covid-19 preventive measures.pps

Status: finished

Submission Time: 2020-06-23 08:08:24 +02:00

Malicious

Trojan

Spyware

Exploiter

Evader

Lokibot

Comments

Details

Analysis ID:
240724
API (Web) ID:
377190
Analysis Started:

2020-06-23 08:08:28 +02:00
Analysis Finished:

2020-06-23 08:17:38 +02:00
MD5:
cc17a31bb6d2ce8d57d3a108782b6796
SHA1:
4f996c5df95fdde1662c76238760f6f585732b28
SHA256:
63dd9c2279f0a416634a20224e9e8e015c7f8fab93e1147212ead6867cb7e68f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: unknown

Third Party Analysis Engines

Open Full Report

malicious

Score: 9/62

IPs

IP	Country	Detection
67.199.248.17	United States
77.105.36.109	Serbia
104.23.99.190	United States
Click to see the 1 hidden entries
104.23.98.190	United States

Domains

Name	IP	Detection
j.mp	67.199.248.17
visina-centar.com	77.105.36.109
pastebin.com	104.23.98.190

URLs

Name	Detection
http://visina-centar.com/glsx/btls/fre.php
https://visina-centar.com/glsx/btls/fre.php
https://pastebin.com/raw/YLq8icC2d
Click to see the 55 hidden entries
https://pastebin.com/raw/YLq8icC2aths
https://pastebin.com/raw/YLq8icC2...emp
http://crl.comod
https://pastebin.com/raw/SHWX0snhe
https://pastebin.com/raw/YLq8icC2https://pastebin.com/raw/YLq8icC2
https://j.mp/D
https://pastebin.com/raw/YLq8icC2sidjaisd
https://pastebin.com/eZ
https://pastebin.com/raw/NPPve1Q38y
https://pastebin.com/raw/eYgN0VQJl80
https://j.mp/ddddjxdsada$
https://pastebin.com/raw/NPPve1Q3...
https://pastebin.com/raw/NPPve1Q3C:
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
https://pastebin.com/raw/eYgN0VQJ...
Https://pastebin.com/raw/Y9J7y39n1
https://pastebin.com/raw/eYgN0VQJ=P
https://pastebin.com/raw/YLq8icC2
https://pastebin.com/raw/Y9J7y39ncrosoft
https://pastebin.com/raw/eYgN0VQJnnC:
https://pastebin.com/
https://pastebin.com/raw/SHWX0snhWX0snh14;ipt
https://secure.comodo.com/CPS0
https://pastebin.com/raw/SHWX0snhCo
http://crl.entrust.net/2048ca.crl0
https://pastebin.com/raw/YLq8icC2...UStc
https://pastebin.com/D
https://j.mp/ddddjxdsadasdasidjaisd
https://pastebin.com/raw/eYgN0VQJTC:
http://ocsp.entrust.net03
https://pastebin.com/raw/eYgN0VQJ
http://www.ibsensoftware.com/
https://pastebin.com/raw/Y9J7y39n...
https://pastebin.com/raw/YLq8icC2rC:
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.diginotar.nl/cps/pkioverheid0
https://report-uri.cloudflare.com/cdn-cg
https://pastebin.com/raw/NPPve1Q3
https://pastebin.com/raw/SHWX0snh:
https://pastebin.com/raw/Y9J7y39nC:
https://pastebin.com/raw/eYgN0VQJ...ws
https://pastebin.com/raw/SHWX0snh
https://pastebin.com/raw/NPPve1Q33
http://ocsp.entrust.net0D
https://pastebin.com/raw/Y9J7y39nVb
https://pastebin.com/raw/eYgN0VQJrC:
https://pastebin.com/raw/eYgN0VQJv80
https://pastebin.com/raw/Y9J7y39n
https://j.mp/U
https://pastebin.com/raw/SHWX0snh...emp
https://pastebin.com/raw/YLq8icC2dx
https://pastebin.com/d
https://pastebin.com/ul
https://pastebin.com/raw/YLq8icC2sidjaisdB1
http://crl.entrust.net/server1.crl0

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\85CB65\5E97AF.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RQTHY2LGCNQ9IJ2EYDVU.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L59T7T8BGYNJRKUEEVFV.temp	data	#
Click to see the 19 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JT40GSET393NIFIJ02BR.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\61A9WQLGV448WCAQJ7I6.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\50SH6GFS8XMV8KYA3NR9.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\U8X73K0Z.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\covid-19 preventive measures.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:51 2020, mtime=Tue Jan 28 13:45:51 2020, atime=Tue Jun 23 05:09:24 2020, length=63488, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-290172400-2828352916-2832973385-1004\ce1d9ab061b5b7ff17c765603e761dae_0f4f5130-48fa-4204-b1c4-585fbb81cd25	data	#
C:\Users\user\AppData\Roaming\85CB65\5E97AF.lck	very short file (no magic)	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H42I2P1\QHsa4nmq[1].txt	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3P09LTC\YLq8icC2[1].txt	HTML document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3P09LTC\Y9J7y39n[1].txt	HTML document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1BTMO6D\eYgN0VQJ[1].txt	HTML document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1BTMO6D\ddddjxdsadasdasidjaisd[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1BTMO6D\QHsa4nmq[1].txt	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB2XU27E\QHsa4nmq[1].txt	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB2XU27E\NPPve1Q3[2].txt	HTML document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB2XU27E\NPPve1Q3[1].txt	HTML document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H42I2P1\eYgN0VQJ[1].txt	HTML document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H42I2P1\SHWX0snh[1].txt	HTML document, ASCII text, with CRLF line terminators	#

covid-19 preventive measures.pps

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

covid-19 preventive measures.pps Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

covid-19 preventive measures.pps