presentation#_48406.vbs

Status: finished

Submission Time: 2020-07-02 20:04:56 +02:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
243020
API (Web) ID:
381747
Analysis Started:

2020-07-02 20:06:22 +02:00
Analysis Finished:

2020-07-02 20:21:46 +02:00
MD5:
a09461500e3d77aa3f6175248815b335
SHA1:
391b8f95efb61cc30d8dba2de86bb3a35392bab2
SHA256:
73c64df0615bc7f161508da9cb8517415e72fd200688c3df79d494f73970e130
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 11/59

IPs

IP	Country	Detection
88.99.66.31	Germany
8.210.127.177	Singapore

Domains

Name	IP	Detection
cdn.arsis.at	8.210.127.177
2no.co	88.99.66.31

URLs

Name	Detection
http://cdn.arsis.at/api1/YMrsrcrqFe1tpu/ktSOv5XSgsJpRSaXXOj1n/_2BrL8LncJS6Ow6k/nwO2PxxInjEwnep/szRo44iQSmaiZVFqKD/97qoNesp8/FI2rzoMWsnUBZsYJDMcc/pIIGJ4javYEwhLnaIuv/FneJtxudaeEH0L18xWd1UK/7fbAH7F_2Brqi/f4W1X00_/2BeGPqQn2XjEVEb4g3I16lL/pUqturs1XD/rIsD5MF_2BWe3BBXi/NE_2BM_2BBkU/ntPtDv1Q9ck/LNXtmn0r81Rd_2/Blto_0A_0DdZsVp6RK4pV/exEhpQKkyDecrUsz/3oWVlsoZBkjmSGf/xJvq56Xa5Kq3Sujlso/4fkIontO
http://cdn.arsis.at/api1/JPrForAFQsVg/ivLtS5s5R63/B49cdisfkZBKNg/vWgxCL49E0clSNasngMLU/PEbnE5ZT2LkNfOF5/Y1Ih4keR_2Fr0So/saCFWsRWtNHANNqr_2/Bx9yUusEM/yIBudTVfIojex2BhfdO2/_2BQGh3swLSDM06zQvc/KjGWlpBF3AcejjKqPfE49P/oBDhTo_2BtaWb/sWb1rmlx/0uNHteu_2FN9H8PByYBrThH/zVl5J7QxlS/hp1BjkUVcX7zzmb0z/TIFz_2FQ3HU1/MpCd_0A_0DA/YifAKlF2Ar_2FQ/vsvndhAwhq2W5W8ucHbQE/W0bFiRjOVU2VlHpz/JUeUjSzHSezJJdk/I5r
http://cdn.arsis.at/api1/Ok7n_2BblXNm8DRtx/cCxywK56f3TR/MWHvw9mIkeM/RotRH51jR2nZtS/Kc0PVSgU2YB8kLbD_
Click to see the 44 hidden entries
http://cdn.arsis.at/api1/jq1PNJNI9qdrnHAqL1H_2/B1rSwDGTEcJOAfu9/Y_2FE3feORpiBZr/aATX_2BIUYtiYOSDDl/_2FFOh8iE/c4NLiknzW70vhXi9z_2B/bKtNSNqbvBOCjtRFBwK/DhyGIPTsudimnK3sEFj0dG/uF_2FLRutcHkF/dg1dyOl8/l5_2BHKOhPD3rWBp0EqrvPf/dZM_2BOaZs/HT2nCBY5XcN2qzQ7g/mo6SoPgqhqR7/sBBb1GHbzG0/7w0E3cWJ2FO0LF/spBSQGp_2BRxz8GF_2Fac/0wv_0A_0DmKObXsj/ehew12X3QzNLBhS/yLDbEnXk_2BvCa4C5g/dn2jVGROk/Ir2qycMyn/4CmK23gZ57Q/z
http://cdn.arsis.at/api1/YMrsrcrqFe1tpu/ktSOv5XSgsJpRSaXXOj1n/_2BrL8LncJS6Ow6k/nwO2PxxInjEwnep/szRo4
http://cdn.arsis.at/api1/2oXKYsZnMZ50MC5cPQsxgp/_2F_2BCHol6pg/jr1DLYo6/_2FKJg1r8JeIavREQg4PYvv/Ss0XWmBZz8/55aHgvkCg8LEZUAOz/VZNG5rw382Ta/BxH9uKJjSLb/jM8FA45pVkHukv/aDFSwSMHdFE9LShaBp2yo/d0KK5EZktXF6wV_2/Feryjj3S1zTcwqn/DUzHLDVawec5kr_2Bv/7nKoMeiH_/2BLrbRfJHFyb74NPl_2F/WOvlnVQNnwCw_2F6FGp/asbEIsa0KpclSyHfACB9_0/A_0DWoRVwr4WO/5Ix5dDcS/_2F73xwIteakhoOgQ2MhcdA/F7lM_2BV3o/YDCOEmzasilc7NFvrgmqG/H
http://cdn.arsis.at/api1/Ok7n_2BblXNm8DRtx/cCxywK56f3TR/MWHvw9mIkeM/RotRH51jR2nZtS/Kc0PVSgU2YB8kLbD_2BK0/QQ5np52xVCgFxeGK/YqriLFo6Ie5DIMI/XWZvIvl0DQFVGccDVk/BuIvvz0dK/P6qYbdVTTeU5hx8jQeEN/Rp_2FEBrwIb9ZLJuMA6/GvgGMSULD_2B3Tz67YzSAm/tu5LPoyH8dMzZ/rK4jb8g8/fj4bi19z4Z4msHIO7iCEdSk/UJ4OzjY47u/wNuQeiDWLjas_0A_0/DsAq7v8Cu155/X_2BeMAUeKP/t9PoaJu4bTw_2F/pSo8Dw3NYRuy0RX_2FzxD/PEmC8RGppnFXQVZ/pv
https://2no.co/1vXQd7O.
http://cdn.arsis.at/2
http://cdn.arsis.at/api1/BiWAGUTNn3cZMJsjMWcKA/wv49qm2dK6Y_2Fb1/CC7mzNerAti_2FP/VP11_2B4yEo6yWq8Vz/RJk7qrnGj/huNlRf9r_2BinEd8N_2F/nbmKn_2Bkm_2BOBPO4b/ES34BYHjBUruIKK_2FMDEK/M1SPiJ_2F8_2F/Db6S3_2F/PSvaE0_2FLV2KlUIoG6INzJ/sbQQzhH8kO/qe54ITgKlszLT56Bj/EQl7HU9OiheW/s7tZFGGw_2F/_2B9MmvyfJTbPt/tUCIqwVKMmBT0sxUHDfHJ/ynvdGuNpUGU_0A_0/DrnWzMYlhDMTY8z/_2B_2FVeYCVlVynXhh/2ZWAf1v74/fbgUrD5twLloiTv3_2Fh/VRsWERve/fZjU6
http://cdn.arsis.at/Da
http://cdn.arsis.at/api1/XQlrWnzRIes0yQX6DQ69Ch/f0oSw9SjeN_2F/84Zcoc5W/y7m_2BsEB0VVoRtB85T1Kpu/j3vs3
http://cdn.arsis.at/api1/I7Bivf2I/idTQrY2wy3jr6I_2FbOtren/HjKRaUkOkV/WpLztbAx2GsWjCrPY/hgOq_2FW2R3w/fMlEZi_2FIe/I1S8_2Bpg5nj_2/FRwfdHQNvJHgMTRuhAtaA/zc_2Bwlb_2B_2Bc7/3e8amHfWtV5NVaI/_2BKkX_2BdhVaOom1N/dBnS64ocy/EarlySoDWnKaqVjrBuEt/AMugejQ8wFxW0yTshzK/phegWb1ysjSih_2FgC7GoV/Fxe8Ahh10HYgB/_2F1LYAW/mcMrH_2FdjwkQkgFlYdhBK_/0A_0D_2B1K/wJwJc1TFsJi5UoXx9/iJigRu_2FRnR/zLFHybwB0AI/blnYUA7seIrUCb/1ltx3Lmgp6/BL3
http://cdn.arsis.at/;
http://cdn.arsis.at/6b
http://cdn.arsis.at/api1/z_2F8d_2FPyyI2wnkE5/5MD2nQCjcxngmTA07vWbdj/Ax31MOfokOXCm/_2FMMZGQ/wHKWSRf38
https://2no.co/
http://cdn.arsis.at/D-
http://cdn.arsis.at/6Dx
http://cdn.arsis.at/D
http://cdn.arsis.at/c1
http://cdn.arsis.at/api1/XQlrWnzRIes0yQX6DQ69Ch/f0oSw9SjeN_2F/84Zcoc5W/y7m_2BsEB0VVoRtB85T1Kpu/j3vs3NDwD2/IKdX_2FbgMN0tFi3y/BPXl447vXlUl/COxtMrByuFM/zmCSOTe5cd9txw/OUDZZSQhDpBAoNmu_2B_2/FpMCVgirvBoXn8ZI/O1q39cPZKuflqn9/MLCuJp9DH_2FFezrGw/_2BWaojr3/iQjC7a94OwsrEIKJaxQj/5I1qcOihS2cOAygpTrq/Ib5848gD_2F34dvru3jc_0/A_0DOjtOujvaK/8FXNELop/KBNLMKfz6A8rQ0quKdOt9C9/3h98sliwB3/pwLtxkzum/fLKsQr_2/F3S
http://cdn.arsis.at/api1/5kRD0EB51bNYsKB47/vJ43ixOyCsp2/BZc_2FpFx0L/7EG1mTKik4Kn2G/aQhrCD1Hkx5tZ9O7OQQ5g/RcogvmPd_2FUZ4gF/rz_2BzhoaggzwUs/nElJltnvqmDiILR_2F/vaWGCZnZA/VmvTDaBn3phY4rtTRRyq/HwzuT_2F0shyumGUWXV/cNCNOe9L_2BlyktTvjAf6f/CHs5EJm0x550G/drOiwHa2/nBnCbmx_2Fay8prnABGIJda/DogZhmpgRc/K41eVldBvjFRHyS8g/x_0A_0DoGunS/JF7LS_2BY_2/B_2BxNuOkZwj06/NESFN5CPtzYps_2BeIpEN/43JhG_2BYb7d_2BG/UlO7LJiCz9H/i2
http://cdn.arsis.at/api1/CiLIoIZUI/WKcwiC_2FjUXuvD1ThUE/1vsD7oXhNGv69zSXCLV/rupps7frj5lovMgQjpP1rt/d
http://cdn.arsis.at/api1/j1x_2B8pf7HJ/MCIrSz4mHoR/mIDfmRLQJrnZZO/opq_2Fr4wwKjba3uLS5h9/gnCobdpKo_2FD53M/no59NeH3TjwtO_2/FvxQFzUBcokg_2FVgq/p9fJgClG7/NNfkLZ35oWOT_2FsWBNE/7qT1wY_2FqAC1kh9vbD/e6I_2BHx9bCWKCfJQBrbyp/gexTDOYhUKYaU/xoVrfQXl/kX1zJhcsDBm8jX_2BjVzzmz/fx6Bg0nVTq/zJTyn1SjPGzn7_2Bi/lBSDUwVhNBZ8/rAxeDEGNFqc/i_0A_0D_2B4ywN/gkZ_2FBOrWWOqtRGkOWfx/1uKrWBI4/eqLfWMuLWXVJG/dV
http://cdn.arsis.at/api1/6gwCbZ8SaeNDFHjFvptkj/R0ssLKrXfeQBPR_2/FPOjX4nVR0R1Inw/5_2BPljv3YDuQM7ZWn/t
http://cdn.arsis.at/api1/6gwCbZ8SaeNDFHjFvptkj/R0ssLKrXfeQBPR_2/FPOjX4nVR0R1Inw/5_2BPljv3YDuQM7ZWn/ty4QS_2B5/ArEfdhGAOu1L_2BLwH_2/FSTA7t_2FRxjI5IbjQC/zH8ii3r4yrOUZ0GGi6EFjA/vk0BWhjAbqqgn/6AsvJf7W/_2B11IJzfc6W9ClJ0fZsNCW/Bozgh7c_2B/JwZIX1NRb9XRQbh1H/4UAnVTFwej9u/NFQsmCXc0Fs/Zev25opWORTUzc/eCR_2FQkQ9R_2BIsHty_2/Fl1LS_0A_0DSECjs/bmJ8veLndA_2Fd1/jSyFRYFv0sE5teZCuC/XJ7NflpUg/zBK98uRnhcPpoH/HR351FYl/k
https://2no.co/1vXQd7
http://cdn.arsis.at/api1/YoxOYV9x108_2F/Vc_2F7MbnDadwBLuXFLgM/N42Eu_2Fh7HZi2st/VMKYuE2giDBGqFx/vGyz6
http://cdn.arsis.at/api1/BiWAGUTNn3cZMJsjMWcKA/wv49qm2dK6Y_2Fb1/CC7mzNerAti_2FP/VP11_2B4yEo6yWq8Vz/R
http://cdn.arsis.at/api1/bWjiAlMhMtqIzEzht/fzpDxS7qeWLg/IhxBwvseD1y/8J_2B3Y9CzMAUq/SDBisHJ7E0_2FZ64H
http://cdn.arsis.at/api1/j1x_2B8pf7HJ/MCIrSz4mHoR/mIDfmRLQJrnZZO/opq_2Fr4wwKjba3uLS5h9/gnCobdpKo_2FD
http://cdn.arsis.at/api1/YoxOYV9x108_2F/Vc_2F7MbnDadwBLuXFLgM/N42Eu_2Fh7HZi2st/VMKYuE2giDBGqFx/vGyz6_2FXzwU0isviT/wUj_2Fehh/cDbX_2BUmxa9btxwZkvF/jDa_2FQMTrzZ1rIAlOs/0cJk1q2H6pzXdOazlbryQH/VLWA0nPUEwWQ7/JVoZCo_2/Fix7cQXBDM4ULYB7T9DQhad/xEZ26Jreqv/cuqWwuINCrjhO_2FR/0UhtHWFv1bGq/_2B_2Fkzbhw/ymYBkOl13RW44l/MRW83ewu4po1_0A_0DDLN/lsLgZRNIHcwGCQ7L/qBpHH3bUuDmDz_2/FUfWqFpeVC5_/2FV2N
http://cdn.arsis.at/f2
https://2no.co/l
http://ocsp.int-x3.letsencrypt.org0/
http://www.nytimes.com/
http://www.reddit.com/
http://cps.root-x1.letsencrypt.org0
http://cps.letsencrypt.org0
http://www.live.com/
http://www.wikipedia.com/
http://www.youtube.com/
http://cert.int-x3.letsencrypt.org/0
http://www.amazon.com/
http://locatecaught.orgD
http://www.twitter.com/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\beget.iso	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\adobe.url	MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\buffalo.qt	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\improvise.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\tsarina.pages	ASCII text, with very long lines, with no line terminators	#

presentation#_48406.vbs

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

presentation#_48406.vbs Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

presentation#_48406.vbs