MIL0001742828.xls

Status: finished

Submission Time: 2019-12-09 17:28:47 +01:00

Malicious

E-Banking Trojan

Trojan

Exploiter

Evader

Ursnif

Comments

Details

Analysis ID:
194688
API (Web) ID:
287432
Analysis Started:

2019-12-09 17:28:51 +01:00
Analysis Finished:

2019-12-09 17:39:40 +01:00
MD5:
c5e1106f9654a23320132cbc61b3f29d
SHA1:
c7c29ff4f0b36bd5618fec2eb0da25cf4daaca3f
SHA256:
81a1fca7a1fb97fe021a1f2cf0bf9011dd2e72a5864aad674f8fea4ef009417b
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports
				System: Windows 7 (Office 2003 SP1, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 44, Firefox 36)		100/100
						10/60

IPs

IP	Country	Detection
89.249.65.189	United Kingdom
216.58.201.101	United States
94.100.28.184	Netherlands

Domains

Name	IP	Detection
udatapost.red	0.0.0.0
marvellstudio.online	0.0.0.0
abrakam.site	0.0.0.0
Click to see the 7 hidden entries
sdkscontrol.pw	0.0.0.0
hiteronak.icu	0.0.0.0
ublaznze.online	0.0.0.0
laddloanalao.xyz	89.249.65.189
gmail.com	216.58.201.101
makretplaise.xyz	192.64.119.156
sutsyiekha.casa	94.100.28.184

URLs

Name	Detection
http://openimage.interpark.com/interpark.ico
http://www.asharqalawsat.com/
http://images.joins.com/ui_c/fvc_joins.ico
Click to see the 97 hidden entries
http://search.ebay.it/
http://www.univision.com/
http://www.soso.com/
http://www.google.cz/
http://www.google.si/
http://searchresults.news.com.au/
http://search.nifty.com/
http://www.gmarket.co.kr/
http://search.ebay.com/
http://search.yahoo.co.jp/favicon.ico
http://busca.orange.es/
http://search.sify.com/
http://www.ozu.es/favicon.ico
http://espanol.search.yahoo.com/
http://uk.search.yahoo.com/
http://www.rambler.ru/favicon.ico
http://list.taobao.com/browse/search_visual.htm?n=15&q=
http://google.pchome.com.tw/
http://browse.guardian.co.uk/favicon.ico
http://www.pchome.com.tw/favicon.ico
http://busca.buscape.com.br/favicon.ico
http://sads.myspace.com/
http://laddloanalao.xyz/images/New4cJoQvo6XtZauz/hyuqnQVHdttc/Y2fQhP_2Bvp/SwIcLle_2BgVQD/gNevLmBadoM
http://www.tiscali.it/favicon.ico
http://www.cdiscount.com/
http://www.news.com.au/favicon.ico
http://ariadna.elmundo.es/
http://www.%s.comPA
http://service2.bfast.com/
http://p.zhongsou.com/favicon.ico
http://search.centrum.cz/favicon.ico
http://www.myspace.com/favicon.ico
http://search.espn.go.com/
http://search.ipop.co.kr/favicon.ico
http://search.interpark.com/
http://www.amazon.de/
http://suche.freenet.de/favicon.ico
http://search.seznam.cz/favicon.ico
http://cgi.search.biglobe.ne.jp/
http://www.tesco.com/
http://www.iask.com/
http://search.orange.co.uk/favicon.ico
http://buscador.terra.es/
http://www.target.com/
http://search.yahoo.co.jp
http://auto.search.msn.com/response.asp?MT=
http://cnweb.search.live.com/results.aspx?q=
http://www.sogou.com/favicon.ico
http://www.ya.com/favicon.ico
http://search.rediff.com/
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://msk.afisha.ru/
http://%s.com
http://image.excite.co.jp/jp/favicon/lep.ico
http://search.ebay.in/
http://img.shopzilla.com/shopzilla/shopzilla.ico
http://in.search.yahoo.com/
http://rover.ebay.com
http://fr.search.yahoo.com/
http://asp.usatoday.com/
http://www.etmall.com.tw/favicon.ico
https://download-installer.cdn.mozilla.net/pub/firefox/releases/54.0.1/win32/en-US/Firefox%20Setup%2
http://search.yahoo.com/favicon.ico
http://buscar.ya.com/
http://www3.fnac.com/favicon.ico
http://www.dailymail.co.uk/
http://www.nifty.com/favicon.ico
http://www.rambler.ru/
http://www.mtv.com/
http://search.ebay.de/
http://www.merlin.com.pl/favicon.ico
http://www.mercadolivre.com.br/
http://kr.search.yahoo.com/
http://www.ceneo.pl/
http://search.auction.co.kr/
http://www.google.it/
http://suche.t-online.de/
http://search.centrum.cz/
http://www.cjmall.com/
http://www.priceminister.com/favicon.ico
http://www.ask.com/
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
http://busca.igbusca.com.br/
http://www.msn.com/?ocid=iehpS
http://search.about.com/
http://search.chol.com/favicon.ico
http://buscar.ozu.es/
http://www.clarin.com/favicon.ico
http://search.msn.co.jp/results.aspx?q=
http://search.naver.com/favicon.ico
http://search.daum.net/
http://www.abril.com.br/favicon.ico
http://cgi.search.biglobe.ne.jp/favicon.ico
http://search.hanafos.com/favicon.ico
http://www.google.ru/
http://search.naver.com/
http://it.search.dada.net/favicon.ico

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\W	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\v0kgxdqm.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\ygdsonvv.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
Click to see the 45 hidden entries
C:\Users\user\AppData\Local\Temp\ygdsonvv.pdb	data	#
C:\Users\user\AppData\Local\Temp\RES9007.tmp	data	#
C:\Users\user\AppData\Local\Temp\v0kgxdqm.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\v0kgxdqm.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\v0kgxdqm.out	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\v0kgxdqm.pdb	data	#
C:\Users\user\AppData\Local\Temp\ygdsonvv.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\ygdsonvv.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\ygdsonvv.out	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\RES74FF.tmp	data	#
C:\Users\user\AppData\Local\Temp\~DF00A1094E21FFE937.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF26328438DCE709C5.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF423E474A1C6DC840.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF57A74C65F84816A7.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF6DDC0C8057C653B9.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF881119748BF62D6C.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFB451A12262FF19FB.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFBB85AEECFADB7B4E.TMP	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\W9U88JM6.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HZPS4FI3NXVBGXIUPGCH.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KJ92N8DPS0W7KCC8YM6Q.temp	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\favicon[1].ico	PNG image data, 16 x 16, 4-bit colormap, non-interlaced	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	PNG image data, 16 x 16, 4-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5A5B55D1-1AA1-11EA-B7AC-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7436F611-1AA1-11EA-B7AC-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{75AD5701-1AA1-11EA-B7AC-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C1C9B21-1AA1-11EA-B7AC-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5A5B55D3-1AA1-11EA-B7AC-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7436F613-1AA1-11EA-B7AC-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{75AD5703-1AA1-11EA-B7AC-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C1C9B23-1AA1-11EA-B7AC-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\fb4mf11\imagestore.dat	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\XXEf[1].htm	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\favicon[1].ico	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\hBVHp[1].htm	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\robot[1].png	PNG image data, 171 x 213, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\urlblockindex[1].bin	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\97AC40E5.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ABF789A2.png	PNG image data, 426 x 305, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Temp\CSC7436.tmp	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSC9006.tmp	MSVC .res	#
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd	data	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#

MIL0001742828.xls

Comments

Tags

Available tags:

Details

IPs

Domains

URLs

Dropped files

MIL0001742828.xls Options

Comments

Tags

Available tags:

Details

IPs

Domains

URLs

Dropped files

Search started

Yara Super Rule creation started

MIL0001742828.xls