flash

view_attach_b8x.js

Status: finished
Submission Time: 06.04.2020 11:57:16
Malicious
Phishing
E-Banking Trojan
Trojan
Spyware
Evader
Gozi Ursnif

Comments

Tags

Details

  • Analysis ID:
    220434
  • API (Web) ID:
    337649
  • Analysis Started:
    06.04.2020 11:57:28
  • Analysis Finished:
    06.04.2020 12:11:14
  • MD5:
    769281282abdc716400add44ac864a2a
  • SHA1:
    dab56ba0919d81b15c49be75ebe3c06cf443d0f6
  • SHA256:
    cb1ad676576b6bb40dbc4833e11d6fb6cd247b75dbd76e6125a4d1dcf0b055be
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
52/100

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Run Condition: Without Instrumentation

malicious
100/100

malicious
15/58

malicious
10/47

IPs

IP Country Detection
5.101.51.143
Russian Federation

Domains

Name IP Detection
f1.pipen.at
5.101.51.143
api10.dianer.at
5.101.51.143
resolver1.opendns.com
208.67.222.222
Click to see the 1 hidden entries
vv.malorun.at
5.101.51.143

URLs

Name Detection
http://f1.pipen.at/favicon.ico
http://f1.pipen.at/api1/RIkBvjzuoO/tMqxDBrVTRrzfr2Kb/53ovMdf_2BCA/h995fSUlMdo/mc7eqDY3_2FUly/NReA6hy
http://f1.pipen.at/api1/cihLfcpMy/efzR22ZLuifw3CQ8_2Bs/P4VCpXGcJTnQBznbCOS/STSG_2FF4kbAq_2BhV6c
Click to see the 32 hidden entries
http://f1.pipen.at/api1/HVRdgLc7ESeoGO/rk3SKwyodoNRYK1XctSAH/GYrAAtY4ZkkFA692/Qn14u_2BARgo8Tu/I8dmXh
http://f1.pipen.at/api1/cihLfcpMy/efzR22ZLuifw3CQ8_2Bs/P4VCpXGcJTnQBznbCOS/STSG_2FF4kbAq_2BhV6cEi/uFtqETcU4xGth/YAXmdKUb/sLPsBxxkPEG2bECnoEuC4Ol/YLnPia_2Fk/NQYEDs97KJCz6TrIM/w1LcDsZ1UWgf/Zr9p72JZzOk/qL0nBfStLTVDdm/rNZchFj_2BOpz2zhAwfnk/YNjDoDQV0SduZ0YM/Lb8VWk_2F9zbIuE/dAwcNPDyrsLjoKv_2B/mEbIe3JXU/FSzXNLV3j_0A_0DyAvrZ/N6x3r1kX_2B0Rcy9CsC/NwpnQ9GW36MfD_2BGzwf6C/_2FTXNJPf30Rk/67iPYmFkPfLB/QeN
http://f1.pipen.at/api1/RIkBvjzuoO/tMqxDBrVTRrzfr2Kb/53ovMdf_2BCA/h995fSUlMdo/mc7eqDY3_2FUly/NReA6hyL_2FV7VwyiTH2m/chFe5dw2XLD7Exw9/UbJaKUC2eEkW1Ll/KhVmYcOAeOE1kz4rpz/Nx61A1y_2/BBExcKhQfVhooPPFgMXC/KGe1JMDBYsLsDjNJ5kE/_2F1q9hvtwlpsG9tLoReF_/2FdaXDC3_2Fwb/7xUJtaUu/408U_2B96WK1lQNUPZlg5RL/EdC1k8lvoE/E30Zy0LeZZ_0A_0DS/bMk9lb8_2B2u/syGKhXf2s4M/RVmwZMar5Fa7_2/FNe_2BbPgl0iqbFKC_2FC/jooaXJQUQ7ZTC_2F/2JA
http://https://file://USER.ID%lu.exe/upd
http://www.founder.com.cn/cn/cThe
http://fontfabrik.com
http://www.founder.com.cn/cn
http://constitution.org/usdeclar.txt
http://www.jiyu-kobo.co.jp/
http://ns.micro/1Y
http://www.fonts.com
http://www.sandoll.co.kr
https://www.heise.de/
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://vv.malorun.at/api1/sooKQ9PSB77euyrf4LISpR/66iyqY7TD5dm8/pw_2BoKy/wqT0N6RVnjtiKpgMBpOM_2B/3_2B0Wm9I3/04eO6uIei4KKIRL_2/F2xzdWEge882/j8E0slfhrD_/2FvtCHZHiWQXNh/UVOKKc_2FGuk7jcQ3O77L/U7mMgws0OvkqAKM5/4RQFS_2B0eq89Jt/ccWdUliXrZxUko2r_2/BRUyhl2QP/Bjlow02qkzZG2uM1G2xu/_2FRgqBWswlgCa4jfov/3wK3clPoZ_2FpGNkwbfZs_/2BBb_0A_0DYWI/XCDhGc7c/_2FuIVk_2BTIaPB3OV2nvzI/Se8aU0pl1dRA8Fd/yM
http://vv.malorun.at/api1/j2efODdZ9LERArMcGtluYS/bNvgT_2BbkGh4/toprFYIa/JXBqwA3FGWu2QWm58oqjcMH/CW45kUw34b/WbFe5_2BdHOq7brk6/FcYWwOgU9XXb/6pEFn0GtEIo/hUUbX_2BOASas5/r7RaRr5eaCF3pGGskJN2Y/CfkDW2J8MHlWoQJ4/10v_2F5OQSCIDgG/Mq78Omd5J3D0KeMoGH/_2BzE2vEN/MAF1hRNADL5TZlRm_2Ff/RFMSmqvqE9b7jcOrZuP/0_2FmVv1GFSe2EABqw_0A_/0D0KjmVQ8mG7n/_2BjqJSj/jr8o2rR3zk70cZI8Pd8N7YZ/NGkNRO0
http://www.autoitscript.com/autoit3/J
http://www.apache.org/licenses/LICENSE-2.0
http://www.founder.com.cn/cn/bThe
http://ns.adobp/y
http://constitution.org/usdeclar.txtC:
http://vv.malorun.at/api1/2voe_2BiyW2Z7lZzdTQUp/h75WDPyTeR9cXeFO/xWRVODrX_2F3AuW/DoJI6_2F7sp3LyKJtr/leQAvTmod/P8_2B_2BHtjGRfBoWgoM/JpFo34sHeDTOnqStGcq/mWqLaNA_2BnFoNjGZl6_2F/idf4g5wEzlrWe/bOVfTl1N/uL05VLixDBmTG0YMHjZREy5/d0CH7FivQa/sUbDfXI_2Brye2tEc/4XkMMTm3A_2B/Cm1ZTQnDD9Y/lbbKXepaciRNXT/zaotExxjaBMXh5WEQvS5n/A_0A_0DoH7YTAB_2/BrIwtOS2W0tlBBX/QOKs2oR3st6st3uXGA/T3a776G
http://www.tiro.com
http://ns.adobe.ux9
http://api10.dianer.at/jvassets/xI/t64.dat
http://ns.adobe.cmg
http://www.goodfont.co.kr
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
http://vv.malorun.at/api1/xQF_2FQ_/2FxMKw6rztNFVeMF2Dq9Hyq/JEf6UZRTnQ/pjEjSUnRzjha6mcI6/4eNkEYmv_2Bj/CpDcgaoEmFm/7Uw_2BBLr71Wh2/O_2F0dyvLrG6En9mrf6Y2/Hh4dMT3dmYzpW2hc/CMV4JT5fam0_2F8/_2FFXJGiIiPnaK9ovJ/poTdn2G53/HaGQIF62qquH1dClyFx1/C_2BN6xqVe8wnTNlrT5/2a5hduONJeuzowYPnGmUe_/2BBuJr4oZhdhO/_2BEn_2B/N3fKEQZOu31fT_2FTcDN_0A/_0DS8eFHFM/BuDimpa9LB63YduIV/D0B4LzF1EYqg/Q7jwjlDHc3_/2F

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
empty
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
empty
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
empty
#
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
empty
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
empty
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
empty
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
empty
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
empty
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
empty
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
empty
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
empty
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cba22xgz.3f3.ps1
empty
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ipcmtggp.njs.psm1
empty
#
C:\Users\user\AppData\Local\Temp\iUBu.txt
empty
#
C:\Users\user\AppData\Local\Temp\pJYlRpQA.LuPFL
empty
#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\prefs.js
empty
#
C:\Users\user\Documents\20200406\PowerShell_transcript.414408.ktVkvcMQ.20200406120318.txt
empty
#