flash

shorefront.dll

Status: finished
Submission Time: 03.06.2021 17:51:44
Malicious
Trojan
Ursnif

Comments

Tags

  • dll
  • Gozi

Details

  • Analysis ID:
    429225
  • API (Web) ID:
    796820
  • Analysis Started:
    03.06.2021 18:04:14
  • Analysis Finished:
    03.06.2021 18:12:32
  • MD5:
    b3526bc3c4a61f9f09ac31ee9a5fc8a5
  • SHA1:
    d92ac3fa9cca4ed8273111f767e24d8f53896787
  • SHA256:
    f4a464c2e5f14cd4c391a9b5ba60deca36ccaa6c1503a097eeb0c5070945d1fb
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
92/100

malicious
32/69

malicious
25/46

Domains

Name IP Detection
app.buboleinov.com
0.0.0.0

URLs

Name Detection
http://app.buboleinov.com/7dGVcD7hOw3lYt5/1yqoO_2BT5cAFQCvp3/7fGu2bPOM/Y70HlHuovLn2gp_2B2GH/4_2FYxaP
http://app.buboleinov.com/BHxjQVeA3bCRL3A0U_2Bhx/6Mf2XW6xM9nlO/OBBDiHLG/gVHcEz5iH6i5Er6PkMAnMWX/IOi2

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B147A46E-C485-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B147A470-C485-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B147A472-C485-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF2325E3FA7AA39907.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF762A57E90D6A65CD.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF896FBAE33087E32E.TMP
data
#