=
flash

61b85f75e6a7c.dll

Status: finished
Submission Time: 14.12.2021 10:19:16
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • brt
  • dll
  • exe
  • gozi
  • isfb
  • ursnif

Details

  • Analysis ID:
    539453
  • API (Web) ID:
    906975
  • Analysis Started:
    14.12.2021 10:19:18
  • Analysis Finished:
    14.12.2021 10:35:57
  • MD5:
    26788bdf519813ff2600570a5c8e23d9
  • SHA1:
    44f22a053e84cd7afcf34a4fa19dbf512c8a624d
  • SHA256:
    25f74513f1f0a72453bf096337daba7268bf77371f7fc210f56672f52b7b3af1
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

IPs

IP Country Detection
3.20.161.64
United States
79.110.52.144
Romania
18.219.227.107
United States
Click to see the 1 hidden entries
3.12.124.139
United States

Domains

Name IP Detection
berukoneru.website
79.110.52.144
1.0.0.127.in-addr.arpa
0.0.0.0
windows.update3.com
0.0.0.0
Click to see the 2 hidden entries
8.8.8.8.in-addr.arpa
0.0.0.0
prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com
3.12.124.139

URLs

Name Detection
https://berukoneru.website/tire/qmvui3Jef80_2BIeM_2BXh/O_2By54KPinsD/_2BFfpah/5k89w5bXqU7DEWhQp1iBEy2/_2BnU_2FsR/sUo3C8aISdxyIYl8W/JynqV_2BmddH/AgiN2_2BUrO/VCPQbezXreMebQ/izeoYIW_2BTEh6B2Zh_2B/L3PgbMDpsuFq53n5/obVS_2BHmsXbkex/IxU7ONkaq6S5id4E4C/VTSP2pp87/7bclEnvP5UuFRz5_2FIN/q_2FKVUn/a3U.eta
https://berukoneru.website/tire/XmFjtmy1jR6lateNyuPVYzk/zqxAUph9t_/2FhKh_2BKiBZEq6Pk/avtEml_2FYjs/Y8y781fyUpX/C_2FGsjVf_2F1i/tI0L_2Fc4mVHQ5jOtMGU8/MLBmn_2F0B4RgjE1/vjwq5A2_2B3O0OF/2xAZRByvalCt4EW7PP/8v2xGWGrY/70z8u8ipgSqR2XldqMkC/Q_2FRHW9LM53wtTl2y8/wrMCO.eta
https://berukoneru.website/tire/pXEvhesP8JJkQtOX4Z5G/OiJKf20ix2ZGR09v_2B/AwevbnlWqTi_2FbmjeIBIJ/B8iREIEDTHJ8C/QPwxSlTX/9Ss6_2FUQqUE8Rtt6tkm28v/8Qb_2FbAb4/RcCK4EpQ3Lh0e_2BV/nW7_2F9KVPTc/RWwFawwnn1T/NBQ509K2MeA0Zg/X_2BL3B2nl1ByESW4otQy/_2FmAs1Ly6/iqZ3GWXa.eta
Click to see the 31 hidden entries
https://berukoneru.website/tire/k0k9N5zvmOwLqrZ9t/mA_2BT5LewRQ/XIHVxnLBVoU/TCE3xXfm5Bjx_2/FNwBkfDvRbJwwM4AJLewo/S2GmqFJJAf16v117/0Fd8Da4X45K7ewO/ZOOFQH9lFoxITYmiaW/UM4b3mHcB/fh9cKbdZnHyGiZkOZevh/xKEuDuLDKEmBX5F2T0A/HlQglDHz0FPghDE04k7Rtp/qlpZkGrY6jSqN/zGqWq5UgJ/rU.eta
https://berukoneru.website/tire/jd_2FYT4kZR8w841QcBB1/tR81NFI9aRqohSRO/X0dydnORWplT5uR/5w00AG_2B_2FJ09dQQ/WUxRePiB4/GTOJFQ8FP8igXEjbgkH9/zEak3366_2FSVu5YatC/6c8yBLY3VgDZriaVuWUlRJ/NfUpYHR7DlV_2/FmC6rrvj/IWZqq_2FXZYrZ6Jfrjl4wOK/cOGNowVtID/CNlyDmEUAcdL6Nggn/Q6FP_2FvO/_2BU9JHdR/p.eta
https://berukoneru.website/tire/tEXumA952Z/iljgXIorkNbq6MNPU/M3Mb2CH8XEAs/ZvNkij3gQew/dxKPUhxVjzkBtZ/B3kMEs_2FJYP69uLJ0Zru/_2BYjun6ZVTrWBF0/nSePp_2BxhkopWf/iGbA1ax9WTenbT0BwC/JetFByiwf/3LiswTAhhMHb0jpdGXHw/RYbbpWHEDIwmZCcWi7e/zfbtXmV0tr/6_2BifPd.eta
https://berukoneru.website/tire/KjB2BgkWWh/2R_2Fkj8GC7yaP1kC/DPb_2B003_2B/KSHrvwTkEkd/_2FAMHiah0zctf/nNbEHjkCSlyuZxandMk7W/125Nt4kKNIyzhV_2/FpQlU2nlzM_2FEI/PEryRBP68LWoGHV3sm/y9L4VUWvc/E0UlFXDmQ0_2F2mVHcN_/2B13NnOs91EWboOkL1Q/soeab74L05htIewL3_2FTu/VD2Jph.eta
https://berukoneru.website/tire/yIaXbfYof9IP/8B_2BPJ4_2B/hMnTiYTFHmvWMq/Om0JbLkmD_2F5koSu_2FY/nLk_2FKibFUJ9gOk/MZT8jf1B5RdC0UZ/6Z4No8ixNFmBVmH7Bj/uDf3BhOPM/DLBe_2Bd6mkqoP7YTIID/XBuFTJLHbx1D4QjnBWn/TnGiYGHPz2eGN6knS8Er2o/_2B5QVwmx2J_2/BE8gCb3N/ingbPXC9ZN_2BMhH2cvWH8p/CYnerQtz/Ddd.eta
https://berukoneru.website/tire/gzRMSfagaZDYqNWCuNWpBQY/d3QH3HcNtD/fG3zb1_2FY310Wc1Z/tU68j9ArrsrY/cG2nzLaOesJ/1fJaUxYEiS_2Fq/6VuTPCoO1fL43Db5nwE4B/eNIHObz48Uk8thb4/s2ZGHDbOs4GyVjB/HB5iQTw6wsHP9eF2fL/ehbbJ4i3G/wutxyBgCPuYINeY4btAA/_2FftqK8_2FJ53N0BbQ/E4DqjTtkOXgod/z7et.eta
https://berukoneru.website/tire/aZ8BheahozwZJezagn3wPqr/iz35YcAb_2/F5jeyfvVg2ICfCrEk/0rrw6u3U7gic/uqJTyp4A5eQ/0U2GqSt0iiLbUx/HO3viOhQ8WkG8vbfTOB_2/BnaqEkGKFXXYKGIR/Ctbh99dX8lvtuYg/YlazQ5uDO_2FKEL9Q_/2BJjb_2Fo/n4TKwNU4Z7gGvATNQb4t/rYS_2FADS/RnX9qstM/g.eta
https://berukoneru.website/tire/YD_2F3yJEGCuLOsTrEXJLr/HYLMnHFPJYjiw/7tKlG8tS/_2BbBwzFFUBrFGVOQLc5STZ/vcc52sXSbU/E9hymn9Lr8ZbD9qxB/Q3FPG7MgMTRh/kGaKVJ7xEwY/wcc7fc8ZQUc61Z/HBzqpDy8uRQEtHRcSSjiO/YH3881lPkApc1W7g/7TBJUbFugsSMYgd/TFU1BUGgDWNFTw3w_2/FKBKIQxkn/wyKgErA3/rpA.eta
https://aka.ms/MicrosoftEdgeDownload"
http://nuget.org/NuGet.exe
https://berukoneru.website/tire/KjB2BgkWWh/2R_2Fkj8GC7yaP1kC/DPb_2B003_2B/KSHrvwTkEkd/_2FAMHiah0zctf
http://schemas.mic
http://pesterbdd.com/images/Pester.png
http://www.apache.org/licenses/LICENSE-2.0.html
https://berukoneru.website/tire/aZ8BheahozwZJezagn3wPqr/iz35YcAb_2/F5jeyfvVg2ICfCrEk/0rrw6u3U7gic/uq
https://windows.update3.com/tire/vuHeqIQ3bqpSw_2Byc/c_2BB_2Fi/KRLpI_2FLMzbCYIdYZV9/wMp8vpBadTBEn6lom
http://constitution.org/usdeclar.txtC:
https://contoso.com/License
https://contoso.com/Icon
https://windows.update3.com/
http://https://file://USER.ID%lu.exe/upd
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
https://github.com/Pester/Pester
http://crl.microsoftq
https://windows.update3.com/P
https://berukoneru.website/
http://constitution.org/usdeclar.txt
https://contoso.com/
https://nuget.org/nuget.exe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://windows.update3.com/i

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\jtmpm3o0\jtmpm3o0.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
Click to see the 49 hidden entries
C:\Users\user\AppData\Local\Temp\RES391B.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols
#
C:\Users\user\AppData\Local\Temp\RES4531.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols
#
C:\Users\user\AppData\Local\Temp\RES5221.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols
#
C:\Users\user\AppData\Local\Temp\RES5A7E.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2eefwtls.lhg.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3qmymils.dhi.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c23bcfov.aow.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_culvhp2o.fyb.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mf2uh0zs.y2u.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pojno3ob.mpp.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v0ypotfd.4rq.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xeezm4uy.clm.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\fvuaw4pr\fvuaw4pr.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\fvuaw4pr\fvuaw4pr.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\fvuaw4pr\fvuaw4pr.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\gmpgobli\CSCF109427183474975B6FB7C2A3C78B8D5.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\gmpgobli\gmpgobli.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\gmpgobli\gmpgobli.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\gmpgobli\gmpgobli.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\gmpgobli\gmpgobli.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\hr1cwmgj\hr1cwmgj.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\hr1cwmgj\hr1cwmgj.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\hr1cwmgj\hr1cwmgj.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\hupbkl0t\CSC47FEF1B1BE13496F9299275D8347BD99.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\hupbkl0t\hupbkl0t.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\hupbkl0t\hupbkl0t.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\hupbkl0t\hupbkl0t.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\hupbkl0t\hupbkl0t.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\jtmpm3o0\CSCBACB7DE77FE24526BA1047DDC177EBA6.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\jtmpm3o0\jtmpm3o0.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\jtmpm3o0\jtmpm3o0.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\jtmpm3o0\jtmpm3o0.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\kon0vos3\CSCE7DAF0804EB6B39EE1E6CAB9C626.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\kon0vos3\kon0vos3.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\kon0vos3\kon0vos3.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\kon0vos3\kon0vos3.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\kon0vos3\kon0vos3.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\m501nuko\m501nuko.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\m501nuko\m501nuko.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\m501nuko\m501nuko.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\wnczrnms\CSC2E55B817A1C42F79C3F14C28684A599.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\wnczrnms\wnczrnms.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\wnczrnms\wnczrnms.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\wnczrnms\wnczrnms.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\wnczrnms\wnczrnms.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\Documents\20211214\PowerShell_transcript.088753.0fmmIESA.20211214102149.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20211214\PowerShell_transcript.088753.C1OhZlCs.20211214102152.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20211214\PowerShell_transcript.088753.a52niw8E.20211214102148.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20211214\PowerShell_transcript.088753.emLoLZBh.20211214102148.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#