General Information

  • Date:03.12.2019
  • Duration:0h 3m 33s
  • Sample URL:http://r.fsbtech.com/mk/cl/f/oi3Sa85ejnbF91kRgueEj849AO1g9sQHi8pW6hDZRbs1PgSSkGh_9Zw0paIheiiDV0CWVf6PEWgBAvb0-ZNDKt4mqQb8gRQHCCpaP7DyIHg1pYu7j59mbtdgXeunVKGu5eF_lP4XS--FW0KPwxzSZwS4wR01dL83_Q8z178UG0nWaAtX0YocFegO4BCSQQnIdGcksJZ8O0cBRWzO0Aski3jrf46P3VKwGRJEYKIK-R3chA
  • Cookbook:browseurl.jbs
  • Icon:No Icon
  • Filetype:unknown

Detection

CLEAN
    • Found 0 malicious signatures
    • Contacts 10 domains/IPs
    • Launches 2 processes
    • Drops 19 files

Signature Overview

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Contacted Public IPs

    IP Country Flag ASN ASN Name Malicious
    104.16.230.163
    United States
    13335 unknown false
    172.64.129.16
    United States
    13335 unknown false
    199.195.253.41
    United States
    53667 unknown false
    185.107.232.249
    France
    200484 unknown false

    Contacted Domains

    Name IP Active
    r.mailin.fr 104.16.230.163 true
    in-automate.sendinblue.com 185.107.232.249 true
    urdunagri.com 199.195.253.41 true
    sibautomation.com 172.64.129.16 true
    r.fsbtech.com unknown unknown
    in.xero.com unknown unknown
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 193288 URL: http://r.fsbtech.com/mk/cl/... Startdate: 03/12/2019 Architecture: WINDOWS Score: 0 11 in.xero.com 2->11 6 iexplore.exe 6 84 2->6         started        process3 process4 8 iexplore.exe 1 40 6->8         started        dnsIp5 13 r.mailin.fr 104.16.230.163, 49715, 49716, 80 unknown United States 8->13 15 sibautomation.com 172.64.129.16, 443, 49717, 49718 unknown United States 8->15 17 4 other IPs or domains 8->17