flash

C4iOuBBkd5lq-beware-malware.vbs

Status: finished
Submission Time: 16.09.2020 16:38:10
Malicious
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    286423
  • API (Web) ID:
    468012
  • Analysis Started:
    16.09.2020 16:38:11
  • Analysis Finished:
    16.09.2020 16:45:59
  • MD5:
    177109a1b199821bb5e7e75dab4a4816
  • SHA1:
    a7eebb7ea90b735636068a6496f4d831cd9d05ae
  • SHA256:
    7e217649f374af5e3c7dd00c6c41396275c02a40ba6ba1b80732c98d3a68046b
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
41/65

malicious
17/48

malicious

IPs

IP Country Detection
8.208.101.13
Singapore

Domains

Name IP Detection
api3.lepini.at
8.208.101.13
api10.laptok.at
8.208.101.13
chat.allager.at
0.0.0.0
Click to see the 1 hidden entries
resolver1.opendns.com
208.67.222.222

URLs

Name Detection
http://api3.lepini.at/api1/d3TovnAy/9yzkPnGMHzbDq5nI4sM_2BL/90_2Fp2MHh/8qBv3MTl4foGETPny/qVyKNNm34UWf/3ySvYDK9Zn9/ymo4BEnk2C_2Be/mb8Gx5zO9a70Ep0lm6Mwq/YzB3pFle4GyVR3JG/DDgz2zXbgJeFM1I/4xzQoRr2hCd_2FItFO/h2QpUIWW4/7bO4HSfWpECS6nojL_2F/tKTGOinZvg9MOnJ0yqU/_2FWlokqV4PcBti4vFe5aT/OIR07NQoOCpGK/fCNGsUb0/esFumMu_2F_0A_0DWuepKdY/bFhoHMkYZn/R8nAq_2FTFG6CpzAI/wI6C_2FkvS1W/_2BILbgH02l/TEmSzPe9MLth/N_2FL24
http://api3.lepini.at/api1/bOhETbls9Cbm810T9BL/JFZ7ba7OopbpG_2BgFoynz/PpB2bbI6HC_2B/mqYeIevj/Pq945C8nldDiIX0PtStBPck/tmQM18Vdd3/kcCRaQNINi7nKvXna/pa2aS_2FZAB2/rnqide01Uba/nnm3Aef2eKxd9O/HDShQRoqT4Dg0_2BVUxW6/8lxHfPiOSN4cZTMB/mJutC1jxzx85jIr/9aVKZL9BxtWqMVj6_2/FHH4HYmGA/wHPIs17kN5_2BrGZrasm/m5Fw3lhYgrkhVYIU_0A/_0Dn_2FUMbuGYNyFo4O1n6/da1OOD11c9YSi/0GadD0KVQhC_2B/a9mVy
http://api3.lepini.at/api1/rbLZ_2BAuXQSA0NwY6n/E7hf7pOAKeV3k0pHV54Rri/66d9hYA5Fi2Z3/1YLe50ii/tZqWseO_2BzByjJUi_2F8MT/G57L4IgD_2/Fwxm_2FKd6XuGnesI/I1KSpCZQsUav/s33Nvq7lLB3/udOedvCwhX_2Bc/YqBtd9HmfjMKtDL3DfB9A/xy89ZU7SoXxtuyjJ/0b3gJ9Y1FKqx6nl/_2F_2BeLhPNqdwtHYj/2Z_2Fu3wG/fIySXOMB4v4P8RulbZI2/E8g5vjRgf_2FW_2BLvL/5CwNV_2BM_0A_0DJez1Gwb/6kBKsVHSgTecI/Vwi1vtHU/SPCVqkQCaIRLAnq8/BBq
Click to see the 13 hidden entries
http://api10.laptok.at/api1/WMhAOgdsC/ls3I5_2FcC3uGftHJSiB/ULH5El1qVQ4koypMZxD/CrX9iQPyBLjNQTTEjEFTg
http://api10.laptok.at/api1/N86xKPLzvsx0gOChi/ij6daCIp98Uh/6DfnD29MZvv/4pYgVxBiZyneis/tr4j5sAiKWV2zR
http://api10.laptok.at/api1/dboFj7w25_2BWZ0X_2BJgD/QiMVUM5hal1_2/FSes8vzD/JrfpIq_2By2L5yLaVLA8F4V/V60fM1FTSf/24y6seTbIf_2B6KOi/VG8hsTe3SwJS/GZMpm5yX7Dg/uw9U_2BeUJL8_2/FGIl83cQctWuxlM25jJKe/PBpxkZAvVKxVJrJR/6Hk_2FNC0iaP_2F/RTTsThdRTp83VpZBRa/LtXkQIRdl/n63stKoAXwFla9WRVAm7/lgi_2B_2BxIn0K1AkSC/wSw51RP6Wi_2B3JissF5SA/Vt3n7g_0A_0Dj/C1gQFpNK/WUTmFnD_2BjmLQsa7PQce5d/4FdldNkBgY/Lz_2B6MIqxRhhdxEi/_2FERAA8uVC4A/0Y
http://api10.laptok.at/favicon.ico
http://api10.laptok.at/api1/WMhAOgdsC/ls3I5_2FcC3uGftHJSiB/ULH5El1qVQ4koypMZxD/CrX9iQPyBLjNQTTEjEFTgN/JOnHuDYxmexja/obQrXRFj/PNdYL4WIISo23ew2WX249vK/9bF38n6THX/_2Bhjq0NLtwycE9La/MWMD0XbJlI7b/WsyPQJ2uKdH/mRqHudgLDaQAkP/JX9b2WtO_2FmLU0wmRwij/yCMg7OLy6afqHUQ2/RS3XkfCLXw2iNUp/dIP3rk8GnbIHxvmUSG/LB4Ds0nit/P_0A_0DYy9MIB3tC6kya/jjnqij_2BHGn468lVJo/pxNjtdphsrbinS6rXlJE1k/e1TkMwYWgyLzy/GeS
http://api10.laptok.at/api1/dboFj7w25_2BWZ0X_2BJgD/QiMVUM5hal1_2/FSes8vzD/JrfpIq_2By2L5yLaVLA8F4V/V6
http://www.nytimes.com/
http://www.youtube.com/
http://www.wikipedia.com/
http://www.amazon.com/
http://www.live.com/
http://www.reddit.com/
http://www.twitter.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Wendy.eps
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\alloy.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\sydkuydz\sydkuydz.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
Click to see the 34 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{07CDD653-F876-11EA-90E8-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ECF90455-F875-11EA-90E8-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{07CDD655-F876-11EA-90E8-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{07CDD657-F876-11EA-90E8-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ECF90457-F875-11EA-90E8-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\1[1].htm
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\GeS[1].htm
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\0Y[1].htm
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\Lagrangian.rtf
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3htznbdv.lb1.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y4kob53e.czd.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\adobe.url
MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\prune.m4a
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\similar.wps
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\sydkuydz\sydkuydz.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\sydkuydz\sydkuydz.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\synchronism.xm
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\~DF2D1ACFB465B7F413.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF55645EA874CFCA26.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF5B5F17AF776A2A73.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF7CC2AEF7F4A1FCA9.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFDED825B256F6882D.TMP
data
#
C:\Users\user\Documents\20200916\PowerShell_transcript.632922.SvVi47C3.20200916164057.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#