flash

my_attach#_06124.vbs

Status: finished
Submission Time: 27.06.2020 00:32:32
Malicious
E-Banking Trojan
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    241823
  • API (Web) ID:
    379369
  • Analysis Started:
    27.06.2020 00:32:33
  • Analysis Finished:
    27.06.2020 00:44:34
  • MD5:
    570cab3ed56a9c69bc3e5b85a838b42d
  • SHA1:
    c2952cbb31ee98c5c1a676e1820a3c73345083a0
  • SHA256:
    3a34c90fa6f4c879311dee500a97fb07aa8f62e338d6d4c539132d1d0234079e
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
34/71

malicious
9/31

IPs

IP Country Detection
47.91.16.227
United States
88.99.66.31
Germany

Domains

Name IP Detection
cdn.arsis.at
47.91.16.227
iplogger.org
88.99.66.31

URLs

Name Detection
http://cdn.arsis.at/api1/hz97n8cnbWByHJSX1uSMnci/P9_2BILQ1e/dnPNV0fyiVU_2Br7s/02amqxoUxbM_/2BGXgayYz56/zWTUCIjzJ_2BlC/MJH5QgHUEANjDA461GVMo/UA_2F_2BzYZAZwqp/3AV9GOYKWGQzL8A/ZWKmxUaXBA4OcfwAeT/U5_2BE8CU/rkMhNCTkHOwjhW7YvOHV/9_2Fqi1_2BypxV_2Bhg/0FAsEVU9utUbL8sXDFldkA/KNLQgfREFwQUD/EDv3w1iL/PbOqbfXfizUqkE6X_2FSVMO/r4K_0A_0Da/8TW8Yc7WjEMnyKAAA/2w4rRVDfSrmR/7OukakMqAtm/Q6e2gQYnb9ER0Q/igiWflK8/lejxx
http://cdn.arsis.at/api1/fxjsIj2jR8BNE/F42BB2cS/pRAg9fSSeeku4B6pUCISps6/9ZdZhznK4b/nXdY6VARNy8VMsuHh/y18aFBcuI_2F/3vhqBByVRw4/jo7GUQKq_2FqQj/2WSDAuNJQzrqD7Ag6mNjv/_2FextiqI23uwtyT/Mdp8K3YP_2BfHv2/_2B9a1TExSrCDWXixG/Iwpw_2Fj1/SkQd9_2B4XEcYKPb33B_/2FPtAf2KkPtzfdWwZIb/SQbjbBqVN79qXqjDNvsaes/rB3Bow00Y8PXa/L_2BfBjx/w_0A_0D8sbdWC4WZo5ORsBb/1XTj13SSMv/cM8mJ_2F7I1vycCzZ/B_2FcktP
http://cdn.arsis.at/api1/rhNfD073Taq/rnBW5t3cLz4BUo/nHlEDIuHYs_2Ffbw5BV_2/F3M87a6E_2BP6_2B/bCW6hx464O7Xvsz/W52nBXijAodpItwm2I/SEnWEWYJu/_2BY6bjcMGZCL3sOr51B/EiCOp1L2bhlGVlhcpkx/j4GuFMXTMLc5oKBR7gpHAM/QSZ6WrANPminl/F3o7ONFX/kroGcx4d5l8hSbEV3qE8qfN/wd8UzNM8EO/bsjuuJE997Y6cHIEk/c2BryE0_2B_2/B0y4qGU9PwI/yVjdEi3_0A_0Ds/LBpESX0SoBzRDm5Tx54Ov/06od7bz2cJuLRIZ2/_2BoyoaQu2rjHY8/TMFxyI_2FGwuEFM/oRxa
Click to see the 25 hidden entries
http://cdn.arsis.at/api1/pQh2M_2F1_2/F_2FnVErTuJz5E/6YUGgSz_2BY8vlGRAmy1Y/vG7j_2F0uv94w_2B/YnW9pBGrTOBNuUc/MINwjeEKyC0P36DxQ5/4PbTfcOZR/9BecQBnJtLqUlJNpRZtA/SzJfICaQCk_2FROqvPS/gq081chE2HbIzYxx7MKKCd/kx1MJHdzsjVRI/JdUwgHxE/4FG9a51Ow1iDTdiODs95lPj/xHpx666jml/H09Qhhjyw973_2Bxj/dCSAQpxQOpPZ/fkB3WmXTM21/shpkO9yV2_0A_0/DE_2BIfpqo0lxcXDUnL2u/Kss1kP7Flho9nbkH/ql1VBPhma0ypjna/v5QVQmfj1/lswWXVE_2/BiB
http://cdn.arsis.at/api1/BwbB4UsOZukU07HE_2BFN/Gpg7z7yeHzDd_2Fm/RMF1ohpkmRkvhoW/a1UE6D_2BzIE17_2Fa/ZAeG37HV4/ayu5TaoKW7WoJBZCnCG2/ZYtUk_2F1O1jO77N_2F/fFTKbAhck821yl8sIcpULb/KRQTmoV9IZqOw/ci_2B2A4/RtDK9_2FDwNbmrxUi3QcYd9/Tsb_2FXFGV/TMzsVn2liRpDNt6Uc/HErJ6ZbIjWZK/QV6XOc43SnY/NFtYQxzSSo7g8h/OInKB_2F3fXUYj_2FT6WE/LDLc1_0A_0DcIhBr/AfhJFRgvjtT_2Be/vxR7j68YDQ_2FtMkW4/2oqMHzKct/a927FlH5MBiPNaHw4C_2/FgfplQE
http://cdn.arsis.at/api1/0ibSt7U8YYxZ8eW7SWKI/8GNJxYSnswWUqOCZ4Jj/xJ5zWr1ej3mplmzFaQBRYE/62ZdLtNoBWvgm/L32_2FRn/WQeOCC4bPBa7ba_2Byan1vL/NLjnAV_2BY/ieZI9ry8kTnEfwyyJ/DNQ3eBtosyED/Wk_2Bq6HY8g/BquU7u6os4oXGa/DBcXJKgeWm174uRgUUp5l/sgw3J_2FX6_2BGg_/2BPC0t9Cwf6xwPx/_2BCmU9c8ek_2Fcs3H/cWfkVRs8V/U4FafN7Ir8UVMpeTfvzM/dx_0A_0DWK8Mlx4YEi9/kObsnuWMgCvnxbub4cPR0c/_2B7E2rNMn5G_/2B4or6M_/2FJh8A_2Bdk_2BZTo2VY_2F/D6w
http://cdn.arsis.at/api1/AePYjkAFW40rOWC2ETuaTz/wBavDBsAz_2Be/4Vnzih_2/FYWabM8Jehj74LAWnOpDPGx/_2B_2Bv5Yn/p_2BSrv_2F2KPT7Aj/m35_2BwBV_2F/7oO2jYgQ_2B/qie_2Boy47U0hD/n2FiwfImY1lDdTcZAQHWf/H4Wtwo6FW_2F1_2B/G9_2Fl_2FTzlE0o/iuPnZrfN4LiWDirGGn/rPM7quHvh/6ADIpelZxNsFCwZkzhJQ/vev3i6f3MyFdXv5KdKx/A2f1C_2FDI5LPXfRokZSu9/7QYOjkHemIZH_/0A_0DDlL/bvDu7Rx57TdoJgyeOgB6Url/POVqhO1Zsp/sshIHLUj3l5ix8gKn/Of104O2m/r34fxsY
http://cdn.arsis.at/api1/iah2mJ4F5u/_2B2IbVmZrTv6grTx/1cQ13NGS4e3Z/6Ie0iVZIj0t/kiCkfW8jpB7XLA/4r6o0TF2mxvsB1eImMmZ3/X4ZpN6VCODAVXNqJ/D9QMVw_2Fk0DnUk/CJ918179vbem8M0zww/UUo_2F7B6/KqFjXyw5kAZJp8eeHjJk/1A8P0WEdxnzkDkk6FEO/Fo38cxLwyradRJxnsmL_2F/X54sF7g8Q_2F0/acvqBqCR/gVFuW31Ua_2FJ_2B1az2Zy1/truaB_2BUz/_2FGIZV2oJjd_0A_0/DeQIQPua7gbH/OegtaPD8WpJ/mFgI1Aa4IbqXR6/r4OaoaTXeoXqwgLgA2O_2/Bd2Ert1gXtr/QV
http://cdn.arsis.at/api1/t_2BHbPI/W5OUuE1Bwm35gAtk8Cv8vFB/4opZi7v6S0/KKfcMpwhsERcbs4jj/l_2Bqzq_2Bk6/la1pJxRCSOF/4fcyjru9yEUXji/LXBDXcELFADwjHXLbdGLt/uWhSBH0bQGgMfrnF/lxyi2ni7JlTUU9b/3vJjiT3JopJoDj4VIx/HzDRFTy8f/kS0AOuarmAlTXzXM1ZGL/v7k5Ogq0QrVvo1vNiau/62LGb4UQQ37QOHgn4PSQBg/S9ujZ5tQmH7AJ/lLq7bGgs/hW_0A_0D2HIsUZfK8r_2FZC/LGwS_2FnXG/zrmrqhSn7GwR7J2cv/v3bXM50H5Ix_/2Bw3siKGR0hqKK5xngS/D
http://cdn.arsis.at/api1/tqh_2BjjNtEGgOGLHmtTX/9EDQqB4m3MwabsYX/kRTxNY_2FfH2ZdY/XClLGDNo7FNAUn0eVe/RUuJCos7G/k8zeRmRJeaduNNMs8PiL/xGdr402aTbj_2FK4IrU/cYu9VwlOUYA_2BFTs2n4L7/tYiiJRqpzdPML/DNx88Xy_/2ByMdC_2Bou1krS88jxve1A/WpwWWjFZFn/EoN0KUrGEdWTaSiin/f6eCUlkJ6_2B/ePU2BeNkv_2/FgH5PWbhNZw8YN/nlr7jYwnoGMZ_2By7W6nz/y_0A_0DcD7s6zZLj/flqPXboeDJxDpvz/YrlEb_2Bkq_2F4RaxL/0xsTIe_2B/FQKkKP1hb4ZGMx8r1p7_/2FT5n
http://cdn.arsis.at/api1/5sD1gwrRwTuXn_2FYofo2/8rEHFyE7HYIgxmGK/yYE9EHPJqQ4f1Hm/XhLeLlWuZeQFaDTgtT/AyzIpc8PG/6lwAHMZw2bjbdnznldEg/LnGIPMcWUpnDnqs0RSf/oRe1ME2vRkwN1e2xvlaad5/HxN1X4FRYHOu9/TPVBfOs8/O7mm1KG_2Fokpcsf2CVk78k/2rnE5DTLxx/02_2Bud6ENX9SY1tt/zIfAcdxUhNWW/iouxa7n1yUu/BxtoMdMBStEK9w/wC00ffDIrB_0A_0D0chp_/2FUiTl1fbw5iVN3B/YgUMOuxl3eWJlpD/pPAfrLGqYNSrcuUCfj/V9sWVUvFP/vSF52QH
http://www.nytimes.com/
https://iplogger.org/1bD467
http://cps.letsencrypt.org0
https://iplogger.org/1bP467pace
http://ocsp.int-x3.letsencrypt.org0/
https://iplogger.org/
http://www.amazon.com/
https://iplogger.org/3P:
http://www.twitter.com/
https://iplogger.org/1bP467.
https://iplogger.org/1bP467
http://cert.int-x3.letsencrypt.org/0
http://www.youtube.com/
http://www.wikipedia.com/
http://www.live.com/
http://www.reddit.com/
http://cps.root-x1.letsencrypt.org0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\afterbirth.rs
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\conspiratorial.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\adobe.url
MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\contraption.ps
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\ingest.xcf
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\marrowbone.mpg
ASCII text, with very long lines, with no line terminators
#