1411 |
2020-08-09 14:04
|
rckjxiy188780.exe 8332d7713ad91c2b198e25457ff11b4b VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://198.57.203.63:8080/GOtlDzO7kFk4xoQy/XrztHfj/LXW8QJRmz4XR8y2qO/
|
2
198.57.203.63 78.189.60.109
|
|
|
7.4 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1412 |
2020-08-10 16:45
|
BDCAMSETUP_KOR.EXE b1518ca2baf0533020349fea22438a63 AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check installed browsers check Windows Exploit Browser Advertising ComputerName crashed |
20
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://www.bandicam.co.kr/f.php?id=kor_app_complete_install&v=2 https://www.bandicam.co.kr/support/start/ https://www.bandicam.co.kr/js/bootstrap-3.3.2.min.css?20200731 https://www.bandicam.co.kr/style.min.css?20200731 https://www.googletagmanager.com/gtag/js?id=UA-20339103-1 https://www.bandicam.co.kr/style.min.css?20200731 https://www.bandicam.co.kr/js/bootstrap-3.3.2.min.css?20200731 https://fonts.googleapis.com/css?family=Nanum+Gothic https://www.bandicam.co.kr/js/jquery-3.3.1.custom.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/r/collect?v=1&_v=j83&a=891909642&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bandicam.co.kr%2Fsupport%2Fstart%2F&ul=ko&de=utf-8&dt=%ED%94%84%EB%A1%9C%EA%B7%B8%EB%9E%A8%20%EC%84%A4%EC%B9%98%EA%B0%80%20%EC%99%84%EB%A3%8C%EB%90%98%EC%97%88%EC%8A%B5%EB%8B%88%EB%8B%A4%20-%20%EB%B0%98%EB%94%94%EC%BA%A0&sd=24-bit&sr=1365x1024&vp=1233x841&je=1&fl=13.0%20r0&_u=IEBAAU~&jid=924602955&gjid=6643929&cid=1548330542.1597076314&tid=UA-20339103-1&_gid=873477484.1597076314&_r=1>m=2ou7v1&z=837017259 https://www.bandicam.co.kr/js/bootstrap-3.3.2.min.js https://www.bandicam.co.kr/magnific-popup.min.css https://www.bandicam.co.kr/include/fonts/glyphicons-halflings-regular.eot? https://wcs.naver.net/wcslog.js https://www.bandicam.co.kr/js/acecounter_cts.js https://wcs.naver.com/m?u=https%3A%2F%2Fwww.bandicam.co.kr%2Fsupport%2Fstart%2F&e=&wa=s_502950d95e2b&bt=-1&os=Win32&ln=ko&sr=1365x1024&bw=1211&bh=841&c=24&j=Y&jv=1.8&k=Y&ct=lan&cs=utf-8&tl=%25ED%2594%2584%25EB%25A1%259C%25EA%25B7%25B8%25EB%259E%25A8%2520%25EC%2584%25A4%25EC%25B9%2598%25EA%25B0%2580%2520%25EC%2599%2584%25EB%25A3%258C%25EB%2590%2598%25EC%2597%2588%25EC%258A%25B5%25EB%258B%2588%25EB%258B%25A4%2520-%2520%25EB%25B0%2598%25EB%2594%2594%25EC%25BA%25A0&vs=0.7.1&nt=1597076315166&EOU https://www.bandicam.co.kr/js/jquery.magnific-popup.min.js https://www.bandicam.co.kr/downloads/version_kor.ini https://www.bandicam.co.kr/app_info/index2.php?v=4.6.1.1688&r=0 https://www.google-analytics.com/analytics.js https://www.google-analytics.com/r/collect?v=1&_v=j83&a=2031054232&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bandicam.co.kr%2Fapp_info%2Findex2.php%3Fv%3D4.6.1.1688%26r%3D0&ul=ko&de=utf-8&sd=24-bit&sr=1024x768&vp=&je=1&fl=13.0%20r0&_u=AAC~&jid=688910507&gjid=268064380&cid=1548330542.1597076314&tid=UA-20339103-7&_gid=873477484.1597076314&_r=1&z=149846623
|
14
wcs.naver.net(184.28.153.161) ie9cvlist.ie.microsoft.com(117.18.232.200) fonts.googleapis.com(172.217.27.74) wcs.naver.com(210.89.160.128) www.bandicam.co.kr(52.79.149.71) www.googletagmanager.com(172.217.27.72) www.google-analytics.com(172.217.31.142) 117.18.232.200 210.89.160.128 216.58.197.110 216.58.199.104 216.58.200.10 23.53.225.247 52.79.149.71
|
|
|
11.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1413 |
2020-08-10 17:37
|
wfdJJbjf3L.exe c252746fea8af8e146cc2c4f028aee7a Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://114.146.222.200/CAr1/Z8PPabzqADatnRQe/MpCTIS3Qiw/
|
4
114.146.222.200 200.55.243.138 212.51.142.238 47.146.32.175
|
|
|
6.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1414 |
2020-08-10 17:45
|
dl53163820234.exe 4f2640624e1568f2cab7a133427908df Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://198.57.203.63:8080/T7WDUDedxExpe2d6yz/
|
2
198.57.203.63 78.189.60.109
|
|
|
6.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1415 |
2020-08-10 22:13
|
flT1InVIuvV7j.exe a772627b91e925e5ee8739ea609eb59b VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://58.171.153.81/uJQQ/Qk0XDmz9/m6i8WfbBvjB/wvCaKcBl/4mix0H/
|
1
|
|
|
5.2 |
|
12 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1416 |
2020-08-10 22:37
|
iiqazfn37193670.exe b1ae2314a713f40e08323d17117d3df2 Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://139.99.157.213:8080/anGijLr45/FQvtreYANNM39Rzjmzf/g7PIvsRPu601mGDJsC/rk8rF7r1L6dcXSPNb/0OS57n04JN/YI95VPsPDnnVNLS/
|
2
139.99.157.213 202.5.47.71
|
|
|
6.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1417 |
2020-08-10 22:39
|
jxCN.exe 3bb5b43636b4a86c60405e09b9f9fb26 VirusTotal Malware AutoRuns Malicious Traffic unpack itself Auto service malicious URLs sandbox evasion human activity check Windows Advertising ComputerName DNS Cryptographic key |
1
http://58.171.153.81/XPdhODQJronsn9Yt/B8bQdP/cQnDJ7WokO/
|
1
|
|
|
8.8 |
|
12 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1418 |
2020-08-11 09:30
|
SMTrFWlR.exe 0cd021d3299edc94e59006452a136fbf Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://74.120.55.163/9G4jZ/3jSgvba5sQmH/HdZGApXMpS8Dj9D/EMHbD08d/BmQRnfzeK/mUpFgCQDzwm/
|
1
|
|
|
5.0 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1419 |
2020-08-12 03:21
|
https://www.winjoygame.com/fav... fc3b774bacbbc54c020116ae0708ee09 Code Injection unpack itself Windows utilities malicious URLs Windows DNS |
|
1
|
|
|
2.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1420 |
2020-08-12 03:30
|
favicon.ico.exe fc3b774bacbbc54c020116ae0708ee09 VirusTotal Malware |
|
|
|
|
0.6 |
|
3 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1421 |
2020-08-12 05:05
|
BiELCIyVy7GGX5WJWrp.exe 714b70027132be2766a0a532cabdd2fe VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://107.185.211.16/pb0qOXarbDXOGAGS8T/Ech0ZTnRtPBMD/hOQpi/v8vVvGOjdsE0ymkOQD0/aHedhVbcYdaHlFI0m3/
|
1
|
|
|
5.4 |
|
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1422 |
2020-08-12 05:14
|
curh.vbs 8820a8a06f70f7a4800f2d617e32250d Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray ICMP traffic unpack itself Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key |
2
https://drive.google.com/u/0/uc?id=1C9Jv2Buwdmelhjep-JjOw2MwJZpS3Bb_&export=download https://doc-0k-8o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vq4oq1ml1imcs03in4pvgfgfe1jvtle2/1597176675000/16823922697999196009/*/1C9Jv2Buwdmelhjep-JjOw2MwJZpS3Bb_?e=download
|
4
172.217.25.1 216.58.199.14 216.58.220.206 79.134.225.52
|
|
|
20.2 |
|
6 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1423 |
2020-08-12 13:35
|
1597161079.png.exe ecbdc762e9dafb05df850145a6cbc875 VirusTotal Malware malicious URLs WriteConsoleW human activity check ComputerName Remote Code Execution |
|
|
|
|
3.2 |
M |
17 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1424 |
2020-08-12 13:39
|
X66YHN.exe 92bd5a45e9d4201b7f43e18a9f104b6d VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://107.185.211.16/jvCp5fMG2sIZa/YE5S1zXsLT05L/aMCLx65Eqo/AcgAq5MmsJoR4v91z/c4bZoDoSZpRUf/1PWexgixLfAIu7oY/
|
1
|
|
|
6.4 |
|
17 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1425 |
2020-08-12 14:56
|
z0eah9500223862.exe 2de15ca2b2fa87b7e087ead855150b8a Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://139.99.157.213:8080/oY8FJ/EunaHS4no/
|
2
139.99.157.213 92.24.51.238
|
|
|
6.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|