news#_20837.vbs

Status: finished

Submission Time: 2020-06-29 17:55:27 +02:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
242055
API (Web) ID:
379826
Analysis Started:

2020-06-29 17:56:35 +02:00
Analysis Finished:

2020-06-29 18:09:34 +02:00
MD5:
0eae2e553630b7893aca883afce4c359
SHA1:
d361bed5baf23bee3642ebe446bc1b3c34940e06
SHA256:
08f605fcab58e08fefdb8f890af1e4d7f48fd0e8d71f0c1f817139461573f99d
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 17/59

malicious

Score: 8/30

IPs

IP	Country	Detection
8.209.73.71	Singapore
88.99.66.31	Germany

Domains

Name	IP	Detection
cdn.arsis.at	8.209.73.71
2no.co	88.99.66.31

URLs

Name	Detection
http://cdn.arsis.at/api1/qFGx46nK06JJW0mhKs/DPfytRl2i/gW_2F5x1M_2BlLE5GFzf/sv4Y3QaUpn_2BnQyfXA/Sr_2FYBefu7KnaP7F5Hs_2/FJExt2_2FaQI1/jlHW8Oq8/7QFr9cOs8Lw_2BEZtymHmyv/PGOH2E_2FL/RLLzadyN0WdFlcnhe/UMxNdtoLmHJJ/nDLagDsdWsS/h_2B1BsiuHT59I/E_2FVtTwTpp71NAEtLSll/bwe8hcFz5MtcDF7w/OtRZbIKio0_2B2D/DV5a3QddHEwBrthVyt/06znrnO9_/0A_0Dg94Qk04f1hvJCXa/jrdHc1njwbNyUj6WQZW/TrdM_2Fr7BaHGk4q5xnrI3/kI2zwX9MG/AwHPL
http://cdn.arsis.at/api1/j0ltReMnRyS5VmAa/5WssfmnlFS_2BT2/_2F01xmjIXT3EmicUQ/qnVufHIvP/4UaVudNBKU2QHco64qVl/2BVE3Larj3u1d6S69Vg/_2B9bq_2FD_2BBRP59mnWP/APJQ_2B8HOkt_/2BU8koB2/sglMBxoVOi2otBa8akKcKit/Lk2zMG_2FI/jHLsQt8N1_2FQZIYJ/e7P0QUB4oZzY/Mjp7SbZ9qse/23kQx3zrEDCoRh/Y8Q_2FLbFk6QLTzfcR_2B/ktUsbwZMjKFu7ISy/rOykpgZuC3_0A_0/DMvRpzcB30_2FtGSKu/XtVCI83w6/pfiPuHmnb3YkU6Wc0X56/yRd
https://2no.co/1vXQd7%
Click to see the 29 hidden entries
http://cdn.arsis.at/api1/_2FzJQhB_2FH/xRgVj_2BQPi/D0bEfLnzN3W_2B/GqhA0_2BaNQy9oQHy1tFm/be5h64JtTF8c4GWv/BfRKOvcTD2SOqTL/UoDD77K6wD8_2FJ_2B/59LNBALvB/nkuolzmyRXf_2B40EUN2/Savb9NDqh7YxyMshlLV/jzItnvGnyMuVL2nIM4cMfP/hpNeLcFqQjklr/3VpsuvJ_/2Bu24u_2BG5EoLbnXIPRSHr/6SDaYuXcUb/zAD6VmZv8t5sfLnmX/rimhKA23_2FL/OaMkvYWlE4x/fyZ_0A_0Dpevcm/IitUJONECEwTjeL7Xksu4/qyehxtPwmGduTTV2/fwVDk6U_2Bo0g4q/15jA2PUfldB2/Y
http://cdn.arsis.at/api1/7WDQ1mPdZPSeGv/NoPQMbyd04gwVKs_2FT6g/TMSe_2BysPBFzX7y/3l_2B6JLvCzhQU7/QiuUP6VMmx9DXswc_2/BJNw6FByM/sL89ST3mq863ipbmUDmT/ewwyMIse1M29HCEOdtd/kji2d6lmBRWkdbfmYrxbf5/druJ6uaYGp_2F/l8S_2FQc/G5kdptrxNyPfzloM_2Fvoqj/4hLOxrqPQe/NsvFMCq4dExJLAJ8Z/gCjDrohN9KWa/K5qKEhwk29f/cCc7enepplLpdJ/5q7L_0A_0DA1hvzl6JwGs/tGzHV_2Bcn9gKbW8/3HqNfbeyQWnhJvO/h1M_2Bvq/A
http://cdn.arsis.at/api1/S4XkrXZyAbI23lheYT5E/eOrDi7K_2B79mKplu7j/xVxzFr3R2wHkB0OM3_2BtT/qWBkRX3vUKj2E/QKY_2Fl2/z50Mr6dESiVnPIQYFNZFOm8/Ixxq9CACuQ/kQgpX0a_2Fe9xi8DQ/qOn8n8G89M1D/62dgFiNtoNz/u8gLo3v08dpQTr/HV2HIc3gsB5wO1XsIMSit/T9CJPI5GN_2FYbaK/ymUzsgazDyKxEjG/m41F_2FsfO5cMnXj2c/SBwpdAmDQ/lQxQ0ajl8gXszAXj_0A_/0DJFNFIavPxmwWgtOzY/MsF60LLwR2tiPfbD8DYvcC/3pUz8Jxa3O005/yERfcvmz/P5EgDSoy
http://cdn.arsis.at/api1/posPdC_2F/sMH8g1dj_2BSb1KIZiYW/snH7EMBSqf_2Fp_2FAt/9QdOJXQpkEOO5yvtJhBoAR/rsXK_2FL436_2/BMrhBLhs/2zrWAVbgftZV9emekfYsg0o/uSb_2FM5IC/EJWy8pADI1GhqW2Qp/v9q8rd0jlYjT/d2pbXs0D5Dz/qCVW7l3voqb12d/4a82M_2BKKjyQMt5o6h_2/BQF29BcPh75hFzuu/dOmwkiONCRE9Cya/M_2BCG0Qrqai0i0zLO/uBepK4zi4/atGgaP4bfjWkNGb_0A_0/DI4xZwf3X3YmgIhhKvT/lBmgT4pXBc6Z94BwpMkaiB/d_2F3sJS5K9hy/ceQTQOS2Z/ewfzYtct
http://cdn.arsis.at/api1/aVEg2HCHzEHqpr/ByE_2FAMKgO_2B11uOugn/UMWSJNavfdJlKO3_/2BgOYiIHjj54UFL/KwXeMKSGkHhz3LO_2F/gzsKoz1hA/QbPK3YHju2cuFfGt3MSh/I_2FK4ZoMew4tE3FdVL/hgvnVCPvmGWcDrIQt9Ch8J/ZJT5cnpoKv2P4/GhCMZQlw/7zBNBW_2FAcZQh0OfH0yYAm/49o0Oz1OFl/8_2BBVo1_2FwE_2Ft/IWRXn1I0QONg/7ZLxaeDNvj2/huRwNinVn8VRJz/8UEy4FOL_0A_0DF6tEUMX/pZ8tmrwCke4K1ipo/Q4I5_2BWzsXccfb/PUn36qazK6QtPXViwT/oak8a9j4n/_2F5QGR
http://cdn.arsis.at/favicon.ico
http://cdn.arsis.at/api1/cYKXmOJy_2BT5nJ9fKI/TymeKxIkQ_2FcFsQeAlZhR/t5M7DFhbjPwIn/4knaHJkJ/7TehYX0ruyDtDbLTZ2exRNg/gpgDGYfNHJ/1yamejyCLc4eYSej1/_2BmQWAMWKCf/LdUG22eBlqX/sejZhRkIpuNOWm/Ql8xjz_2BrHRhpDArewu6/lM93hG8q_2F5KeuS/McWz4UAnHTvKHL4/yxB7PssVDna_2Fyyv6/cEgJEt2ic/xJKy_2BkOuiQioHVpUCd/TgskYTVdt5RW6oMKYE_/0A_0DK272YKDvyk6iXE1lM/JavF_2FbCR_2F/h4mdhoZm2NtiF/NyWD5fhz
http://cdn.arsis.at/api1/Bybm0_2F/Qd_2BRhoNplBP_2BWKhYjMq/adp8Mq0F0h/uhaJthOg7h4tITO8s/dKAzL_2FqwBy/ydy64rNZFbB/Iqp_2BsV_2FiIU/gs3ycflz146Pj1qdacUbw/gPTAwy260sEwGqLd/NjGzoxTPp6HWq7D/lbpiy_2BVdfUKqBYgp/yFeM8n_2B/HPdzjZO8UanD6S9vm7pf/QMqoFds16n0v8QFJBMG/9rmIIR1nJcSlpP_2Fs6yeF/yAgsKNucjIUxq/VLwz5pgd/TR6Qhvkxaed7pb_0A_0DDed/QnR3Fqkl5G/KLApVJELJs_2BiPTn/7RE5oLEGfm8C/cgp6cCF6OKE/TzarvAPjnenJALm/xN
https://2no.co/
http://cdn.arsis.at/api1/wF5octJLuVPn6zZQELpB1/FRAg2Zwb_2BKHWgD/Hv5nFUG11sYw6Rd/C2j_2BRpLT6N0FndZT/2qLy6V2OD/AEvYT0FrFWrZy6ST9Kg8/Muf28FiL10tiIBCxMTy/uIwVjmnLqoXeSM68yYs_2F/lwXkaYHiUvNPo/1CXGvwpV/UukzgBoNWvJnlhA8gE8CthD/1Uu4rsL3Hl/y9Ve0QfUk6LmDCgHr/b7x_2BaxFFzI/qjUz42Cb5zo/_2BNonop8t6Z3p/JcJQiN4uhghOhO_0A_0DY/AzYQ8S5V0lQc6rXl/Md6ncezGSKXJPTA/s2EsUqO_2FUta8sdWd/Uf8Y2Eckae2aZAaEu/cKa
http://cdn.arsis.at/api1/9cVJoSwR/vujmWLnBLFkyLzp5TWCfB2Z/GN7Y4E0Sk1/2SUgeJOy_2BhxsdKm/agheQ4jQhzbB/bNcnvg66Q0q/pRnW_2Fy0cxLH7/VMp9BHkgBQT80IJbOIv7r/sOt1t4P7oyyJxG0Z/fQlYh4tc3u8wgpr/zmyHAi1iWfdF_2FSoV/6wyzyp52m/fpuNprCSZJQd5kM6WEYY/SYIJCLoxnnDzwFDcTVZ/WFyZ7gyrhMwQ5DKlXbo6o_/2B_2FXUT2Z7Eu/Gpv_2FIY/o2KW34KH_0A_0DKoQcw_2F_/2BRTo_2BtO/oam1KqGxDgHH93zoM/T8ag7KLy1S_2/F9h2eKgc4dX/HVg8olk3eU6/HdVl7X
http://cdn.arsis.at/api1/ue6IicSapInqZV/tO1RV_2BW_2BmIHrJHpzB/tDz0Ti4RHgmPeEFy/zEjK6uFIfammlwB/SsYH5yxws7kKlCa0I1/rIgoYlIR_/2F_2BC1C8RAIXVenOW4l/EebA0kPk9Gc_2BuCX6o/RlJyXAfnEwresa8uHIf8Xx/_2FgyOYnGbzs_/2FHRu_2F/LTtkCe9dkhOEXNqixi3ytwX/Zs_2BULPO7/ANdjxJ5ja70fOBu8Z/Sp69QenHFhuE/45HovPlIff3/OdNyXOd41GBq2Y/OZioqiD9_0A_0D01jobaj/wQJBPX_2F1x7MgOa/4G7miuvSpmKHRhi/NNK5DncoXo/g
https://2no.co/1vXQd7
http://cdn.arsis.at/api1/AwNcr753upN_2F1hN/vg0U5i6CA_2F/tOMSv95m7iu/NVlTtlvJ8KJLVH/rypEhAE7yW4fDZGOaF7iC/xRqPmAlW7vJLwNz2/2_2F0egK5jMCNp2/ePKHzNZu1FsdOOZULh/I3dGdzk4T/dZfbdsmy8YyE9acXug8N/B3_2FGLVldrexJV9lzn/iN5GeRFOlAt1dKYPfI6CGj/lkzi5N7A8bXhJ/EZ4gSCt1/iU_2BEXoy4YZQr33ik7PqBE/p1gqBfcxvu/zOkoxDxaBTv2jI_0A/_0DLSp6J000f/uEv5Vc2A2DH/C9bSkukMnMZNjw/kIEqoz6w347hi4U63SEu8/EKgMykXB1g/MR0
http://cdn.arsis.at/
http://cdn.arsis.at/api1/YdFkJhja_2FrTd/Z2Vq49C5yICXQsnjnnNSI/sQ6G3vwQzovIK2Sn/h4hHxejggwYWnaK/nfvq96emt9bZKDk_2F/l0b3i0vxj/EFGZ4FU9EelKb1bZvqvM/b11q4WOcrgUXmcaj1c5/aGHc5FCHO4owJawlVgDYKW/E9Jet7WcX7BXS/thiYTScv/Lr9jt94ZoL_2BGoi6WrjsAQ/P4lCgL_2Ff/E7IZfSCj_2Frk_2FP/dX9PXQyNfF5B/mtkmoMh1qmw/534ImfTvPvKstc/BZ_0A_0Dt0cK2b_2Bgkx0/R4F1CuuO5kWjeH_2/BGE2Bv1kl_2FAxy/miPVdqXMQaetvN8CKT/ikKfhAQUm/3ba
http://cdn.arsis.at/api1/UXJoyrcjlUjpyAs_/2B6T2eTvrrHNrGu/Fu5DpQdHZA7agJKbeZ/d19x4K_2B/KQNdZR1I7X2Xdqe3jXcG/Aaed8_2BLKpthtS0TM2/ZHVbJX4I4uYNLtrROC5Cu3/rLIw9qObfuFv7/aDReD3zE/aYgoqHZUj9gg6kixd640LgO/sNwMM5Ehva/LBhoeuN63JPKFUtBY/zGMsD9wSEj_2/FDl_2Bv33ts/r4LvNIv98a56Hx/DE8AwqMDzJ1fJqBAsWuSz/e_2FVGyMIhWAww1q/_0A_0D2Ahshblwz/bh_2F2bNxV7fUxLvM7/1X69w8pxioMkSnlZ97L2l/v
http://cdn.arsis.at/api1/c4uUSxwzpslrTmyQbKK_2/B2TI_2FjRV_2Bboj/Ka8mBNOlN9xQjZA/3T_2Fqz7M17YocG4aP/eH38dQkMb/2efRQYmzGsCS89gmviuE/17BX2_2BLqdjttRtAnU/i5JSxRskQDrEsAvppphRxf/z8KL6KJiDksFw/hLsiIGdi/jftJ_2Bx2jZUdF_2FbqaZ9_/2FLXDDpnVM/hqvCiJVP0JmBSVdZB/8XSazttcOyFQ/aOmYCsPbw4u/sapctvhAK7mQQO/2FOE6VBYv_2F_2FMksgSO/_2BMT_0A_0DN9XlO/JdsI3Bxa_2F4Bsn/Ix5uW5kauoFh13lNVy/HyZ839ROi/ijND_2FMi_2BIfDm_2Fh/UyoOvPmJ/Q
http://cps.root-x1.letsencrypt.org0
http://www.reddit.com/
http://www.live.com/
http://www.nytimes.com/
http://www.wikipedia.com/
http://www.youtube.com/
http://cert.int-x3.letsencrypt.org/0
http://www.twitter.com/
http://www.amazon.com/
http://ocsp.int-x3.letsencrypt.org0/
http://cps.letsencrypt.org0

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\swatch.c	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Ammerman.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Temp\sully.xml	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\choral.tex	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\adobe.url	MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Nakayama.mpe	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#

news#_20837.vbs

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

news#_20837.vbs Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

news#_20837.vbs