block.dll

Status: finished

Submission Time: 2021-05-03 18:45:27 +02:00

Malicious

Trojan

Ursnif

Comments

Details

Analysis ID:
403080
API (Web) ID:
708320
Analysis Started:

2021-05-03 18:45:28 +02:00
Analysis Finished:

2021-05-03 18:55:22 +02:00
MD5:
5a7c87dab250cee78ce63ac34117012b
SHA1:
554c4ccf2341182768d475087d8a8bcfaa525a12
SHA256:
8a26c32848c9ea085505359f67927d1a744ec07303ed0013e592eca6b4df4790
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 72	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
34.86.224.8	United States

Domains

Name	IP	Detection
app3.maintorna.com	34.86.224.8
chat.billionady.com	34.86.224.8
app.buboleinov.com	34.86.224.8

URLs

Name	Detection
http://app3.maintorna.com/cDNEPwBarUn/ROJH1XYkRfSClQ/qONBPlQo8FxG6mQW9Ogcz/u7mo1Dj2PullrRPq/bR_2BFpPLx7OhU9/HJBhAhHBzmstPPDOE1/w6ebBa_2B/KX_2BOm6FIW3gd6Bvbnj/Sh9h8HN_2BONCwGgPQr/IY0nkmO9u18wIpqrmMTW3z/GWi0vHa3h_2Bj/6IH92Uhj/Iom39I56_2BMfY2_2BRDxU0/VfXOZ9_2BQ/hDbFynpSdJTA10_2B/DTN9zUXGBVIL/6pinDdbjTIZ/J8liN5BZT7oU_2/FDetd44m1Cdm74WjgwpWw/7RPnYCrU0gXGaG9w/dolpQdALprU5fVz/g9lnmYz4c/oMbk6u
http://app.buboleinov.com/zWr7XKiLQ_2F3QZ2bR/ZuzwfgbmQ/mjgvv5jUliwpj1wMmSf1/mVwZRrRJ02ozj18W4CC/_2FqTc0J0ACZs0Zo0yB15V/UkO_2BhXUEjqi/ylcme0uu/h88DPxTz52fwzk2KiAITqAX/y1YkE9ueOd/NzFODbcfeCN_2B548/9jGMMg_2FjQB/TCcN38_2FLl/w78Mf5LsU18OtD/O9ldbeaIz2YOBBV9govEw/if1bIKJhIzR9fYIT/Dva1E7_2F2LcgBj/3WJFp2Il273lx9FN_2/B45JK5S6v/rZZWdDOKWu65eMI2rNKK/RAsOHyLCy3eKhZf_2Fm/CD_2FuANPfLuHGjULRoA2Y/Paqy
http://app.buboleinov.com/zWr7XKiLQ_2F3QZ2bR/ZuzwfgbmQ/mjgvv5jUliwpj1wMmSf1/mVwZRrRJ02ozj18W4CC/_2Fq
Click to see the 8 hidden entries
http://app.buboleinov.com/u9JBOXOyCt1J/Cqk3pF0_2B2/evko0P1iOLkfYu/tE8kijPwXl6fpTUvGY0L0/uKSRiZsz1TrV
http://chat.billionady.com/1Z7Zv_2Fo_2BBI/5yyu9xO7U6xQJUAU9LBdU/_2BZsJzv4AW1v4_2/FuBHkCgtXKYNI2J/fjLUpx4yvdGQ9xBWU8/nZ2UCR2Fn/6_2BJUjWbSDTFYEq01IK/G2MuJJozgl6fI_2Bxi6/8WHocMwy1m3c6beo7EybdT/0fZNT0A7jOYrz/ZJgKKaGn/V_2Bc6nIeAMBXcBQSTKS3tI/dRpB7HoFuq/5r0h_2Bic5oCoaHxQ/GZIQmnaYFeN7/lgmkXjg8R1P/o6CJiUeiWxo9TA/Om1BRSx_2BLEYhxw_2B1w/ztx7Xd1V_2BwFgLL/5ttSiFJbfjzPnDR/nMd_2BdWk4HTz_2Ftn/Va7N0lfshKE/mKz
http://app3.maintorna.com/cDNEPwBarUn/ROJH1XYkRfSClQ/qONBPlQo8FxG6mQW9Ogcz/u7mo1Dj2PullrRPq/bR_2BFpP
http://chat.billionady.com/1Z7Zv_2Fo_2BBI/5yyu9xO7U6xQJUAU9LBdU/_2BZsJzv4AW1v4_2/FuBHkCgtXKYNI2J/fjL
http://chat.billionady.com/hPJ75Rz1l0Yg172f0/W92Rc6NrZORu/agJ84T4GWPF/71Su9Jrd5ILrko/1XWo5CLa_2Bx1ycL2fXGF/76IsZupbi6IIIogp/P_2BrqGlfT6Z_2F/9HIF9QL_2Ffn95EjHz/EKpbgAout/m_2FkBfNGzNFhXOxCcqe/1zQKvOOwqE_2B22qrZS/vj3rmMMb_2BsLkd2AZhDC4/602lvjtm6dYcP/dyzgfgBT/A_2BC4eofqol5orEsMEQPWe/zZ6Swnuj_2/FM3kwbNjGbF9dztKO/5Sul25wMK_2F/fSrDDmSQa3P/LwvXQje5tWHJ24/YCtfl_2Bd9Wgni_2B/yKHW
http://app3.maintorna.com/6r_2FD5QsDWTjJjwzHfBaL/2HYJ2K06UlseV/lZ1msT18/ny_2FHLDol8VG6VjuFqLZ26/y1nZ
http://app3.maintorna.com/6r_2FD5QsDWTjJjwzHfBaL/2HYJ2K06UlseV/lZ1msT18/ny_2FHLDol8VG6VjuFqLZ26/y1nZcgTjUQ/HL5YV0taxU5zFMebw/ouCjKnY1SB67/bctA52f0140/sHpnVH95T_2Fuj/QLIAvGeVws2XTmrrXV3BZ/psxvZSZg2i7jPF9N/caz3S5QCjepHp3W/l6q5V6Mw_2BHygdAjz/QFWLuSVDY/2iEYyTYQm6wj63ekurFy/nVWvwQ5A_2FY6vAZ0b2/ysxIi7hdttfqNZtbDq2s51/_2FLPh7LrbbPo/JhDaZ4qW/MGAYB_2BvyA3HE7Ywiz/pWy
http://chat.billionady.com/hPJ75Rz1l0Yg172f0/W92Rc6NrZORu/agJ84T4GWPF/71Su9Jrd5ILrko/1XWo5CLa_2Bx1yc

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\info_48[2]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
Click to see the 53 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DF036A3D1EB4248F1E.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF0A1D9E093A9500C1.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF183688B2D13937F7.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF187EAA56E17D73EA.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF436970D6C9CDDC13.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF4827C4CB6E557F67.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF712A270B72970A19.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF7FEBD80971BE8B6A.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFE60F766B8C74F7D6.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BF692A63-AC7A-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CDCCBAD5-AC7A-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A33D02D2-AC7A-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A33D02D4-AC7A-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF692A65-AC7A-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF692A67-AC7A-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CDCCBAD7-AC7A-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CDCCBAD9-AC7A-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A33D02D0-AC7A-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ErrorPageTemplate[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\errorPageStrings[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\httpErrorPagesScripts[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\http_404[2]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#

block.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

block.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

block.dll