flash

IMG_2022028022-0120.vbs

Status: finished
Submission Time: 2022-11-28 19:29:13 +01:00
Malicious
Evader
Trojan
Spyware
AgentTesla, GuLoader, Remcos

Comments

Tags

  • GuLoader
  • vbs

Details

  • Analysis ID:
    755530
  • API (Web) ID:
    1122800
  • Analysis Started:
    2022-11-28 19:37:48 +01:00
  • Analysis Finished:
    2022-11-28 21:00:08 +01:00
  • MD5:
    752418aa9de96e0fc941ae1e7e33c906
  • SHA1:
    bb67df2d8a4b525b42211630386e4b51a97255a3
  • SHA256:
    cdce0391762117cc926a2131b5e0ec7724b69d1224dbabc7a3f351dfebf9b9bf
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
64/100

System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

malicious
100/100

malicious
8/92

IPs

IP Country Detection
37.0.14.209
Netherlands
84.38.134.104
Latvia
149.154.167.220
United Kingdom
Click to see the 1 hidden entries
172.67.169.218
United States

Domains

Name IP Detection
myfrontmannyfive.ddns.net
37.0.14.209
backupfrontmanny.duckdns.org
84.38.134.104
sinopbisikletkiralama.com
172.67.169.218
Click to see the 4 hidden entries
api.telegram.org
149.154.167.220
f65kcg.am.files.1drv.com
0.0.0.0
onedrive.live.com
0.0.0.0
f64nqg.am.files.1drv.com
0.0.0.0

URLs

Name Detection
http://sinopbisikletkiralama.com/Bichloride.vbs
https://api.telegram.org/bot2135733177:AAGBiQMSb9sct4MUL0kpdpB0pPO3n3AKBfA/sendDocument

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\Bichloride.vbs
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2c4howsr.nhi.psm1
ASCII text, with no line terminators
#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5elcf2ed.d41.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ibfztpdx.ynr.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mufoeags.irm.psm1
ASCII text, with no line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#