flash

bedrapes.exe

Status: finished
Submission Time: 14.07.2020 22:38:46
Malicious
Trojan
Evader
NetWire GuLoader

Comments

Tags

Details

  • Analysis ID:
    245494
  • API (Web) ID:
    386660
  • Analysis Started:
    14.07.2020 22:38:46
  • Analysis Finished:
    14.07.2020 22:44:49
  • MD5:
    0edc42611fb4661272cf5eab4b754bf6
  • SHA1:
    69d03aca2fe3bda7cc653578ddb19e863c7e59f6
  • SHA256:
    b9a87098dddc8de98d1ec0e5ffb4b57bb195df8af61e8a909860722815cf2d7a
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
13/73

malicious

IPs

IP Country Detection
154.118.68.3
Nigeria
54.179.179.37
United States
79.134.225.103
Switzerland

Domains

Name IP Detection
wealthybillionaire.ddns.net
154.118.68.3

URLs

Name Detection
http://54.179.179.37/WEALTH_ucPrzgGP165.bin
http://54.179.179.37/WEALTH_ucPrzgGP165.bin79.37
http://54.179.179.37/WEALTH_ucPrzgGP165.binA
Click to see the 1 hidden entries
https://wdcp.microsoft.

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\dhanush\kantaterne.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\dhanush\kantaterne.vbs
ASCII text, with CRLF line terminators
#