flash

rJrqK2EyAU.exe

Status: finished
Submission Time: 24.08.2020 12:29:11
Malicious
E-Banking Trojan
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    276067
  • API (Web) ID:
    447482
  • Analysis Started:
    24.08.2020 12:29:11
  • Analysis Finished:
    24.08.2020 12:35:08
  • MD5:
    074cec853c53b01f11bd8570be6529aa
  • SHA1:
    b31a1e0c8db95e865d44620fca6f52227772edcc
  • SHA256:
    87c04cc74ea6e8958bcbc6319f7c1f8293d63ce4a2e34a3c99ba296e55fd0ff4
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
45/70

malicious
37/48

malicious

IPs

IP Country Detection
109.248.11.134
Russian Federation
95.181.178.238
Russian Federation

Domains

Name IP Detection
gstat.rayzacastillo.com
109.248.11.134
pop5.yahoo.com
0.0.0.0

URLs

Name Detection
http://pop5.yahoo.com/images/Xtu4P_2BvPSZMO_/2Bk_2BJOlqskUQl91y/gVrIa8b58/rACspmhW20Q6tvYG5wnY/Y00fx
http://www.wikipedia.com/
http://www.amazon.com/
Click to see the 6 hidden entries
http://www.nytimes.com/
http://www.live.com/
http://www.reddit.com/
http://www.twitter.com/
http://pop5.yahoo.com/images/G8UoRVhlU1VEe9h_2/FpVCC0iiiBjG/m7u6W8xvO1P/Hk43jwdx_2Bk9M/OPhULEljrC6P_
http://www.youtube.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4232EE3B-E640-11EA-90E5-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5BB532E8-E640-11EA-90E5-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6927F3BC-E640-11EA-90E5-ECF4BBEA1588}.dat
Microsoft Word Document
#
Click to see the 30 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4232EE3D-E640-11EA-90E5-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5BB532EA-E640-11EA-90E5-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6927F3BE-E640-11EA-90E5-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF63FDFDD3C330329F.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFACF4EC25AC120E62.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFB0DD79F0581A8153.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFBE15E01BCA194AC8.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFC7B8F7EAFFCB81EB.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFFCD6C06F97479199.TMP
data
#