flash

REQUIREMENT.exe

Status: finished
Submission Time: 13.10.2021 15:36:13
Malicious
Trojan
Evader
Spyware
GuLoader FormBook

Comments

Tags

  • exe
  • guloader

Details

  • Analysis ID:
    502075
  • API (Web) ID:
    869650
  • Analysis Started:
    13.10.2021 15:36:14
  • Analysis Finished:
    13.10.2021 16:03:38
  • MD5:
    fb70ff484021669624233d0fbd77ec6a
  • SHA1:
    6820b13631967663ec2637c43c828468633051fd
  • SHA256:
    2b40757a6763aa725d86426ce3cd16fcf1380a9152837d4fbe5e5b085710054c
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
68/100

System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

malicious
100/100

malicious
18/37

IPs

IP Country Detection
47.88.32.85
United States
199.101.245.90
United States
185.73.226.109
unknown
Click to see the 29 hidden entries
156.67.72.176
United States
192.64.116.180
United States
172.67.139.41
United States
75.2.115.196
United States
103.164.172.49
unknown
156.239.224.4
Seychelles
51.77.52.109
France
91.195.240.94
Germany
15.197.150.5
United States
3.121.211.190
United States
151.101.192.119
United States
154.215.231.81
Seychelles
137.117.17.70
United States
192.0.78.25
United States
198.59.144.16
United States
66.96.130.148
United States
198.54.117.211
United States
199.34.228.191
United States
216.189.108.75
United States
154.195.206.5
Seychelles
93.184.220.29
European Union
172.217.168.46
United States
142.250.185.161
United States
142.250.186.179
United States
204.141.43.204
United States
172.217.168.78
United States
172.217.168.33
United States
34.102.136.180
United States
198.54.117.210
United States

Domains

Name IP Detection
www.xn--4pvw92bcry.com
75.2.115.196
www.ceruleden.com
47.88.32.85
www.bqgfk.com
154.195.206.5
Click to see the 49 hidden entries
alexanderorlandis.com
156.67.72.176
centralcontable.net
198.59.144.16
www.mobileiranian2.com
185.73.226.109
taichan.xyz
103.164.172.49
www.fishermandm.com
66.96.130.148
estudio-me.com
192.0.78.25
www.nu12.online
91.195.240.94
www.i8news-de.website
3.121.211.190
a402f69f12f4a8640.awsglobalaccelerator.com
15.197.150.5
www.thousandoaks-buickgmc.com
199.101.245.90
www.alo360.net
156.239.224.4
www.soymilk-design.com
151.101.192.119
tpmionline.com
216.189.108.75
www.shopsharpgraphics.com
199.34.228.191
www.cinargeridonusum.com
154.215.231.81
hkautobox.com
51.77.52.109
www.researchlearningspirit.xyz
172.67.139.41
www.uprisehealthmonitoring.com
137.117.17.70
www.high-clicks.com
192.64.116.180
www.nazfoodstuff.com
0.0.0.0
www.domainair.biz
0.0.0.0
www.6ohmf.info
0.0.0.0
www.estudio-me.com
0.0.0.0
www.bestofnapa.guide
0.0.0.0
www.boliden-ab.com
0.0.0.0
www.alexanderorlandis.com
0.0.0.0
www.marvellouslles.com
0.0.0.0
www.centralcontable.net
0.0.0.0
www.originial-motors.com
0.0.0.0
www.sanchalanprokashon.com
0.0.0.0
www.hkautobox.com
0.0.0.0
www.jkwhitleyphotography.com
0.0.0.0
www.cacaolixir.com
0.0.0.0
www.yakyu-eiga.com
0.0.0.0
www.tpmionline.com
0.0.0.0
www.taichan.xyz
0.0.0.0
www.jachaljuega.com
0.0.0.0
www.ebbtidefloodtide.com
0.0.0.0
bestofnapa.guide
34.102.136.180
docs.google.com
172.217.168.78
parkingpage.namecheap.com
198.54.117.210
cacaolixir.com
34.102.136.180
drive.google.com
172.217.168.46
zhs.zohosites.com
204.141.43.204
googlehosted.l.googleusercontent.com
142.250.185.161
ghs.googlehosted.com
142.250.186.179
clients.config.office.net
0.0.0.0
doc-04-7g-docs.googleusercontent.com
0.0.0.0
doc-0o-60-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
http://www.high-clicks.com/cogu/
http://www.xn--4pvw92bcry.com/cogu/
http://www.tpmionline.com/cogu/
Click to see the 97 hidden entries
http://www.cinargeridonusum.com/cogu/?E6=YWc9mILWetVQGhipA+G2uDb+SeX0Cd/MjDmv0ZQMTg5SMMvYjLI+xM6WaOuTEiNNd0Xk&GJE=6lTPJF
http://www.jkwhitleyphotography.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2
http://www.domainair.biz/cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC
http://www.estudio-me.com/cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi
http://www.shopsharpgraphics.com/cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC
http://www.tpmionline.com/cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC
http://www.taichan.xyz/cogu/?E6=A+BqLwYGva59ha/kPE6YS9y5Cw6+WAl2lefwiAx9zEuoRfqY6i5KVFoFLUK0YMYmgzYy&EVpdF=D6AlWhC
http://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP
http://www.boliden-ab.com/cogu/?E6=S26i6wvHPThQg5EmN96E/uV1flc9kx0qaETcxJTPPIRiBsvCj8OwSBVU0bghLZ2zBTNI&-Z=5j3dv6rhizRPl0MP
http://www.uprisehealthmonitoring.com/cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi
http://www.marvellouslles.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=jcFOH/ZxkSx2B+eOzji128R7cFyPyE6Tynf2GelbWKAhzBX6sEIR/9TLWk4pwFmf1t+F
http://www.shopsharpgraphics.com/cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&JXeD0V=5jFpKDWXi
http://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF
http://www.nu12.online/cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF
http://www.xn--4pvw92bcry.com/cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&-Z=5j3dv6rhizRPl0MP
http://www.ceruleden.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=xvNBpPJxoT3V4STjWu+oXBc4W2+zox4LkJxyAqr5flGYxwgg6ZSnpz45f2Sl431JRkcr
http://www.hkautobox.com/cogu/?E6=XfIccXNfLX5VXF4pbqJOgkj9hfbfozamY6uAUfQ6uaB911jdIVb8IPx0hpo8MPsnFfll&EVpdF=D6AlWhC
http://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC
http://www.cinargeridonusum.com/cogu/
www.tpmionline.com/cogu/
http://www.shopsharpgraphics.com/cogu/
http://www.nazfoodstuff.com/cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC
http://www.nu12.online/cogu/
http://www.soymilk-design.com/cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC
http://www.bqgfk.com/cogu/?E6=Esy+SZGnlGcFL3b4TdwIqkWYMoe5TN9PO2uJWgi8huQtR8iqs12O2F0FkbqpOK+vLGht&EVpdF=D6AlWhC
http://www.domainair.biz/cogu/
http://www.high-clicks.com/cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC
http://www.researchlearningspirit.xyz/cogu/
http://www.fishermandm.com/cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC
http://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC
http://www.fishermandm.com/cogu/
http://www.xn--4pvw92bcry.com/cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&GJE=6lTPJF
http://www.nazfoodstuff.com/cogu/
http://www.alo360.net/cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF
http://www.alexanderorlandis.com/cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi
http://www.i8news-de.website/cogu/?E6=CWSu9rBRqjtTkxrJy4pABq4mxihAfalcaoFBMiLqB2EmPhnp5uCs+6CRD45lGLAfaluR&JXeD0V=5jFpKDWXi
https://docs.google.com/com_q
http://www.thousandoaks-buickgmc.com/cogu/L
https://api.msn.com:443/v1/news/Feed/Windows?
https://www.zoho.com/sites/images/professionally-crafted-themes.png
https://docs.google.com/k
http://www.thousandoaks-buickgmc.com/cogu/W
https://excel.office.com
https://doc-0o-60-docs.googleusercontent.com/docs/secure
https://docs.google.com/
http://www.cacaolixir.com/cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC
https://doc-04-7g-docs.googleusercontent.com/
https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download
https://drive.google.com/
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download&nonce=r167qul5841hi&user=04225796272126474013Z&hash=htm37s8j60l12inv0q761u8k5rdo7ceb
https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra
https://docs.google.com/osoft
http://www.searchvity.com/?dn=
http://www.thousandoaks-buickgmc.com/cogu/6
https://word.office.comcaS
https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external
https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
https://outlook.com
https://doc-04-7g-docs.googleusercontent.com/3
https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
https://www.msn.com/?ocid=iehp
https://doc-04-7g-docs.googleusercontent.com/%%doc-04-7g-docs.googleusercontent.com
http://www.thousandoaks-buickgmc.com/cogu/
https://doc-0o-60-docs.googleusercontent.com/%%doc-0o-60-docs.googleusercontent.com
http://www.searchvity.com/
https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb
https://docs.google.com/nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e%3Ddownload&hash=ne1ffd4kaaa27pue6e32mldfstfdqasf
https://doc-0o-60-docs.googleusercontent.com/
https://doc-04-7g-docs.googleusercontent.com/W
https://doc-04-7g-docs.googleusercontent.com/S
https://api.msn.com/v1/news/Feed/Windows?
https://doc-0o-60-docs.googleusercontent.com/uT
https://www.zoho.com/sites/?src=parkeddomain&dr=www.nazfoodstuff.com
http://www.shopsharpgraphics.com
https://www.msn.com/?ocid=iehpLMEM
http://www.cacaolixir.com/cogu/
https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra59sspsgplogf893q75230rnc/1634132775000/18281895610876391208/*/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download
https://doc-0o-60-docs.googleusercontent.com/b
http://schemas.micro
https://doc-04-7g-docs.googleusercontent.com/t
https://docs.google.com/Gql
https://aka.ms/odirm
http://www.google.com/support/accounts/answer/151657?hl=en
https://www.msn.com/de-ch/?ocid=iehp
https://drive.google.com/cA
https://drive.google.com/f
https://powerpoint.office.com
http://www.foreca.com
https://doc-0o-60-docs.googleusercontent.com/-
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcj
https://docs.google.com/nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleuserco
https://drive.google.com/ertificates
http://www.bestofnapa.guide/cogu/?E6=0YOc4eMaPzOzEkITDzffiHUHUfLmwWJQOjcrghoXxwbMleRPqH/xhR7l6RpoJjhKUSQ4&EVpdF=D6AlWhC
http://www.jachaljuega.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Aidr0p8lx\certmgr3ff.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\DB1
SQLite 3.x database, last written using SQLite version 3035005
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
Composite Document File V2 Document, Cannot read section info
#