flash

0oV5opFE4RCv.vbs

Status: finished
Submission Time: 09.09.2020 16:06:08
Malicious
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    283387
  • API (Web) ID:
    461956
  • Analysis Started:
    09.09.2020 16:06:09
  • Analysis Finished:
    09.09.2020 16:12:00
  • MD5:
    6398c206cfa397d1cac4a11692cc36a7
  • SHA1:
    b048cdeed7996f785709fa17403e3ffc026bd537
  • SHA256:
    dc4bf01e50d9506c3db81adb96050831647d50650a5349cefbf9eb651381f5c4
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
96/100

malicious
7/67

malicious
8/48

malicious

IPs

IP Country Detection
80.249.146.185
Russian Federation

Domains

Name IP Detection
api10.laptok.at
80.249.146.185

URLs

Name Detection
http://www.wikipedia.com/
http://www.amazon.com/
http://www.nytimes.com/
Click to see the 6 hidden entries
http://www.live.com/
http://api10.laptok.at/api1/_2BEA710c1_2Bh/T2r6BJUJQaWNLC0gufW8M/YXMXh7wy00YQ3XQN/roi2nG7DMn6F_2F/FHcK767s_2F6csKKZK/vNu_2B8Lo/_2BPDHqlOM5jKs6AmQPI/IhEdup0oMjwDY9EhZgF/d6WrafOV7lUIf2xBs5bUae/EokL8M9Sa2_2F/WXjyd_2B/nprRIOoFTuo_2F8yRcgc9mV/Pn1cx92RVq/AOEXsVZ5jdrADthNF/PULhKiT1Fpst/J0Y9Sf_2BhN/PzynmT2w5CX4i_/2FdD0HYdgp_2Fa_0A_0DB/_2BZF563CbVTBSBv/KfVhp_2Fq2J_2Bj/noL7CjwCKkJ_2FirYZ/dQrvsLWIs/s8GVCIbfqnlg3cg/wm
http://www.reddit.com/
http://www.twitter.com/
http://www.youtube.com/
http://api10.laptok.at/api1/7k_2B8mbUiH51kFBwdUVd/Zd7a_2Bd_2Fa8B1t/W2qeoE0fiseq8yM/4C_2BbcVuknr4yOUVH/llcIl59j9/C_2FCa_2FhZE5ibrDyyF/_2F7EJtliCRiiG1RqNa/Dou4T0ee1p0NkVbHpISSil/TEImXGOJwrhwK/kmClxim1/nFu9dL9oMJNFcU97eAXH9fs/kGbVWmL1Yj/6ropP4k67E8w7w9nT/d2F8bA6YDYCf/_2Bm9WMAR4E/vOjGFJ80eaxwHV/9xgVg6G4XF3VoKfnqtTJ_/0A_0DZHP6Gs0hjAA/vRspXcsorp9s73Y/ViZ7TDS2Sy2FkTJXf/mbHT

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\corolla.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\duke.dxf
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 17 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\Lawson.egg
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\Macon.vob
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\Yoder.it
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\adobe.url
MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\ergodic.whl
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\godmother.apk
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\vitriolic.cab
ASCII text, with no line terminators
#