flash

HkE0tD0g4NXKJfy.exe

Status: finished
Submission Time: 25.11.2021 15:07:13
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Formbook
  • xloader

Details

  • Analysis ID:
    528615
  • API (Web) ID:
    896141
  • Analysis Started:
    25.11.2021 15:07:14
  • Analysis Finished:
    25.11.2021 15:18:52
  • MD5:
    fcc2d1cda8d3989feca9c5f5f900e164
  • SHA1:
    075de723df172cc93c537d5472ad8025f192ddc8
  • SHA256:
    77e1c24ecfa1d339f61b4b8011690425fa0038b3fe32761f5ce8b3126c28c5ad
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
12/45

IPs

IP Country Detection
103.224.212.219
Australia
142.250.203.115
United States
34.102.136.180
United States
Click to see the 1 hidden entries
52.204.216.132
United States

Domains

Name IP Detection
www.arsels.info
103.224.212.219
www.platinumcredit.net
0.0.0.0
www.thefullfledged.com
0.0.0.0
Click to see the 13 hidden entries
www.jakital.com
0.0.0.0
www.nbtianzhou.com
0.0.0.0
www.xcgtsret.com
0.0.0.0
www.151motors.com
0.0.0.0
www.suepersoldiers.com
0.0.0.0
www.vupeliquid.com
0.0.0.0
www.electricatrick.com
0.0.0.0
AutoScale-HDRedirect-ALB-1-1859847625.us-east-1.elb.amazonaws.com
52.204.216.132
platinumcredit.net
34.102.136.180
electricatrick.com
34.102.136.180
151motors.com
34.102.136.180
vupeliquid.com
34.102.136.180
ghs.googlehosted.com
142.250.203.115

URLs

Name Detection
www.platinumcredit.net/sh5d/
http://www.arsels.info/sh5d/?Yv=U9Dn+H6I1oLCGiFi1oW/bg7Rnic0zjRPtt9AMGb5MRiLdOF7LfbhYF1T4mwo8MTrEy0Q&8pZ=MFQX
http://www.jakital.com/
Click to see the 7 hidden entries
http://www.jakital.com/sh5d/?Yv=deNwNK4CD/WMHHT4cYNp3s43CKigm652n7BnZRGAFJqHojdiJSlOhFJhA2qOeK3G
http://www.151motors.com/sh5d/?Yv=KHnqZ0TbjHhhriSsr4IC2tQHFpsEpNX6XKtcehIZDPMVzpPTFiaMMZSG67rbMC0Gdpxx&8pZ=MFQX
http://www.suepersoldiers.com/sh5d/?Yv=SDhgbwSt5mB4DODrBIecU0Cn9nI1MHSsH0Hazkrlv9wpSquk3LdmspAinMLs2LJY3gHa&8pZ=MFQX
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.vupeliquid.com/sh5d/?Yv=Pdn0Hokg7Q3B7dDVtUX5QMohVVbqJZ0HrhWfxUy6sRCS+GjM4sZ5xKohcZ81Ep8iPYLe&8pZ=MFQX
http://www.platinumcredit.net/sh5d/?Yv=hy4EQ9RQ8H0Qmf+V5oZYawTzVdNi6YgEsN2g+zlr8kWBt8RwCZI+yMGy7WuYiu2G3qgy&8pZ=MFQX
http://www.electricatrick.com/sh5d/?Yv=bH0MuGY0n47F1S4kOvzCBL0/mw6YL+7138CmEb6WqYz18csJYDgpNmReh/JvI3nBbY8S&8pZ=MFQX

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HkE0tD0g4NXKJfy.exe.log
ASCII text, with CRLF line terminators
#