Register Login

sloganpng

top title background image

tIJVb0BvkI.dll

Status: finished

Submission Time: 2022-05-04 16:20:13 +02:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Tags

Details

Analysis ID:
620333
API (Web) ID:
987837
Analysis Started:

2022-05-04 16:26:19 +02:00
Analysis Finished:

2022-05-04 16:40:25 +02:00
MD5:
f28f39ada498d66c378fd59227e0f215
SHA1:
1c9c0584ad51f5be3f16b334d758c88b8cdb7b38
SHA256:
0a66e8376fc6d9283e500c6e774dc0a109656fd457a0ce7dbf40419bc8d50936
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 20/42

IPs

IP	Country	Detection
185.189.151.28	Switzerland

URLs

Name	Detection
http://185.189.151.28/drew/MoXDvlmqf2lW3/EB1qVgQf/WMGbWvk8B3AU0qv1MnO4KKv/8mMADRXtjZ/pOzmC2TJWxSBePQQf/vX4xXJ2IWlh9/BWCOo52VZG1/qFF3rGEbDGBwji/AFMqmR1WMmM5K0LIMoI8g/D8c5DrZSEGvsAUch/2HdMta1B0ffeRMZ/k3cTTdUk82uBVmy7RF/Rr_2FL2he/DujtrSekUisPa3nAIzJG/cz1155F97esi6v8egB5/_2FIb4A5CDY4_2BdVWbog2/rBYVbP7pL/9UBLZ.jlk
http://185.189.151.28/drew/blHtwIV2gkF3APGb/H5p0FtkLiZWuAmQ/YhhCMjxxL58xCK2uAV/WcBrEd5nc/_2FWto4DjLEhKaYvKzYG/62F8wcJNe79PrlqCY04/xwdKlEWPSs9w4mnPcT_2Ft/CBh9Jka_2BBO_/2FnUOsl_/2FeukB5Oo3R7waflgs2APeC/CflAOA3Y4e/fxy536Bj3MO1PfKKA/SIX3IKWM1adU/v_2FKt6MdMc/MqBgUjh6Lil97f/dDK979RFebXcHjW4yVEWU/DckDOUNWU_2FdK/Emn7xfA9.jlk
http://185.189.151.28/
Click to see the 9 hidden entries
http://https://file://USER.ID%lu.exe/upd
http://185.189.151.28/drew/A_2Fp
http://185.189.151.28/drew/blHtwIV2gkF3APGb/H5p0FtkLiZWuAmQ/YhhCMjxxL58xCK2uAV/WcBrEd5nc/_2FWto4DjLE
http://constitution.org/usdeclar.txt
http://185.189.151.28/ws
http://185.189.151.28/drew/MoXDvlmqf2lW3/EB1qVgQf/WMGbWvk8B3AU0qv1MnO4KKv/8mMADRXtjZ/pOzmC2TJWxSBePQ
http://crl.microsof
http://185.189.151.28/drew/A_2FpZGEmDd1hJ/x8Dd5HmeBl3U4_2FUXOC4/CREe0umz
http://constitution.org/usdeclar.txtC:

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Temp\2tb3qiq3\2tb3qiq3.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\2tb3qiq3\2tb3qiq3.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Temp\2tb3qiq3\2tb3qiq3.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\2tb3qiq3\2tb3qiq3.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\2tb3qiq3\CSCCA338523CEA149558ADCBDE2BD495CFE.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\5xaibb03\5xaibb03.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\5xaibb03\5xaibb03.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\5xaibb03\5xaibb03.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\5xaibb03\5xaibb03.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\5xaibb03\CSC5E69315C691F4C1A85D8DAF9C7145CE8.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\RES109F.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols	#
C:\Users\user\AppData\Local\Temp\RES37BE.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_magqr2lp.csh.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u3nzoxvm.isc.ps1	very short file (no magic)	#