flash

MyHealth.exe

Status: finished
Submission Time: 20.03.2020 14:04:56
Malicious
Ransomware
Trojan
Spyware
Evader
FormBook Lokibot

Comments

Tags

Details

  • Analysis ID:
    216825
  • API (Web) ID:
    330652
  • Analysis Started:
    20.03.2020 14:04:57
  • Analysis Finished:
    20.03.2020 14:25:18
  • MD5:
    fb385fd55a2dd00a0037341c4e89a251
  • SHA1:
    7473f0b77106ac41af12a4a91db13fa53505cd36
  • SHA256:
    0f626b5cc65ab623e203f4b4c3b99b4d833726fafd62ce725b6294d3ad8ad68b
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
50/73

malicious
18/40

malicious
20/31

IPs

IP Country Detection
162.209.159.116
United States
204.11.56.48
Virgin Islands (BRITISH)
184.168.221.86
United States
Click to see the 6 hidden entries
184.168.131.241
United States
217.160.0.224
Germany
198.54.117.197
United States
63.250.33.106
United States
198.49.23.145
United States
172.217.23.225
United States

Domains

Name IP Detection
www.sebasview.com
217.160.0.224
3365ssr.com
184.168.221.86
www.michalshahar.com
162.209.159.116
Click to see the 20 hidden entries
kiheielectricbikes.com
184.168.131.241
www.nacemo.com
63.250.33.106
www.workingtechnologiesmexico.com
204.11.56.48
www.factorylegends.com
198.54.117.197
www.strategicalliesamastermind.com
0.0.0.0
www.inflluitive.com
0.0.0.0
www.sightmaredesigns.com
0.0.0.0
www.frawgboy.com
0.0.0.0
www.impeachthatass.com
0.0.0.0
www.hutzyz.com
0.0.0.0
www.thecocktailmedia.com
0.0.0.0
www.kiheielectricbikes.com
0.0.0.0
www.legionetrangere.online
0.0.0.0
www.554306.top
0.0.0.0
www.3365ssr.com
0.0.0.0
ext-sq.squarespace.com
198.49.23.145
googlehosted.l.googleusercontent.com
172.217.23.225
westexpired.dopa.com
127.0.0.1
doc-14-bo-docs.googleusercontent.com
0.0.0.0
doc-0k-3c-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
http://www.nacemo.com/w0k/?Ttxh=sem+50/0YH3mEWESa99Xfx4+r5czIuNqkkKFb8xjbyQB4/frawbs3iCD49k7i6p7/qu6&GVm=4hedNPC8WB6p
http://www.michalshahar.com/w0k/
http://www.sebasview.com/w0k/
Click to see the 42 hidden entries
http://www.sebasview.com/w0k/?Ttxh=GyxwCZ1M+WopjQK5e9tGW3/PGaHjfFVHL5opZNL+ev8OmAkRdzMLOIFVrphwPYji8i11&GVm=4hedNPC8WB6p
http://www.3365ssr.com/w0k/
http://www.nacemo.com/w0k/
http://www.michalshahar.com/w0k/?Ttxh=vO9Vm2RARflm5p1PFXqn6eBrWTFFnunBf6X3DMkFEdmGbjkCk/pABuPtOpuxvLvCis20&GVm=4hedNPC8WB6p
http://www.frawgboy.com/w0k/
http://www.kiheielectricbikes.com/w0k/?Ttxh=PcDZAYiJMyi1sNPMwoDVqsoC1cthxoAbOhKng71B3qX+ijDUh+XAYLydGv6YiAGIrKQP&GVm=4hedNPC8WB6p
http://www.3365ssr.com/w0k/?Ttxh=K42Ma8CsrX67CksjQH12R0Ttz7K+7j+uYmNE91+lE2r7D1u+oYQSBjHsLCqRW2+VsJ6V&GVm=4hedNPC8WB6p
http://www.workingtechnologiesmexico.com/w0k/
http://www.frawgboy.com/w0k/?Ttxh=bOZei0djbqQh4s/jjsK6/wovAQFBdVAJChW9V931OnaIZSC2PGiIkIz/okgGLWbQ2jbY&GVm=4hedNPC8WB6p
http://www.workingtechnologiesmexico.com/w0k/?Ttxh=chA0yBmUTNqQLPZwVUvzar2BiddoiQLWjuJCjqNw20a2YkZ8Mux+jO9XQqSfhLpE4lVG&GVm=4hedNPC8WB6p
http://www.kiheielectricbikes.com/w0k/
http://www.autoitscript.com/autoit3/J
http://www.apache.org/licenses/LICENSE-2.0
https://doc-14-bo-docs.googleusercontent.com/docs/securesc/plapmduvvfganab5gel4b10ifq42kjev/4
https://doc-14-bo-docs.googleusercontent.com/K
http://www.founder.com.cn/cn/bThe
http://myurl/myfile.bin
http://ocsp.pki.goog/gts1o10
https://doc-14-bo-docs.googleusercontent.com/docs/securesc/plapmduvvfganab5gel4b10ifq42kjev/45cqeqn6
http://www.tiro.com
http://pki.goog/gsr2/GTS1O1.crt0
http://ocsp.pki.goog/gsr202
http://www.goodfont.co.kr
https://pki.goog/repository/0
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
https://pki.goog
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.jiyu-kobo.co.jp/
https://doc-14-bo-docs.googleusercontent.com/doI
http://ocsp.pki.g2
http://www.fonts.com
http://www.sandoll.co.kr
https://doc-14-bo-docs.googleusercontent.com/;
http://crl.pki.goog/gsr2/gsr2.crl0?
http://www.zhongyicts.com.cn
https://doc-14-bo-docs.googleusercontent.com/
http://www.sakkal.com
http://crl.pki.goog/GTS1O1.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\DB1
empty
#
C:\Users\user\AppData\Local\Temp\G8prdul4\jj0t1be8.exe
empty
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
empty
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Roaming\O2116906\O21logim.jpeg
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logrf.ini
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logrg.ini
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logri.ini
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logrv.ini
empty
#