flash

SecuriteInfo.com.Trojan.GenericKD.46442270.25635.exe

Status: finished
Submission Time: 07.06.2021 20:39:19
Malicious
Trojan
Evader
GuLoader Remcos

Comments

Tags

  • exe

Details

  • Analysis ID:
    430707
  • API (Web) ID:
    798309
  • Analysis Started:
    07.06.2021 20:41:45
  • Analysis Finished:
    07.06.2021 20:53:32
  • MD5:
    853744502b68e50e6cbaf81ffb3f5cc0
  • SHA1:
    ea748baebe70d7c6d3da9d1a2a34b76051425962
  • SHA256:
    8115607710c35c78eda8dd16d73cab92e2c857d8c91eb1422fcc1b3f06835a4a
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
96/100

IPs

IP Country Detection
192.185.113.219
United States
172.94.125.152
United States

Domains

Name IP Detection
ztechinternational.com
192.185.113.219
hjduiebcvzcalpmjdbcnwqadhsiybcnzxswedgap.ydns.eu
172.94.125.152

URLs

Name Detection
http://ztechinternational.com/dk/Jice_remcos%202_vOOXAzQx82.bin

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\install.vbs
data
#
C:\Users\user\AppData\Roaming\win.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\win.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338387\c20d61befcda487dbc17044b70fd3bfd_1.~tmp
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338387\d572bee68d954d8f906b98a2e017f820_1.~tmp
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Roaming\logs.dat
ASCII text, with CRLF line terminators
#
C:\Windows\Lwo7
ASCII text, with CRLF line terminators
#