2/ODhPYiJV/li2LmyKo2dgb4OAcx/bVsMSr/Pn2QRYO5Nwhy/baWe9ZNkM5caizbU/
|
1
|
|
|
6.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1008 |
2020-07-27 23:51
|
gMhNrhjiWliwGzoGGt6i.exe 15c1dccf0bfca3596f90fbdedd4b5cb4
Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://71.208.216.10/Ko6Anc0VGuNchV99aQ/d4d8bh4NqM/fT5XhSYMw9tyCek/
|
1
|
|
|
6.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1009 |
2020-07-28 09:13
|
01.exe 2a2997ceac883a4f7dd6b3d59ddc1634
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
7.8 |
M |
39 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1010 |
2020-07-28 09:14
|
qx9768421h7129173938.exe 8d8013e9caed8b7fdad536c0b7b493dc
VirusTotal Malware AutoRuns Malicious Traffic unpack itself Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Advertising ComputerName DNS Cryptographic key |
1
http://75.139.38.211/s4YD/JBAOn/PpqBD/
|
1
|
|
|
10.2 |
|
6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1011 |
2020-07-28 09:17
|
yj98017428.exe 9c3a791b7cdda79087a2a2be84aa05f4
VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://75.139.38.211/snIFyzbAaGRLGna9mz/fypaQju/hwyGlic8Ph4i/
|
1
|
|
|
6.2 |
|
6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1012 |
2020-07-28 09:18
|
zOG68.exe 89dcb6e9910e3d034b2e7fb9f670ef07
VirusTotal Malware AutoRuns unpack itself Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Advertising ComputerName DNS Cryptographic key |
1
http://177.73.0.98:443/cqnbpeh9Xc1Hk/7y9IXEqx1p92q4/
|
1
|
|
|
9.0 |
|
7 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1013 |
2020-07-28 09:19
|
http://s3.ap-south-1.amazonaws... a04214cff158aaa713d0dd0c70bc7dd7
VirusTotal Malware Code Injection unpack itself Windows utilities Windows DNS |
3
http://s3.ap-south-1.amazonaws.com/dbs.asia/teamretreat2019.doc
http://s3.ap-south-1.amazonaws.com/dbs.asia
http://s3.ap-south-1.amazonaws.com/dbs.asia/
http://s3.ap-south-1.amazonaws.com/dbs.asia/teamretreat2019.doc
|
2
52.219.62.89
52.219.66.125
|
|
|
3.6 |
|
34 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1014 |
2020-07-28 09:24
|
teamretreat2019.doc a04214cff158aaa713d0dd0c70bc7dd7
Vulnerability VirusTotal Malware unpack itself |
|
4
s3.ap-south-1.amazonaws.com(52.219.66.121)
ec2-34-220-31-102.us-west-2.compute.amazonaws.com(34.220.31.102)
34.220.31.102
52.219.66.57
|
|
|
3.8 |
|
34 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1015 |
2020-07-28 09:27
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/mainC.css
|
7
iecvlist.microsoft.com(117.18.232.200)
www.nalara1220.o-r.kr(35.226.40.154)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(172.217.175.42)
117.18.232.200
172.217.163.234
35.226.40.154
|
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1016 |
2020-07-28 09:35
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files unpack itself Windows utilities malicious URLs Windows DNS |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
|
2
172.217.24.202
35.226.40.154
|
|
|
3.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1017 |
2020-07-28 09:49
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit crashed |
7
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
7
www.nalara1220.o-r.kr(35.226.40.154)
iecvlist.microsoft.com(117.18.232.200)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(216.58.197.170)
117.18.232.200
216.58.220.202
35.226.40.154
|
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1018 |
2020-07-28 10:14
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.161.74)
172.217.24.202
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1019 |
2020-07-28 10:16
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/mainC.css
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.26.10)
216.58.199.10
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1020 |
2020-07-28 10:19
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/main.jsp
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.26.10)
172.217.25.10
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|