Register Login

sloganpng

top title background image

look_presentation#_71408.vbs

Status: finished

Submission Time: 2020-06-25 12:27:00 +02:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Tags

Details

Analysis ID:
241427
API (Web) ID:
378577
Analysis Started:

2020-06-25 12:27:01 +02:00
Analysis Finished:

2020-06-25 12:34:47 +02:00
MD5:
521906e7f5b5cc5fa9782471725745cc
SHA1:
23340ff86aa6b68a16bbbc2caaac838568233ca8
SHA256:
2b3a4f2c500583ec479259832810d125277169b598bc32756073a7881564bdd0
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 37/71

malicious

Score: 13/31

IPs

IP	Country	Detection
47.241.8.147	United States
88.99.66.31	Germany

Domains

Name	IP	Detection
cdn.arsis.at	47.241.8.147
iplogger.org	88.99.66.31

URLs

Name	Detection
http://cdn.arsis.at/api1/mYLZrBzMNIaZw16_2BW/4YFG0RgxKlRK_2Fir1Vxbp/1zeOpXZ1RGuug/cW16ylHW/NBpIauiIlNupSnS8GOrGq54/0WObhusgxg/mS0f3k79Lw_2B7vw5/izUUjmWTdjJF/O_2Fm9YCTSU/qwsUdEx24Yz43a/ZSkadbni5T64RYAqpzaCB/Lo5wGesQAUenHiOZ/yl24X9aMMBj99jm/S15S9rokTeKM6HOx0w/vnt5gsuw4/3cEVMwgagupbKOz3_2F8/m0WB73qStfyoxU_0A_0/D5E_2F9XO8l28k0PUJTw3r/Ux_2Blkf39EkL/SdIntVXwBSJL/drs3Z
http://cdn.arsis.at/api1/RSeU6bebZvucYA2sz/B7nQ9Cyl32QT/ZEQcaSP0BPW/ZHlmAh8Rtqjxit/vHkGYoC_2BczQVbSEq6sj/LtcXYP_2Fqwxzg_2/FNRg0eL0JrGgdtJ/p21djhrtWGqPyNYYZu/Eehx4MNec/9_2BRi0kMD_2B4biP7r4/03dUnCYgN_2FYmzhAHw/JhGGWWpuzqXDy8_2Fc9Re_/2F6kwJXNKENuM/MRQ43VYO/2Qp1T1sMyCZVZQaBrmAprdj/xY0J8Wb35e/Almq2pLc2OwOZvSqh/leK_0A_0De2U/6Kcpqgl4Gbv/26OaL4OgZqPLYa/JazPW95ctW_2BywZtR_2F/S_2F5p0DZ6OaWwGH/fut72M9H/o
http://www.wikipedia.com/
Click to see the 15 hidden entries
https://iplogger.org/1bP4670
https://iplogger.org/1bP467
http://cps.root-x1.letsencrypt.org0
https://iplogger.org/-I
http://www.twitter.com/
http://www.reddit.com/
http://www.live.com/
http://www.amazon.com/
http://ocsp.int-x3.letsencrypt.org0/
http://www.youtube.com/
http://cert.int-x3.letsencrypt.org/0
https://iplogger.org/~F
http://cps.letsencrypt.org0
https://iplogger.org/1bD467
http://www.nytimes.com/

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\bedim.swift	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\baseboard.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
Click to see the 15 hidden entries
C:\Users\user\AppData\Local\Temp\sis.sid	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\platform.mod	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\malaprop.xcf	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\adobe.url	MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Virginia.xz	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#