flash

BV10013 (Rev A).exe

Status: finished
Submission Time: 31.07.2020 09:11:42
Malicious
Trojan
Evader
GuLoader

Comments

Tags

  • AveMariaRAT
  • RAT
  • scr

Details

  • Analysis ID:
    254593
  • API (Web) ID:
    404707
  • Analysis Started:
    31.07.2020 10:01:38
  • Analysis Finished:
    31.07.2020 10:11:58
  • MD5:
    11d648a9d7958bef6921898e130f483d
  • SHA1:
    c5541a30011d42999fdc795f59d7f985c21b40e9
  • SHA256:
    eb5b36b887116b5aa12cb5609d9d2e132829e325b2c3e16133299696460a0e92
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
64/100

Domains

Name IP Detection
seedwellresources.xyz
0.0.0.0

URLs

Name Detection
http://seedwellresources.xyz/oke2_EHusZY26.bina
http://seedwellresources.xyz/oke2_EHusZY26.binb
http://seedwellresources.xyz/oke2_EHusZY26.bin-
Click to see the 5 hidden entries
http://seedwellresources.xyz/oke2_EHusZY26.binn
http://seedwellresources.xyz/oke2_EHusZY26.bin;
http://seedwellresources.xyz/oke2_EHusZY26.binT&
http://seedwellresources.xyz/oke2_EHusZY26.binG
http://seedwellresources.xyz/oke2_EHusZY26.bin

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\subfolder1\fil.scr
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\subfolder1\fil.vbs
ASCII text, with CRLF line terminators
#