flash

payment receipt#4635.exe

Status: finished
Submission Time: 16.10.2020 12:43:37
Malicious
Trojan
Evader
Remcos GuLoader

Comments

Tags

  • scr

Details

  • Analysis ID:
    299169
  • API (Web) ID:
    493426
  • Analysis Started:
    16.10.2020 13:12:50
  • Analysis Finished:
    16.10.2020 13:20:56
  • MD5:
    2b6936345d7c15ee613fb73328759f62
  • SHA1:
    58858cc9b061900468e0aa63f2d1db5192374fa4
  • SHA256:
    e0d73a9ec5eae9ad50f9c82237810cabb2717e0e48351ca30e56043acc1264e1
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
90/100

malicious

IPs

IP Country Detection
198.54.116.78
United States

Domains

Name IP Detection
mscni.org
198.54.116.78

URLs

Name Detection
https://mscni.org/cos_SfvxT237.bin
http://ocrp.u
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Click to see the 4 hidden entries
https://mscni.org/-
https://sectigo.com/CPS0
http://ocsp.sectigo.com0#
https://mscni.org/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\Frist\cos.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Frist\cos.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\install.vbs
data
#