flash

EXPORT INVOICE 2021.exe

Status: finished
Submission Time: 13.10.2021 18:18:13
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • xloader

Details

  • Analysis ID:
    502233
  • API (Web) ID:
    869807
  • Analysis Started:
    13.10.2021 18:20:09
  • Analysis Finished:
    13.10.2021 18:31:05
  • MD5:
    54bb8fbbfe0a665ca59579a0240ce2f0
  • SHA1:
    0b97e4463c76df4541179880902bb6966ef3f894
  • SHA256:
    3bd841c6957e9fdb7e9d4558fb417dca9d7317d087cdbbb270155d9a6698e657
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
22/67

malicious
6/35

IPs

IP Country Detection
51.161.86.13
Canada
209.17.116.165
United States

Domains

Name IP Detection
ratqueen.art
51.161.86.13
www.piedmontpines.school
209.17.116.165
www.kalitelihavaperdesi.com
0.0.0.0
Click to see the 4 hidden entries
www.sosibibyslot.space
0.0.0.0
www.zoipartner.com
0.0.0.0
www.ratqueen.art
0.0.0.0
www.yuezhong66.com
0.0.0.0

URLs

Name Detection
www.vulcanopresale.icu/mqi9/
http://www.ratqueen.art/mqi9/?4heD=-Zg8bjv8BJx4HBw&z0=iv8Ag4bEJuIinTRZ0o23voggRtPwqtQ/ydF60y+S+AJP0Z2gEdIzW1gU1h5YO8GPbSLa
http://www.piedmontpines.school/mqi9/?z0=TImHsH9dZg2P5abYftozWuM8TNrG03iNFbmWCvRDMTsTbH54OyQX2B6DGU+4mOJFrbhV&4heD=-Zg8bjv8BJx4HBw
Click to see the 1 hidden entries
http://www.founder.com.cn/cn

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\EXPORT INVOICE 2021.exe.log
ASCII text, with CRLF line terminators
#