flash

GZe6EcSTpO.exe

Status: finished
Submission Time: 02.04.2021 13:35:36
Malicious
Ransomware
Trojan
Exploiter
Evader
Miner
Mimikatz HawkEye Nanocore xRAT CobaltStrike Codoso Ghost Coinhive Crypto Miner GhostRat Mini RAT Mirai Nukesped PupyRAT Quasar RevengeRAT ComRAT UACMe WebMonitor RAT Xmrig Xtreme RAT

Comments

Tags

  • 1512361453

Details

  • Analysis ID:
    380813
  • API (Web) ID:
    663762
  • Analysis Started:
    02.04.2021 13:45:10
  • Analysis Finished:
    02.04.2021 14:02:45
  • MD5:
    87e0355c098d2dfd890ae4c9da26bbdd
  • SHA1:
    5f300f4dd15cccbe51cd4df51ac30b7c2c84fc75
  • SHA256:
    570c3c298c2d30bfd7d824b0ec8e28b3efa51bf269297348fc5fc30cb81a2d7e
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
37/70

malicious
20/48

malicious

URLs

Name Detection
https://goo.gl/joxXHF
https://www.alienvault.com/open-threat-ex/Operation
http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20araHangover
Click to see the 97 hidden entries
https://www.arbornetworks.com/blog/asert/dirtjumpers-ddos-engine-gets-a-tune-up-kCommunities
http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spfdNearly
http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfpoOperation
http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScBanking
https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.htThe
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeNwOperation
https://asert.arbornetworks.com/uncovering-the-seven-pointed-dagger/
https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdfStantinko
http://news.asiaone.com/news
http://phishme.com/disrupting-an-adware-serving-skype-botnet/
https://www.proofpoint.com/us/threat-insight/post/Meet-GreenDispenser
http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-famiComment
http://www.welivesecurity.com/2015/04/09/operation-buhtrap/ROKRAT
https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidsOperation
https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.htmls/Operation
http://goo.gl/SGcS2HSymantec
http://cyber.verint.com/nymaim-malware-variant/aAPT28
https://goo.gl/rW1yvZ
https://cysinfo.com/malware-actors-using-nic-cyber-security-themed-spear-phishinn
https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-Spearphising
http://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intellige8
http://blog.cylance.com/spear-a-threat-actor-resurfacesThe
https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuClDeciphering
https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tieseNew
https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw-Gold
https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdfLegspin
https://research.checkpoint.com/apt-attack-middle-east-big-bang/
https://blogs.forcepoint.com/security-labs/zeus-delivered-deloader-defraud-custoChinese
https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-pe
http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-Bolek:
https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pd
https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHas.Operation
https://goo.gl/7jGkpV
http://blog.talosintelligence.com/2017/09/brazilbanking.htmlGlobe
http://www.welivesecurity.com/2016/07/12/nymaim-rides-2016-reaches-brazil/Regin
https://www.blueliv.com
http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfHancitor
https://securelist.com/analysis/publications/69953/the-naikon-apt/Citadel
http://phishme.com/disrupting-an-adware-serving-skype-botnet/Pushdo
http://2016.eicar.org/85-0-Download.html
https://vms.drweb.com/virus/?_is=1&ampLinux.Proxy.10
https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfampAnalysis
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeioOperation
http://blogs.cisco.com/security/talos/malicious-pngs6b44c772bac7cc958b1b4535f02a584fc3a55377a3e7f4cc
https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discoversKorplug
https://www.alienvault.com/blogs/labs-researcwrWannaCry
http://www.bleepingcomputer.com/news/security/cryptoluck-ransomware-being-malverNew
http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-insti:/Multiple
https://github.com/ptrrkssn/pnscan
http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-
https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac9Vulnerabilities
http://www.clearskysec.com/winnti/Recent
https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speaLeviathan:
http://www.crysys.hu/miniduke/miniduke_indicators_public.pdfMiniduke
https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate
http://www.waseda.jp/navi/security/2017/0414.htmlCallisto
https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32
http://www.clearskysec.com/dustysky/
http://blog.trendmicro.com/trendlabs-security-intelligence/lurk-retracing-five-y8
http://www.malware-traffic-analysis.net/2017/03/30/index2.htmlxCaon
https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/4PowerStager
http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/dDDG:
http://researchcenter.paloaltonetworks.com/2016/05/unit42-krbanker-targets
https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD1Truebot.A
http://go.cybereason.com/rs/996-
https://www.symantec.com/security_response/writeup.jsp?docid=2018-021208-2435-99Ransom.ShurL0ckr
https://blogs.rsa.com/wp-content/Operation
http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-emNetTraveler
https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfi
http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aOperation
http://blog.checkpoint.com/2017/05/10/diamondfox-modular-malware-one-stop-shop/Spear
http://x.x.x/x.dll
http://pwc.blogs.com/files/cto-tib-20150223-01a.pdfSakula
https://www.bluecoat.com/security-blog/2015-04-09/visual-basic-script-malware-rePotential
https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/
https://twitter.com/eyaBanking
https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20RRSA
https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/
https://twitter.com/cyb3rops/status/1097423665472376832ASCS
http://www.intezer.com/another-distraction-new-version-north-korean-ransomware-h24A
https://objective-see.com/blog/blog_0x26.html
http://blog.talosintelligence.com/2017/02/korean-maldoc.htmlCloud
http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-gove
http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackD1Following
https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdf.
https://www.riskiq.com/blog/labs/fake-flash-update-watering-hole-attack/
https://twitter.com/0x766c6164/status/794176576011309056
https://goo.gl/t3uUTG
https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot
https://securelist.com/analysis/publications/69953/the-naikon-apt/
https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-atOilRig
https://www.openssl.org/docs/faq.html
https://blogs.forcepoint.com/security-labs/ursnif-variant-found-using-mouse-move8
https://blogs.forcepoint.com/security-labs/zeus-delivered-deloader-defraud-custoZEUS
http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-si
http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlTThere

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\otx-c2-iocs.txt
Unknown
#
C:\Users\user\Desktop\filename-iocs.txt
Unknown
#
C:\Users\user\Desktop\lib\win32trace.pyd
Unknown
#
Click to see the 97 hidden entries
C:\Users\user\Desktop\lib\win32ui.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32wnet.pyd
Unknown
#
C:\Users\user\Desktop\lib\winxpgui.pyd
Unknown
#
C:\Users\user\Desktop\lib\yara.pyd
Unknown
#
C:\Users\user\Desktop\msvcm90.dll
Unknown
#
C:\Users\user\Desktop\msvcp90.dll
Unknown
#
C:\Users\user\Desktop\msvcr100.dll
Unknown
#
C:\Users\user\Desktop\otx-c2-iocs-ipv4.txt
Unknown
#
C:\Users\user\Desktop\otx-filename-iocs.txt
Unknown
#
C:\Users\user\Desktop\otx-hash-iocs.txt
Unknown
#
C:\Users\user\Desktop\python27.dll
Unknown
#
C:\Users\user\Desktop\status.log
ASCII text, with no line terminators
#
C:\Users\user\Desktop\tcl\auto.tcl
Unknown
#
C:\Users\user\Desktop\tcl\clock.tcl
Unknown
#
C:\Users\user\Desktop\tcl\encoding\ascii.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\big5.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp1250.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp1251.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp1252.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp1253.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp1254.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp1255.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp1256.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp1257.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp1258.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp437.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp737.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp775.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp850.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp852.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp855.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp857.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp860.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp861.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp862.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp863.enc
Unknown
#
C:\Users\user\Desktop\tcl\encoding\cp864.enc
Unknown
#
C:\Users\user\Desktop\00554e26-4141-4a67-98c4-9454bf8d1c70.dll
Unknown
#
C:\Users\user\Desktop\28f4fa56-e109-42e0-9d12-1e216cf1181f.bin
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\Desktop\2a5e15fa-fe3f-471c-b784-6a56e4aeac95.bin
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\93d72046-08db-4412-ab52-b014148c1823.bin
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\Desktop\9703e260-d265-4332-8de3-4e5fab56a248.dll
Unknown
#
C:\Users\user\Desktop\MSVCR90.dll
Unknown
#
C:\Users\user\Desktop\Microsoft.VC90.CRT.manifest
Unknown
#
C:\Users\user\Desktop\a6be3467-9cec-43b3-8e87-ded73d446923.bin
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\Desktop\ad421c32-aaf8-4995-847c-18069215aace.md
Unknown
#
C:\Users\user\Desktop\c2-iocs.txt
Unknown
#
C:\Users\user\Desktop\falsepositive-hashes.txt
Unknown
#
C:\Users\user\Desktop\fc38c7ee-ad18-4c74-a67c-9df763b1d8a4.bin
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\Desktop\hash-iocs.txt
Unknown
#
C:\Users\user\Desktop\keywords.txt
Unknown
#
C:\Users\user\Desktop\lib\MSVCR90.dll
Unknown
#
C:\Users\user\Desktop\lib\_cffi_backend.pyd
Unknown
#
C:\Users\user\Desktop\lib\_ctypes.pyd
Unknown
#
C:\Users\user\Desktop\lib\_hashlib.pyd
Unknown
#
C:\Users\user\Desktop\lib\_multiprocessing.pyd
Unknown
#
C:\Users\user\Desktop\lib\_socket.pyd
Unknown
#
C:\Users\user\Desktop\lib\_ssl.pyd
Unknown
#
C:\Users\user\Desktop\lib\_tkinter.pyd
Unknown
#
C:\Users\user\Desktop\lib\_win32sysloader.pyd
Unknown
#
C:\Users\user\Desktop\lib\bz2.pyd
Unknown
#
C:\Users\user\Desktop\lib\cryptography.hazmat.bindings._constant_time.pyd
Unknown
#
C:\Users\user\Desktop\lib\cryptography.hazmat.bindings._openssl.pyd
Unknown
#
C:\Users\user\Desktop\lib\cryptography.hazmat.bindings._padding.pyd
Unknown
#
C:\Users\user\Desktop\lib\library.zip
Unknown
#
C:\Users\user\Desktop\lib\mfc90.dll
Unknown
#
C:\Users\user\Desktop\lib\pyexpat.pyd
Unknown
#
C:\Users\user\Desktop\lib\python27.dll
Unknown
#
C:\Users\user\Desktop\lib\pythoncom27.dll
Unknown
#
C:\Users\user\Desktop\lib\pywintypes27.dll
Unknown
#
C:\Users\user\Desktop\lib\select.pyd
Unknown
#
C:\Users\user\Desktop\lib\tcl85.dll
Unknown
#
C:\Users\user\Desktop\lib\tk85.dll
Unknown
#
C:\Users\user\Desktop\lib\unicodedata.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32api.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32clipboard.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.adsi.adsi.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.authorization.authorization.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.axcontrol.axcontrol.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.axdebug.axdebug.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.axscript.axscript.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.bits.bits.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.directsound.directsound.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.ifilter.ifilter.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.internet.internet.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.mapi.exchange.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.mapi.exchdapi.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.mapi.mapi.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.propsys.propsys.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.shell.shell.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32com.taskscheduler.taskscheduler.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32event.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32file.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32gui.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32pdh.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32pipe.pyd
Unknown
#
C:\Users\user\Desktop\lib\win32process.pyd
Unknown
#