flash

BV10013 (Rev A).exe

Status: finished
Submission Time: 30.07.2020 09:17:13
Malicious
Phishing
Trojan
Spyware
Evader
AveMaria GuLoader

Comments

Tags

  • AveMariaRAT
  • scr

Details

  • Analysis ID:
    253854
  • API (Web) ID:
    403250
  • Analysis Started:
    30.07.2020 09:26:49
  • Analysis Finished:
    30.07.2020 09:39:22
  • MD5:
    5ba833ae0b992d08486739f4dc0065dd
  • SHA1:
    3ee633de3f2b4445383efd7b7bb0d3d943b11904
  • SHA256:
    0b9431b196547553849eebdb7a4a6cb57fc6d7d9af2c61c1abfffbf83e337984
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

IPs

IP Country Detection
68.65.123.182
United States
216.170.119.24
United States

Domains

Name IP Detection
asf-ris-prod-neurope.northeurope.cloudapp.azure.com
168.63.67.155
seedwellresources.xyz
68.65.123.182
g.msn.com
0.0.0.0

URLs

Name Detection
http://stascorp.comDVarFileInfo$
http://seedwellresources.xyz/oke_qrerqI1.bin
https://github.com/syohex/java-simple-mine-sweeperC:

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\subfolder1\fipic.scr
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\subfolder1\fipic.vbs
ASCII text, with CRLF line terminators
#
C:\Program Files\Microsoft DN1\rdpwrap.ini
ASCII text, with CRLF line terminators
#
Click to see the 1 hidden entries
C:\Program Files\Microsoft DN1\sqlmap.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#