view_attach_b8x.js

Status: finished

Submission Time: 2020-04-06 11:57:16 +02:00

Malicious

Phishing

E-Banking Trojan

Trojan

Spyware

Evader

Gozi Ursnif

Comments

Details

Analysis ID:
220434
API (Web) ID:
337649
Analysis Started:

2020-04-06 11:57:28 +02:00
Analysis Finished:

2020-04-06 12:11:14 +02:00
MD5:
769281282abdc716400add44ac864a2a
SHA1:
dab56ba0919d81b15c49be75ebe3c06cf443d0f6
SHA256:
cb1ad676576b6bb40dbc4833e11d6fb6cd247b75dbd76e6125a4d1dcf0b055be
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 52	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Without Instrumentation

Third Party Analysis Engines

Open Full Report

malicious

Score: 15/58

malicious

Score: 10/47

IPs

IP	Country	Detection
5.101.51.143	Russian Federation

Domains

Name	IP	Detection
f1.pipen.at	5.101.51.143
api10.dianer.at	5.101.51.143
resolver1.opendns.com	208.67.222.222
Click to see the 1 hidden entries
vv.malorun.at	5.101.51.143

URLs

Name	Detection
http://f1.pipen.at/api1/RIkBvjzuoO/tMqxDBrVTRrzfr2Kb/53ovMdf_2BCA/h995fSUlMdo/mc7eqDY3_2FUly/NReA6hy
http://f1.pipen.at/favicon.ico
http://f1.pipen.at/api1/RIkBvjzuoO/tMqxDBrVTRrzfr2Kb/53ovMdf_2BCA/h995fSUlMdo/mc7eqDY3_2FUly/NReA6hyL_2FV7VwyiTH2m/chFe5dw2XLD7Exw9/UbJaKUC2eEkW1Ll/KhVmYcOAeOE1kz4rpz/Nx61A1y_2/BBExcKhQfVhooPPFgMXC/KGe1JMDBYsLsDjNJ5kE/_2F1q9hvtwlpsG9tLoReF_/2FdaXDC3_2Fwb/7xUJtaUu/408U_2B96WK1lQNUPZlg5RL/EdC1k8lvoE/E30Zy0LeZZ_0A_0DS/bMk9lb8_2B2u/syGKhXf2s4M/RVmwZMar5Fa7_2/FNe_2BbPgl0iqbFKC_2FC/jooaXJQUQ7ZTC_2F/2JA
Click to see the 32 hidden entries
http://https://file://USER.ID%lu.exe/upd
http://f1.pipen.at/api1/cihLfcpMy/efzR22ZLuifw3CQ8_2Bs/P4VCpXGcJTnQBznbCOS/STSG_2FF4kbAq_2BhV6c
http://f1.pipen.at/api1/HVRdgLc7ESeoGO/rk3SKwyodoNRYK1XctSAH/GYrAAtY4ZkkFA692/Qn14u_2BARgo8Tu/I8dmXh
http://f1.pipen.at/api1/cihLfcpMy/efzR22ZLuifw3CQ8_2Bs/P4VCpXGcJTnQBznbCOS/STSG_2FF4kbAq_2BhV6cEi/uFtqETcU4xGth/YAXmdKUb/sLPsBxxkPEG2bECnoEuC4Ol/YLnPia_2Fk/NQYEDs97KJCz6TrIM/w1LcDsZ1UWgf/Zr9p72JZzOk/qL0nBfStLTVDdm/rNZchFj_2BOpz2zhAwfnk/YNjDoDQV0SduZ0YM/Lb8VWk_2F9zbIuE/dAwcNPDyrsLjoKv_2B/mEbIe3JXU/FSzXNLV3j_0A_0DyAvrZ/N6x3r1kX_2B0Rcy9CsC/NwpnQ9GW36MfD_2BGzwf6C/_2FTXNJPf30Rk/67iPYmFkPfLB/QeN
http://vv.malorun.at/api1/sooKQ9PSB77euyrf4LISpR/66iyqY7TD5dm8/pw_2BoKy/wqT0N6RVnjtiKpgMBpOM_2B/3_2B0Wm9I3/04eO6uIei4KKIRL_2/F2xzdWEge882/j8E0slfhrD_/2FvtCHZHiWQXNh/UVOKKc_2FGuk7jcQ3O77L/U7mMgws0OvkqAKM5/4RQFS_2B0eq89Jt/ccWdUliXrZxUko2r_2/BRUyhl2QP/Bjlow02qkzZG2uM1G2xu/_2FRgqBWswlgCa4jfov/3wK3clPoZ_2FpGNkwbfZs_/2BBb_0A_0DYWI/XCDhGc7c/_2FuIVk_2BTIaPB3OV2nvzI/Se8aU0pl1dRA8Fd/yM
http://www.sakkal.com
http://vv.malorun.at/api1/j2efODdZ9LERArMcGtluYS/bNvgT_2BbkGh4/toprFYIa/JXBqwA3FGWu2QWm58oqjcMH/CW45kUw34b/WbFe5_2BdHOq7brk6/FcYWwOgU9XXb/6pEFn0GtEIo/hUUbX_2BOASas5/r7RaRr5eaCF3pGGskJN2Y/CfkDW2J8MHlWoQJ4/10v_2F5OQSCIDgG/Mq78Omd5J3D0KeMoGH/_2BzE2vEN/MAF1hRNADL5TZlRm_2Ff/RFMSmqvqE9b7jcOrZuP/0_2FmVv1GFSe2EABqw_0A_/0D0KjmVQ8mG7n/_2BjqJSj/jr8o2rR3zk70cZI8Pd8N7YZ/NGkNRO0
http://www.zhongyicts.com.cn
http://www.founder.com.cn/cn/cThe
https://www.heise.de/
http://www.sandoll.co.kr
http://www.fonts.com
http://ns.micro/1Y
http://www.jiyu-kobo.co.jp/
http://constitution.org/usdeclar.txt
http://www.founder.com.cn/cn
http://fontfabrik.com
http://vv.malorun.at/api1/xQF_2FQ_/2FxMKw6rztNFVeMF2Dq9Hyq/JEf6UZRTnQ/pjEjSUnRzjha6mcI6/4eNkEYmv_2Bj/CpDcgaoEmFm/7Uw_2BBLr71Wh2/O_2F0dyvLrG6En9mrf6Y2/Hh4dMT3dmYzpW2hc/CMV4JT5fam0_2F8/_2FFXJGiIiPnaK9ovJ/poTdn2G53/HaGQIF62qquH1dClyFx1/C_2BN6xqVe8wnTNlrT5/2a5hduONJeuzowYPnGmUe_/2BBuJr4oZhdhO/_2BEn_2B/N3fKEQZOu31fT_2FTcDN_0A/_0DS8eFHFM/BuDimpa9LB63YduIV/D0B4LzF1EYqg/Q7jwjlDHc3_/2F
http://www.typography.netD
http://www.sajatypeworks.com
http://www.carterandcone.coml
http://www.goodfont.co.kr
http://ns.adobe.cmg
http://api10.dianer.at/jvassets/xI/t64.dat
http://ns.adobe.ux9
http://www.tiro.com
http://vv.malorun.at/api1/2voe_2BiyW2Z7lZzdTQUp/h75WDPyTeR9cXeFO/xWRVODrX_2F3AuW/DoJI6_2F7sp3LyKJtr/leQAvTmod/P8_2B_2BHtjGRfBoWgoM/JpFo34sHeDTOnqStGcq/mWqLaNA_2BnFoNjGZl6_2F/idf4g5wEzlrWe/bOVfTl1N/uL05VLixDBmTG0YMHjZREy5/d0CH7FivQa/sUbDfXI_2Brye2tEc/4XkMMTm3A_2B/Cm1ZTQnDD9Y/lbbKXepaciRNXT/zaotExxjaBMXh5WEQvS5n/A_0A_0DoH7YTAB_2/BrIwtOS2W0tlBBX/QOKs2oR3st6st3uXGA/T3a776G
http://constitution.org/usdeclar.txtC:
http://ns.adobp/y
http://www.founder.com.cn/cn/bThe
http://www.apache.org/licenses/LICENSE-2.0
http://www.autoitscript.com/autoit3/J

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	empty	#
C:\Users\user\Documents\20200406\PowerShell_transcript.414408.ktVkvcMQ.20200406120318.txt	empty	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\prefs.js	empty	#
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Temp\pJYlRpQA.LuPFL	empty	#
C:\Users\user\AppData\Local\Temp\iUBu.txt	empty	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ipcmtggp.njs.psm1	empty	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cba22xgz.3f3.ps1	empty	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	empty	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	empty	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	empty	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	empty	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	empty	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	empty	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	empty	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	empty	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	empty	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	empty	#

view_attach_b8x.js

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

view_attach_b8x.js Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

view_attach_b8x.js