flash

New-PO-0485667-MED-April-Order-Quote,pdf.exe

Status: finished
Submission Time: 03.04.2020 05:46:14
Malicious
Ransomware
Trojan
Spyware
Evader
FormBook GuLoader

Comments

Tags

Details

  • Analysis ID:
    219988
  • API (Web) ID:
    336801
  • Analysis Started:
    03.04.2020 05:47:52
  • Analysis Finished:
    03.04.2020 06:01:33
  • MD5:
    65880ea7e3270017d2e0ac9dfde6e8aa
  • SHA1:
    e887092d69a7140be8565577d4b422084eff05f8
  • SHA256:
    e027f63d89a3215b920b2e2a811eee016b130cef782b14c074db4cce36070e55
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
28/68

malicious
11/31

IPs

IP Country Detection
172.217.23.97
United States

Domains

Name IP Detection
www.avtexsecurity.com
0.0.0.0
www.frankensteinmarketing.com
0.0.0.0
www.qaguie.com
0.0.0.0
Click to see the 4 hidden entries
www.itworksmx.com
104.31.78.145
googlehosted.l.googleusercontent.com
172.217.23.97
doc-04-0c-docs.googleusercontent.com
0.0.0.0
doc-10-2s-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
http://www.avtexsecurity.com/5ti/www.qaguie.com
http://www.campfirepunkrock.comReferer:
http://www.frankensteinmarketing.com/5ti/
Click to see the 87 hidden entries
http://www.bethemen.comReferer:
http://www.unitedstatescpa.com/5ti/www.aidengourley.com
http://www.founder.com.cn/cn/bThe
http://www.meekfit.comReferer:
http://myurl/myfile.bin
http://www.populationcanter.com
http://www.avtexsecurity.comReferer:
http://www.bjsbqx.com/5ti/0
http://www.makeinmetal.com/5ti/
http://www.frankensteinmarketing.com
http://www.aidengourley.com/5ti/
http://www.tiro.com
http://www.populationcanter.com/5ti/
http://www.collage.coffee
http://www.goodfont.co.kr
http://www.meekfit.com/5ti/
http://www.collage.coffeeReferer:
http://www.bethemen.com/5ti/www.collage.coffee
http://www.sajatypeworks.com
http://www.typography.netD
http://www.bjsbqx.com
http://www.founder.com.cn/cn/cThe
http://www.campfirepunkrock.com/5ti/
http://fontfabrik.com
http://www.ledo.ltd/5ti/www.unitedstatescpa.com
http://www.mitsegeln-mallorca.net/5ti/www.makeinmetal.com
http://www.domaky.comReferer:
http://www.domaky.com/5ti/www.bjsbqx.com
http://www.unitedstatescpa.com
http://www.campfirepunkrock.com/5ti/www.meekfit.com
http://www.aidengourley.com/5ti/www.populationcanter.com
http://www.campfirepunkrock.com
http://www.qaguie.com/5ti/
http://www.ledo.ltd
http://www.ledo.ltd/5ti/
http://www.collage.coffee/5ti/
http://www.meekfit.com/5ti/www.ledo.ltd
http://www.qaguie.comReferer:
http://www.avtexsecurity.com
http://www.bjsbqx.comReferer:
http://www.fonts.com
http://www.mitsegeln-mallorca.net/5ti/
http://www.sandoll.co.kr
http://www.meekfit.com
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://crl.pki.goog/GTS1O1.crl0
http://www.collage.coffee/5ti/www.mitsegeln-mallorca.net
https://doc-10-2s-docs.googleusercontent.com/y
http://www.aidengourley.com
http://www.itworksmx.com/5ti/www.frankensteinmarketing.com
http://www.autoitscript.com/autoit3/J
http://www.qaguie.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.itworksmx.comReferer:
http://www.qaguie.com/5ti/www.itworksmx.com
http://www.populationcanter.com/5ti/www.bethemen.com
http://ocsp.pki.goog/gts1o10
http://www.bjsbqx.com/5ti/
http://www.unitedstatescpa.com/5ti/
http://www.frankensteinmarketing.comReferer:
http://www.bethemen.com/5ti/
http://www.aidengourley.comReferer:
http://pki.goog/gsr2/GTS1O1.crt0
http://www.makeinmetal.comReferer:
http://www.mitsegeln-mallorca.netReferer:
http://www.ledo.ltdReferer:
http://crl.pki.g
http://www.unitedstatescpa.comReferer:
http://ocsp.pki.goog/gsr202
https://pki.goog/repository/0
http://www.avtexsecurity.com/5ti/
http://www.itworksmx.com/5ti/
http://www.populationcanter.comReferer:
http://www.itworksmx.com
http://www.makeinmetal.com
http://www.carterandcone.coml
http://www.makeinmetal.com/5ti/www.domaky.com
http://www.mitsegeln-mallorca.net
http://www.domaky.com
http://www.founder.com.cn/cn
http://www.domaky.com/5ti/
http://www.jiyu-kobo.co.jp/
http://www.bethemen.com
http://www.frankensteinmarketing.com/5ti/www.campfirepunkrock.com
http://crl.pki.goog/gsr2/gsr2.crl0?
https://doc-10-2s-docs.googleusercontent.com/docs/securesc/bl930ik2kpr52feb51v2mdu04inndbbi/d4a3aht3

Dropped files

Name File Type Hashes Detection
C:\Users\user\TING\Lytte.exe
empty
#
C:\Users\user\TING\Lytte.vbs
empty
#