Click to jump to signature section
Source: Yara match | File source: ATT00053210.htm, type: SAMPLE |
Source: Yara match | File source: 27858.1.pages.csv, type: HTML |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic | Jump to behavior |
Source: Joe Sandbox View | IP Address: 104.18.11.207 104.18.11.207 |
Source: Joe Sandbox View | IP Address: 239.255.255.250 239.255.255.250 |
Source: unknown | DNS traffic detected: queries for: vde-et.online |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49754 |
Source: unknown | Network traffic detected: HTTP traffic on port 49758 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49786 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49761 |
Source: unknown | Network traffic detected: HTTP traffic on port 49786 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49761 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49754 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49758 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown | Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: global traffic | HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /1/3/?e=jlopez@hispasat.es HTTP/1.1Host: vde-et.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /1/3/main/ HTTP/1.1Host: vde-et.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ecii7iknfibsff25p30art55k3 |
Source: global traffic | HTTP traffic detected: GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-aliveOrigin: https://vde-et.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://vde-et.online/1/3/main/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vde-et.online/1/3/main/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-aliveOrigin: https://www.google.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcCaLAeAAAAAN5PIvMlMs5oPfhUj3ysjjq3oKIk&co=aHR0cHM6Ly92ZGUtZXQub25saW5lOjQ0Mw..&hl=en&v=2W_gRz39xX8G13fM-OdyQPlc&size=normal&cb=a95eoj491nmwAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: vde-et.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vde-et.online/1/3/main/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ecii7iknfibsff25p30art55k3 |
Source: global traffic | HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: Ruleset Data.0.dr | String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook) |
Source: Filtering Rules.0.dr, Ruleset Data.0.dr | String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook) |
Source: Filtering Rules.0.dr | String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook) |
Source: global traffic | HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Apr 2022 12:15:23 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1 |
Source: angular.js.0.dr | String found in binary or memory: http://angularjs.org |
Source: angular.js.0.dr | String found in binary or memory: http://errors.angularjs.org/1.6.4-local |
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr | String found in binary or memory: http://llvm.org/): |
Source: mirroring_hangouts.js.0.dr | String found in binary or memory: http://tools.ietf.org/html/rfc1950 |
Source: mirroring_hangouts.js.0.dr | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: mirroring_hangouts.js.0.dr | String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions |
Source: mirroring_hangouts.js.0.dr | String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01 |
Source: b23aa838-3274-4631-8789-9ae7e0b2cb82.tmp.1.dr, 76fae4a0-8741-4342-8edf-cf0220c0dfb7.tmp.1.dr, manifest.json.0.dr | String found in binary or memory: https://accounts.google.com |
Source: craw_window.js.0.dr | String found in binary or memory: https://accounts.google.com/MergeSession |
Source: b23aa838-3274-4631-8789-9ae7e0b2cb82.tmp.1.dr, 76fae4a0-8741-4342-8edf-cf0220c0dfb7.tmp.1.dr, manifest.json.0.dr | String found in binary or memory: https://apis.google.com |
Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr | String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git |
Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr | String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git |
Source: b23aa838-3274-4631-8789-9ae7e0b2cb82.tmp.1.dr, 76fae4a0-8741-4342-8edf-cf0220c0dfb7.tmp.1.dr | String found in binary or memory: https://clients2.google.com |
Source: mirroring_hangouts.js.0.dr | String found in binary or memory: https://clients2.google.com/cr/report |
Source: manifest.json1.0.dr, manifest.json3.0.dr, manifest.json.0.dr | String found in binary or memory: https://clients2.google.com/service/update2/crx |
Source: b23aa838-3274-4631-8789-9ae7e0b2cb82.tmp.1.dr, 76fae4a0-8741-4342-8edf-cf0220c0dfb7.tmp.1.dr | String found in binary or memory: https://clients2.googleusercontent.com |
Source: mirroring_hangouts.js.0.dr | String found in binary or memory: https://clients6.google.com |
Source: pnacl_public_x86_64_ld_nexe.0.dr | String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry |
Source: pnacl_public_x86_64_ld_nexe.0.dr | String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s: |
Source: 76fae4a0-8741-4342-8edf-cf0220c0dfb7.tmp.1.dr | String found in binary or memory: https://content-autofill.googleapis.com |
Source: manifest.json.0.dr | String found in binary or memory: https://content.googleapis.com |
Source: LICENSE.txt.0.dr | String found in binary or memory: https://creativecommons.org/. |
Source: LICENSE.txt.0.dr | String found in binary or memory: https://creativecommons.org/compatiblelicenses |
Source: mirroring_hangouts.js.0.dr | String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/. |
Source: b23aa838-3274-4631-8789-9ae7e0b2cb82.tmp.1.dr, f46573d3-6dd1-4f2e-a529-5d290c5bf902.tmp.1.dr, d3b2d623-59d4-410c-8dbb-51965d2a262c.tmp.1.dr, 76fae4a0-8741-4342-8edf-cf0220c0dfb7.tmp.1.dr | String found in binary or memory: https://dns.google |
Source: LICENSE.txt.0.dr | String found in binary or memory: https://easylist.to/) |
Source: manifest.json.0.dr | String found in binary or memory: https://feedback.googleusercontent.com |
Source: b23aa838-3274-4631-8789-9ae7e0b2cb82.tmp.1.dr, 76fae4a0-8741-4342-8edf-cf0220c0dfb7.tmp.1.dr | String found in binary or memory: https://fonts.googleapis.com |
Source: manifest.json.0.dr | String found in binary or memory: https://fonts.googleapis.com; |
Source: b23aa838-3274-4631-8789-9ae7e0b2cb82.tmp.1.dr, 76fae4a0-8741-4342-8edf-cf0220c0dfb7.tmp.1.dr | String found in binary or memory: https://fonts.gstatic.com |
Source: manifest.json.0.dr | String found in binary or memory: https://fonts.gstatic.com; |
Source: material_css_min.css.0.dr, angular.js.0.dr | String found in binary or memory: https://github.com/angular/material |
Source: LICENSE.txt.0.dr | String found in binary or memory: https://github.com/easylist) |
Source: craw_window.js.0.dr, craw_background.js.0.dr | String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p |
Source: mirroring_hangouts.js.0.dr | String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h |
Source: mirroring_hangouts.js.0.dr | String found in binary or memory: https://hangouts.clients6.google.com |
Source: manifest.json.0.dr | String found in binary or memory: https://hangouts.google.com/ |
Source: mirroring_hang |