flash

Covid19-UPDATE_PDF.exe

Status: finished
Submission Time: 20.03.2020 16:14:16
Malicious
Spyware
Evader
Lokibot

Comments

Tags

Details

  • Analysis ID:
    216865
  • API (Web) ID:
    330730
  • Analysis Started:
    20.03.2020 16:14:17
  • Analysis Finished:
    20.03.2020 16:27:57
  • MD5:
    ffb36c8c28030744b454a85a2c900c8e
  • SHA1:
    c0f8a7dd769043b2ae56982f100ab425d756976a
  • SHA256:
    b4d98575660e7cbba4683b3aed502fd84c902272134b2c27d60bebf0f6e827bf
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
35/73

malicious
26/43

IPs

IP Country Detection
104.31.90.21
United States
104.31.91.21
United States

Domains

Name IP Detection
brokenservices.xyz
104.31.90.21

URLs

Name Detection
http://brokenservices.xyz/Broken/fre.php
http://www.ibsensoftware.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\1CF93A\AA2F06.lck
very short file (no magic)
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-58933367-3072710494-194312298-1003\96bdc98f969deb1d88501139d4850d83_59407d34-c8c5-44df-a766-ba8a11cb1cb0
data
#