=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

FedEx.exe

Status: finished
Submission Time: 2022-05-13 17:17:15 +02:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • formbook
  • modiloader
  • xloader

Details

  • Analysis ID:
    626183
  • API (Web) ID:
    993691
  • Analysis Started:
    2022-05-13 17:17:16 +02:00
  • Analysis Finished:
    2022-05-13 17:34:45 +02:00
  • MD5:
    917aa80e03e09b1d2b6619cc62cdbe22
  • SHA1:
    4124f6fa2d81e4f3db5bc62099fe4f03f71f091f
  • SHA256:
    57f4cf106379977932d3ca39bfceb27bf66b55b60465f3a6560d71983709ecea
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
22/69

malicious
24/41

IPs

IP Country Detection
13.107.43.12
United States
13.107.43.13
United States

Domains

Name IP Detection
l-0003.l-dc-msedge.net
13.107.43.12
l-0004.l-dc-msedge.net
13.107.43.13
www.hpbjq.com
165.3.110.226
Click to see the 2 hidden entries
onedrive.live.com
0.0.0.0
7psoug.db.files.1drv.com
0.0.0.0

URLs

Name Detection
https://7psoug.db.files.1drv.com/
https://7psoug.db.files.1drv.com/9
https://7psoug.db.files.1drv.com/7
Click to see the 9 hidden entries
https://7psoug.db.files.1drv.com/y4ml7-AIKSVvhdNF4oTlWE27Sg2xfN1VXI-zQgD_S8pdj84xCMmYdG5QewqUmSM7ppL4ErfY5FQN7yQ5e8Er7wNoethZZPpye0v7-OBK4AhUUqHfyyPL2MArqnagRFrgHcjasodUbnSfipUTgA205VKAkM6jdwj-Gik53gySQuJl4UaH9ZZ7bt5lPVcB0d0zfIP24kcbexngfNA4ODS-TihkA/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1
https://7psoug.db.files.1drv.com/y4mXzMyFpM-jvgYM2atIhPeCTn-KOLCtL7U4aJYB1KsLhYlFeUNNY5EZ0sSApCOscVc-to_baaLv-1uq-cP7hO418R6MOZIGvLjtvhiD_mEDnWjp3s9Qsm1jpUq4454e-9uDhTZlrnoLq2DLbIyxL0XkGdDoZeoeSpDv4t2v7vZ0zKXXy9SWLxTnkTTK7PFcdWjAgGOV3jjYEd6kSox2c2hfQ/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1
https://7psoug.db.files.1drv.com/D
https://7psoug.db.files.1drv.com/y#
https://7psoug.db.files.1drv.com/C
https://7psoug.db.files.1drv.com/y4ml7-AIKSVvhdNF4oTlWE27Sg2xfN1VXI-zQgD_S8pdj84xCMmYdG5QewqUmSM7ppL
https://onedrive.live.com/download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_
https://onedrive.live.com/download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_G1rJPDU4
https://7psoug.db.files.1drv.com/y4mbREn9_V4vP2iayGOc8Ug-MJsNGUbQ22edGkOo763CxJa0LiZHDGiyIHL8PMA6_CP

Dropped files

Name File Type Hashes Detection
C:\Users\Public\Libraries\Rvsuben.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\Public\Libraries\Rvsuben.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\Public\Libraries\nebusvR.url
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Rvsuben.exe">), ASCII text, with CRLF line terminators
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\Rvsubentohcvaxlbphydsofhyldatal[2]
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\Rvsubentohcvaxlbphydsofhyldatal[1]
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Rvsubentohcvaxlbphydsofhyldatal[2]
data
#