bsalazarSecuremail#Redriverbank2602VY8-FOAT7J-SNN6eYn999.html

Status: finished

Submission Time: 2022-05-13 15:47:50 +02:00

Malicious

Phishing

HTMLPhisher

Comments

Details

Analysis ID:
626103
API (Web) ID:
993612
Analysis Started:

2022-05-13 15:49:27 +02:00
Analysis Finished:

2022-05-13 15:58:38 +02:00
MD5:
bb0c6e89198797992503772ef06e95c0
SHA1:
52f29b0581c4d63fc3c6716c2c2e8574741fcda0
SHA256:
f7db9d3408304aac67ef83179ab40ea97992aba9f8d6c80d4363d215f3416d93
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 56	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
173.231.212.223	United States
142.250.185.238	United States
13.107.246.60	United States
Click to see the 3 hidden entries
239.255.255.250	Reserved
152.199.23.37	United States
142.250.186.77	United States

Domains

Name	IP	Detection
cs1100.wpc.omegacdn.net	152.199.23.37
accounts.google.com	142.250.186.77
part-0032.t-0009.t-msedge.net	13.107.246.60
Click to see the 5 hidden entries
clients.l.google.com	142.250.185.238
lootahbf.work	173.231.212.223
clients2.google.com	0.0.0.0
code.jquery.com	0.0.0.0
aadcdn.msftauth.net	0.0.0.0

URLs

Name	Detection
file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html
https://accounts.google.com/MergeSession
https://clients2.google.com/service/update2/crx
Click to see the 22 hidden entries
https://clients2.google.com
https://www-googleapis-staging.sandbox.google.com
https://www.google.com/
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
https://apis.google.com
https://clients2.googleusercontent.com
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
https://accounts.google.com
https://www.google.com/images/dot2.gif
https://www.google.com
https://dns.google
https://www.google.com/images/x2.gif
https://sandbox.google.com/payments/v4/js/integrator.js
https://lootahbf.work/prv.phpbsalazar@redriverbank.net
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
https://payments.google.com/payments/v4/js/integrator.js
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
https://www.google.com/images/cleardot.gif
https://ogs.google.com
https://www.google.com/intl/en-US/chrome/blank.html
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\5aba1b91-3f29-4a1d-be20-5481c4ffda6f.tmp	Google Chrome extension, version 3	#
C:\Users\user\AppData\Local\Temp\f606de6d-d69d-4bdd-8c16-ad29b018f73e.tmp	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\7164_441413112\manifest.json	ASCII text	#
C:\Users\user\AppData\Local\Temp\7164_441413112\manifest.fingerprint	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\7164_441413112\download_file_types.pb	data	#
C:\Users\user\AppData\Local\Temp\7164_441413112\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\7164_1441336542\manifest.json	ASCII text	#
C:\Users\user\AppData\Local\Temp\7164_1441336542\manifest.fingerprint	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\7164_1441336542\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\5aba1b91-3f29-4a1d-be20-5481c4ffda6f.tmp	Google Chrome extension, version 3	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\f6dfb920-945b-4dfd-956a-29dee796eb18.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\dedfff9e-d59d-4ab5-a68b-32959dc0af2f.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\76a6832e-4e2e-4f36-a893-aa30bcde8378.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\915cd872-514f-4084-a459-f4b21e3a1f6e.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8b434215-1fbc-4de6-9d11-cf6a6afdfe3e.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8343d203-5dd7-4185-9a5c-b7678abacfe0.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7af0d1a8-40d4-4d36-80bc-f4970186dcf3.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\1ab063b0-0b11-4bdb-b1d1-979be8ed357e.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\753a11e4-444f-4e97-8932-3d73a0aeedeb.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4e96ab8c-b15f-4d74-a9f0-91049ffad858.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3a4dc16e-51e8-4dba-a653-d47f521933b9.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\294193eb-34f0-46ca-bce8-0f9b73156572.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\281a3ca4-5e5d-4558-8eec-0420233d7923.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\21899ed0-a729-4e73-9344-a9f9f420e522.tmp	very short file (no magic)	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\9bcb409f-ff59-44d0-a895-b2cbc2a0e221.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\6b416a58-731d-4d16-9355-fe752272a170.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\3b7ec284-c386-45f0-9d15-3fa716c9dbad.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\24daa5e9-51f7-4830-b8e1-2759578667f3.tmp	SysEx File -	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c983ef26-af0d-45a8-9f68-c8b80d88663c.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\dbcd7278-5b93-4193-888f-e89a32f0c9e8.tmp	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\d286935c-e447-48f1-a8c0-180a96710cc4.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\c0776715-09d6-49d6-a24f-d63d357d0730.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ffc0c749-66f5-4094-bdea-6a3ad1ee989c.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d7125196-6ba5-4219-92c7-73b031301152.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d3d74c08-8c70-4c04-88c5-52bd5e777902.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c8abc7da-0405-4b86-b0d4-e838807cee59.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c6f42f83-3c41-41ae-95a8-8704583e55fe.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b86c17f6-7dca-48be-ad41-8653de68c7da.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b0be17d4-5385-404a-8c56-da6e6e752d46.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a9cfb5cf-c9a5-42fe-821b-115a1a8a777a.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\efd2cc8f-d662-4a18-8425-a1c45d4ccfa2.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	#

bsalazarSecuremail#Redriverbank2602VY8-FOAT7J-SNN6eYn999.html

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

bsalazarSecuremail#Redriverbank2602VY8-FOAT7J-SNN6eYn999.html Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

bsalazarSecuremail#Redriverbank2602VY8-FOAT7J-SNN6eYn999.html