Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * ID: 1232
- * MalFamily: "Gozi"
- * MalScore: 0.5
- * File Name: "Invoice T03-4019577.vbs"
- * File Size: 1711388
- * File Type: "ASCII text, with very long lines"
- * SHA256: "d31246625c830ccd4eec46a7f5298528fc4174091c966e09760cf6f6033b1043"
- * MD5: "fd8215070bad98d9c68ef687e5d8038a"
- * SHA1: "5db74f87cae39b60170f552eef8933cd4701ed2e"
- * SHA512: "5d1f2a0ca3e544e240d5a47f3bd6b023b017f01fdaeef09bd8c404fb9380c6503967ea2f7ad9233b3f5aa2f33ee0b4f89feba70236f525e324c34d16535cdecc"
- * CRC32: "52B49CBC"
- * SSDEEP: "49152:9k83DoInFMiyNs9sx1X7OVsQtSP6LSIX9B7VO/9SH5pg5mZBjTY:m"
- * Process Execution:
- "wscript.exe"
- * Executed Commands:
- * Signatures Detected:
- "Description": "Attempts to connect to a dead IP:Port (3 unique times)",
- "Details":
- "IP_ioc": "2.18.65.113:80"
- "IP_ioc": "199.195.250.171:443 (United States)"
- "IP_ioc": "192.35.177.64:80"
- "Description": "File has been identified by 2 Antiviruses on VirusTotal as malicious",
- "Details":
- "NANO-Antivirus": "Trojan.Script.ExpKit.fugogz"
- "Qihoo-360": "virus.vbs.crypt.c"
- * Started Service:
- * Mutexes:
- * Modified Files:
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\E0F5C59F9FA661F6F4C50B87FEF3A15A",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\E0F5C59F9FA661F6F4C50B87FEF3A15A",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab54F8.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar54F9.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5558.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5559.tmp",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab580A.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar580B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TableOfColors.exe"
- * Deleted Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab54F8.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar54F9.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5558.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5559.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab580A.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar580B.tmp"
- * Modified Registry Keys:
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList"
- * Deleted Registry Keys:
- * DNS Communications:
- "type": "A",
- "request": "zurichwhispers.com",
- "answers":
- "data": "199.195.250.171",
- "type": "A"
- * Domains:
- "ip": "199.195.250.171",
- "domain": "zurichwhispers.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- "country_name": "United States",
- "ip": "199.195.250.171",
- "inaddrarpa": "",
- "hostname": "zurichwhispers.com"
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement