Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: ""
- * MalScore: 1.8
- * File Name: "04894_003_0.vbs"
- * File Size: 9154
- * File Type: "ASCII text, with very long lines, with CRLF line terminators"
- * SHA256: "db53cfb82d7f8965a3a5bfe99ba1a5b4363a9605835cebacc9bbd04778098078"
- * MD5: "998ce3c4ccb65f680cc90a24e7e40a72"
- * SHA1: "24255a2a9db792c1875419623351845edf938cdc"
- * SHA512: "8399062d3b85c474ed43d6aba9e344dae123f65cf95ec47b958f9b400cf0e7bb4f3cdcb31cb368ad0b72a4bf97c44583023fbaa27781712e808fe2b30d7e608e"
- * CRC32: "E688F201"
- * SSDEEP: "192:RtkD41ZLHSY14NYQSJyp+9CA/sE95G0PuCXWYa+ew2mtXuwl9OFN/ekq3Tk9uE+p:R241dyUb2+9CUp5zuunTew+wl9C/q3aU"
- * Process Execution:
- "wscript.exe",
- "ipKGT.exe"
- * Executed Commands:
- "C:\\Users\\user\\AppData\\Local\\Temp\\ipKGT.exe"
- * Signatures Detected:
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details":
- "IP": "67.23.226.159:80"
- "Description": "File has been identified by 4 Antiviruses on VirusTotal as malicious",
- "Details":
- "Symantec": "CL.Downloader"
- "Rising": "Trojan.Obfus/VBS!1.B96F (CLASSIC)"
- "Fortinet": "VBS/Agent.RPQ!tr.dldr"
- "Qihoo-360": "virus.vbs.qexvmc.1100"
- "Description": "Performs some HTTP requests",
- "Details":
- "url": "http://domeara.com/erator.php"
- "Description": "Drops a binary and executes it",
- "Details":
- "binary": "C:\\Users\\user\\AppData\\Local\\Temp\\ipKGT.exe"
- * Started Service:
- * Mutexes:
- * Modified Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\ipKGT.exe",
- "C:\\ProgramData\\\\xd0\\xbe\\xd0\\xbb\\xd0\\xbf\\xd1\\x80\\xd0\\xbe\\xd0\\xbb\\xd0\\xbf\\xd0\\xbe\\xd1\\x80\\xd1\\x82\\xd0\\xb4\\xd1\\x8b\\xd0\\xb2\\xd1\\x86.exe"
- * Deleted Files:
- * Modified Registry Keys:
- * Deleted Registry Keys:
- * DNS Communications:
- "type": "A",
- "request": "domeara.com",
- "answers":
- "data": "67.23.226.159",
- "type": "A"
- * Domains:
- "ip": "67.23.226.159",
- "domain": "domeara.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- "count": 1,
- "body": "",
- "uri": "http://domeara.com/erator.php",
- "user-agent": "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)",
- "method": "GET",
- "host": "domeara.com",
- "version": "1.1",
- "path": "/erator.php",
- "data": "GET /erator.php HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)\r\nHost: domeara.com\r\n\r\n",
- "port": 80
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement