Register Login

sloganpng

top title background image

GnPS5qD6et8h.vbs

Status: finished

Submission Time: 2020-09-08 16:31:19 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Tags

Details

Analysis ID:
283043
API (Web) ID:
461278
Analysis Started:

2020-09-08 16:31:20 +02:00
Analysis Finished:

2020-09-08 16:37:45 +02:00
MD5:
5fba699119c2f87ba7236901f9e05dd3
SHA1:
2c439c95b867087d2f6f7d7b8678cce9af671071
SHA256:
14b3380105c6096dce3c4ead191c2ed2173fc472d02a869c09cbfa475476de7d
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 38/65

malicious

Score: 23/47

malicious

IPs

IP	Country	Detection
84.38.180.12	Russian Federation

Domains

Name	IP	Detection
api10.laptok.at	84.38.180.12

URLs

Name	Detection
http://www.wikipedia.com/
http://www.amazon.com/
http://www.nytimes.com/
Click to see the 8 hidden entries
http://www.live.com/
http://api10.laptok.at/api1/Lpu1ITYXXHm1_2B_2FbZwsX/XeqddyyTJe/PZTCDn9EnX43Byyo4/N2IlCzHBV8S1/bUhPMvppe3y/qpNOWKOXF_2FrD/5rPR1eKwmziGDYCUOZsTh/_2BEB_2BcwB3a1mH/BvhU12owic9vcc_/2FTiLKpcLartJLN4VS/BK_2B67wK/1vEEjN_2FZER4dmd7Irp/YQUo4SE8_2BcQNhhcEV/Jg38bn7xcPl2BJe1Gbh7bK/YM7R7J42nGfu5/YsNpMi7l/9wmWuduCMX43FFkFg5PaXI_/0A_0D9ELOi/G4G4fqAKEpEBerhvV/SxH2mo2Adk45/gVQFSvDcuEf/wQUhb07SJd25MLANb8hJM/QC
http://api10.laptok.at/api1/JBgTZQjP/Bjk9jJFlJReRI3l1ERcwKtv/Djm647cu_2/B1GnkDLlGg1sOmJWV/1sFYQQFq5tnu/UNKQAIj0i8B/TRjGj5YheVE3tz/091W8CaR3WOkJ63Yi4WzO/6BsHqAjzF599Lbbs/Q6drtGW2VUIcmNR/r5_2BrmFg5BOF8kW59/oQYYzo3l9/oF8N83xjOJRq0uLYQtM6/Hq1_2Fq3tvbTdo0mfpu/5Q1edUy9Sqp6oVnI0m8JfM/YG1Blv2ggAprN/O4FTcVh1/6O_0A_0DX8gavnKlwaf8dbA/ZElLBVqQia/UgRvcGilkZJ3_2FSr/Or7yvoYwoBaG/I9CyLc1rLFJ/J2f1G
http://www.reddit.com/
http://www.twitter.com/
http://api10.laptok.at/api1/kbI5HEcnGy5/Obrn9Ns9Xlc_2B/SFnqkOhApFzqLMoHMd04x/IJVrFxSBZ91yqJIo/prHWbKEgFW954dL/tH_2BRMNZezB3GOSa1/GMCLmKQ4i/Oyve6u6Pn2acBUU_2B5i/IP1Sll1FJZgild2DVPA/lw1AZNOvxeXttGajVThZR2/eSPIHUT3H3Bni/F6FqU_2B/6sPsN6LybJ_2FByQXfUbMNo/X_2F8mjuzd/33W4GBUFYNaoSjuB_/2BZmXZaiL2F1/TTZeMUrc8p3/Vw3bOvI_0A_0Dj/tnAVmDgOtjzKnM0H2ug5_/2BVQOS7L7Svyg782/klQSFzTXyU/z
http://www.youtube.com/
http://api10.laptok.at/api1/SxN14BgG/QdNur1IFqozQBTDjdkWdcHW/kHhGVOd2xn/gcTAgcmA6CQmxZMqW/Bwl6xrVJnU5v/_2BcZ2rRi8_/2FfDqgM8hXmjz5/MTaXdT2B0TN_2Br3dznA5/nA9mGU2qhqLxqzCz/FycET99IadarRvC/fqjs4nHhaxCI6gYagR/P_2F7g4SX/bjvu6ISg2ZhgCizkVJLO/jQuKPoDWvMssiF1LdhJ/0urjDxstgrYvBo_2BtjWy8/9EkLCr1mtIcNU/RiAedONO/KWXFQC_0A_0Dn9pVyCPrfpK/DTCD_2Bcgv/CcbR0W4ugH53j4Atz/wZQeUFP3irX_/2Fy3EcSEEGDcBwmmQq820/h

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\obscure.mov	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\bog.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Temp\pang.svg	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\oocyte.gpx	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\broaden.it	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\adobe.url	MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#