flash

look_presentation#_71408.vbs

Status: finished
Submission Time: 25.06.2020 12:27:00
Malicious
E-Banking Trojan
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    241427
  • API (Web) ID:
    378577
  • Analysis Started:
    25.06.2020 12:27:01
  • Analysis Finished:
    25.06.2020 12:34:47
  • MD5:
    521906e7f5b5cc5fa9782471725745cc
  • SHA1:
    23340ff86aa6b68a16bbbc2caaac838568233ca8
  • SHA256:
    2b3a4f2c500583ec479259832810d125277169b598bc32756073a7881564bdd0
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
37/71

malicious
13/31

IPs

IP Country Detection
47.241.8.147
United States
88.99.66.31
Germany

Domains

Name IP Detection
cdn.arsis.at
47.241.8.147
iplogger.org
88.99.66.31

URLs

Name Detection
http://cdn.arsis.at/api1/RSeU6bebZvucYA2sz/B7nQ9Cyl32QT/ZEQcaSP0BPW/ZHlmAh8Rtqjxit/vHkGYoC_2BczQVbSEq6sj/LtcXYP_2Fqwxzg_2/FNRg0eL0JrGgdtJ/p21djhrtWGqPyNYYZu/Eehx4MNec/9_2BRi0kMD_2B4biP7r4/03dUnCYgN_2FYmzhAHw/JhGGWWpuzqXDy8_2Fc9Re_/2F6kwJXNKENuM/MRQ43VYO/2Qp1T1sMyCZVZQaBrmAprdj/xY0J8Wb35e/Almq2pLc2OwOZvSqh/leK_0A_0De2U/6Kcpqgl4Gbv/26OaL4OgZqPLYa/JazPW95ctW_2BywZtR_2F/S_2F5p0DZ6OaWwGH/fut72M9H/o
http://cdn.arsis.at/api1/mYLZrBzMNIaZw16_2BW/4YFG0RgxKlRK_2Fir1Vxbp/1zeOpXZ1RGuug/cW16ylHW/NBpIauiIlNupSnS8GOrGq54/0WObhusgxg/mS0f3k79Lw_2B7vw5/izUUjmWTdjJF/O_2Fm9YCTSU/qwsUdEx24Yz43a/ZSkadbni5T64RYAqpzaCB/Lo5wGesQAUenHiOZ/yl24X9aMMBj99jm/S15S9rokTeKM6HOx0w/vnt5gsuw4/3cEVMwgagupbKOz3_2F8/m0WB73qStfyoxU_0A_0/D5E_2F9XO8l28k0PUJTw3r/Ux_2Blkf39EkL/SdIntVXwBSJL/drs3Z
http://www.nytimes.com/
Click to see the 15 hidden entries
https://iplogger.org/1bD467
http://cps.letsencrypt.org0
https://iplogger.org/~F
http://cert.int-x3.letsencrypt.org/0
http://www.youtube.com/
http://ocsp.int-x3.letsencrypt.org0/
http://www.wikipedia.com/
http://www.amazon.com/
http://www.live.com/
http://www.reddit.com/
http://www.twitter.com/
https://iplogger.org/-I
http://cps.root-x1.letsencrypt.org0
https://iplogger.org/1bP467
https://iplogger.org/1bP4670

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\baseboard.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\bedim.swift
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 15 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\Virginia.xz
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\adobe.url
MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\malaprop.xcf
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\platform.mod
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\sis.sid
ASCII text, with very long lines, with no line terminators
#