flash

xGrfj8RvYg.exe

Status: finished
Submission Time: 11.06.2021 06:33:12
Malicious
Trojan
Evader
AsyncRAT

Comments

Tags

  • AsyncRAT
  • exe
  • RAT

Details

  • Analysis ID:
    433020
  • API (Web) ID:
    800624
  • Analysis Started:
    11.06.2021 06:33:12
  • Analysis Finished:
    11.06.2021 06:41:26
  • MD5:
    722603aa75534bec9d1191f062fb2c03
  • SHA1:
    321ea5aa8368f394dcbdcc6ce7ebaab89861150d
  • SHA256:
    3e7cecddd88f1fdc8eb055ef6ab1eacfadb706582cb0fe190d99e493baa78691
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
92/100

IPs

IP Country Detection
216.230.75.62
United States
207.241.227.119
United States
207.241.232.198
United States
Click to see the 3 hidden entries
207.241.227.126
United States
207.241.227.112
United States
207.241.224.2
United States

Domains

Name IP Detection
ia601406.us.archive.org
207.241.227.126
ia601509.us.archive.org
207.241.227.119
archive.org
207.241.224.2
Click to see the 2 hidden entries
ia601502.us.archive.org
207.241.227.112
ia803408.us.archive.org
207.241.232.198

URLs

Name Detection
https://go.micro
http://certs.godaddy.com/repository/1301
https://contoso.com/Icon
Click to see the 52 hidden entries
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txts
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtr
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtx
https://certs.godaddy.com/repository/0
https://ia601406.us.archive.orgx
https://github.com/Pester/Pester
https://archive.org
https://ia601406.us.archive.org
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txto
https://ia601502.us.archive.org/
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtC:
https://ia601406.us.archive.org/9/items/server-lol-123_20210603/Server_lol123.txt0ywI
https://ia601509.us.archive.org
http://crl.godaddy.com/gdroot-g2.crl0F
https://ia601509.us.archive.org/21/items
https://ia601406.us.archive.org/9/items/server-lol-123_20210603/
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtf
https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT
http://crl.godaddy.com/gdroot.crl0F
https://archive.org/download/run-02-02-02/Run_02_02_02.TXT
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtQ
https://ia803408.us.archive.org/9/items/run-02-02-02/Run_02_02_02.TXT
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt
https://ia601509.us.archive.org/
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt...7l
http://crl.microsoft
http://ia803408.us.archive.org
http://certificates.godaddy.com/repository/0
https://contoso.com/License
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt...
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt1
https://ia601406.us.archive.org8
http://archive.org
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt0
http://ia601406.us.archive.org
https://ia601406.us.archive.org/32/items/run-02-02-02/Run_02_02_02.TXT
https://ia601406.us.archive.org/9/items/server-lol-123_20210603/Server_lol123.txt
https://contoso.com/
https://nuget.org/nuget.exe
https://ia601509.us.archive.org/21/items/all-lol-123_20210603/AL
https://ia803408.us.archive.org
https://ia803408.us.archive.orgx
http://crl.goi
http://certificates.godaddy.com/repository/gdig2.crt0
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://nuget.org/NuGet.exe
https://archive.orgx
http://crl.godaddy.com/gdig2s1-1597.crl0
http://pesterbdd.com/images/Pester.png
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtst-MC:
http://www.apache.org/licenses/LICENSE-2.0.html
http://microsoft.co

Dropped files

Name File Type Hashes Detection
C:\Users\Public\-----Run+++++++++.ps1
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\Public\Run\Run.vbs
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xGrfj8RvYg.exe.log
ASCII text, with CRLF line terminators
#
Click to see the 8 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Clean_lol123[1].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j4sskfsz.fda.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ligmpoba.nku.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vivyprwg.nre.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xdrybsou.rmb.psm1
very short file (no magic)
#
C:\Users\user\Documents\20210611\PowerShell_transcript.715575.7kfD7GZs.20210611063402.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20210611\PowerShell_transcript.715575.rFlTN3zv.20210611063435.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#