flash

https://www.mediafire.com/file/6urm5ylq31a3s24/Odeme_makbuzu.7z/file

Status: finished
Submission Time: 28.05.2020 15:17:15
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    233861
  • API (Web) ID:
    363872
  • Analysis Started:
    28.05.2020 15:27:47
  • Analysis Finished:
    28.05.2020 15:36:43
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

IPs

IP Country Detection
205.196.120.116
United States
104.16.202.237
United States
104.16.203.237
United States
Click to see the 2 hidden entries
77.88.21.158
Russian Federation
205.196.122.104
United States

Domains

Name IP Detection
www.mediafire.com
104.16.203.237
smtp.yandex.ru
77.88.21.158
download668.mediafire.com
205.196.120.116
Click to see the 2 hidden entries
download1163.mediafire.com
205.196.122.104
smtp.yandex.com
0.0.0.0

URLs

Name Detection
http://PXKgmspk46.com
http://ocsp.sectigo.com0)
https://www.mediafire.com/file/y5pwzn9cfp14skc/origin_KpByGzql114.bin/file
Click to see the 24 hidden entries
http://yandex.ocsp-responder.com03
http://subca.ocsp-certum.com0.
http://repository.certum.pl/ca.cer09
http://crls.yandex.net/certum/ycasha2.crl0-
http://PXKgmspk46.comX)
http://subca.ocsp-certum.com01
http://crl.certum.pl/ca.crl0h
https://www.mediafire.com/file/6urm5ylq31a3s24/Odeme_makbuzu.7z/file
http://www.certum.pl/CPS0
http://repository.certum.pl/ycasha2.cer0
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
https://sectigo.com/CPS0
http://repository.certum.pl/ctnca.cer09
http://ocsp.sectigo.comt1
https://download668.mediafire.com/p59u6u7bvveg/6urm5ylq31a3s24/Odeme
https://www.mediafire.com/file/6urm5ylq31a3s24/Odeme_makbuzu.7z/fileIr
http://yandex.crl.certum.pl/ycasha2.
http://crl.certum.pl/ctnca.crl0k
http://ocsp.sectigo.comj0
https://www.mediafire.com/file/6urm5ylq31a3s24/Odeme_makbuzu.7z/fileOr
http://yandex.crl.certum.pl/ycasha2.crl0q
https://www.mediafire.com
http://ocsp.sectigo.com
https://www.certum.pl/CPS0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\abjfzdtz.g1i\Odeme makbuzu.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\ghla5sa3.krd\unarchiver.log
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\cmdline.out
ASCII text, with CRLF line terminators
#
Click to see the 2 hidden entries
C:\Users\user\Desktop\download\.wget-hsts
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\download\Odeme makbuzu.7z
7-zip archive data, version 0.4
#