view_attach_72559.vbs

Status: finished

Submission Time: 2020-12-16 20:40:05 +01:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
331433
API (Web) ID:
564683
Analysis Started:

2020-12-16 20:40:06 +01:00
Analysis Finished:

2020-12-16 20:55:42 +01:00
MD5:
29933320f02dfc13999ff70cd960a291
SHA1:
29db771aef8cfe3231e5f1b077bf49c096777043
SHA256:
7c4f0d072bdbf9aaba20f96173a9274376d589a171ff96d4bfbb56427ea17f7c
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 84	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
46.173.218.93	Russian Federation
88.99.66.31	Germany

Domains

Name	IP	Detection
iplogger.org	88.99.66.31
golang.feel500.at	46.173.218.93

URLs

Name	Detection
https://iplogger.org/18j267
http://www.twitter.com/
http://www.reddit.com/
Click to see the 17 hidden entries
http://golang.feel500.at/api1/DIwBQ8Rv7j7xfqFjg4_2BA9/g0fzfaOWqj/Y_2BPGiAPfzGcs2Be/I_2BUuYEc0ea/KBkab56Bm_2/FWmqnzUOX9_2B0/YbRWfB6IMq7TSr21K5FNM/xWmFuq_2FeEONGMO/1ZuPh_2FNFAeM3T/FM11WlspOeJ_2FqYpl/U_2F6jwXu/YXiyreYoS1UAkST_2FVa/JT_2Fx9W7QvoG6HJsdC/ExFIoNdpiPpyKG7cmJGp40/huNnlqBJ9uVVH/QyyRFE1b/30os8htaDb_2FAitT_2BOsm/SKMxwp3_0A/_0DyvsrFrDpoMB3eg/_2BPhnWhGFuU/FPA93GCv8Zd/FBoszW1uVg1_2B/gtKiRyRf4RAjLF4_2F0P1/_2FR
http://www.live.com/
http://crl.com
http://golang.feel500.at/favicon.ico
http://www.amazon.com/
https://iplogger.org/
http://www.wikipedia.com/
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
http://golang.feel500.at/api1/DIwBQ8Rv7j7xfqFjg4_2BA9/g0fzfaOWqj/Y_2BPGiAPfzGcs2Be/I_2BUuYEc0ea/KBka
https://iplogger.org/18j267Nums
http://www.youtube.com/
https://iplogger.org/1D5y47
http://crl.com9
http://schemas.xmlsoap.org/ws/2004/09/policy
http://ocsp.sectigo.com0
https://sectigo.com/CPS0
http://www.nytimes.com/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\Oxnard.rb	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\prestige.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\preferential.qt	ASCII text, with no line terminators	#
Click to see the 49 hidden entries
C:\Users\user\AppData\Local\Temp\diopter.java	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\doorman.xcodeproj	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\elfin.msi	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\failsoft.css	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\fallout.tbz2	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\guise.ar	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\halvah.scss	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\hitch.rst	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\hour834.flv	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\legion.dxf	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\manufacture.jpeg	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\nowhere.avchd	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\delicacy.ra	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\programmed.3gp	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\rectifier.xcodeproj	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\rustic.tbz2	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\shimmy.py	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\signify.tif	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\switchblade.exe	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\taro.mov	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\triode.sh	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\wildfire.md	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\~DF86F75BB46A075095.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFCE3CEB3DA92FCDD0.TMP	data	#
C:\Users\user\AppData\Local\Temp\Dorchester.asf	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CFFA0380-3FD6-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Chester.ape	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\Cicero.rm	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CFFA037E-3FD6-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Macon.gif	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\Martian.apk	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\Schneider.mp2	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\adobe.url	MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\arisen.mp2	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\barbarous.otf	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\bard.msi	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\bitt.rmvb	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\cloak.mp2	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\curium.m4	ASCII text, with no line terminators	#

view_attach_72559.vbs

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

view_attach_72559.vbs Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

view_attach_72559.vbs