Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: "Sonbokli"
- * MalScore: 1.8
- * File Name: "02049_029_00.vbs"
- * File Size: 9741
- * File Type: "ASCII text, with very long lines, with CRLF line terminators"
- * SHA256: "6219d0720feffdee741f74e4fa0ceddf7f90890a2e20a42aa525df3413a59462"
- * MD5: "244ae81e601e6a7713020cff63a430a9"
- * SHA1: "fb49ee2fc085aff3db2ccebb6602cafcb6e5722a"
- * SHA512: "ecfccf67196ebe94bac56e9959c9611e10ec21b0409a6875143dc08a6cec72e0b5d2b325274cb10a04ffb982e4d33611394e98e0d848827e2750b1641238047b"
- * CRC32: "21E46E2D"
- * SSDEEP: "192:BqivLl+ioy1AZDdk33vvY9Wcdkij/ZKeiE55QVmd0mheubpq:ciTwjy1Avk3fWW6kij/4eiuQVl"
- * Process Execution:
- "wscript.exe",
- "iuceN.exe"
- * Executed Commands:
- "C:\\Users\\user\\AppData\\Local\\Temp\\iuceN.exe"
- * Signatures Detected:
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details":
- "IP": "67.23.226.163:80"
- "Description": "File has been identified by 4 Antiviruses on VirusTotal as malicious",
- "Details":
- "Rising": "Trojan.Obfus/VBS!1.B96F (CLASSIC)"
- "Microsoft": "Trojan:VBS/Sonbokli.A!cl"
- "Fortinet": "VBS/Agent.RPQ!tr.dldr"
- "Qihoo-360": "virus.vbs.qexvmc.1100"
- "Description": "Performs some HTTP requests",
- "Details":
- "url": "http://www.eloka.com/www/images/flash_downloader.php"
- "Description": "Drops a binary and executes it",
- "Details":
- "binary": "C:\\Users\\user\\AppData\\Local\\Temp\\iuceN.exe"
- * Started Service:
- * Mutexes:
- * Modified Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\iuceN.exe",
- "C:\\ProgramData\\\\xd0\\xb5\\xd0\\xb5\\xd0\\x95\\xd0\\xb0\\xd0\\x90\\xd1\\x85\\xd1\\x85\\xd0\\x92\\xd0\\x9e\\xd0\\xb5\\xd0\\x95\\xd0\\xb0\\xd0\\xbe.exe"
- * Deleted Files:
- * Modified Registry Keys:
- * Deleted Registry Keys:
- * DNS Communications:
- "type": "A",
- "request": "www.eloka.com",
- "answers":
- "data": "67.23.226.163",
- "type": "A"
- "data": "eloka.com",
- "type": "CNAME"
- * Domains:
- "ip": "67.23.226.163",
- "domain": "www.eloka.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- "count": 1,
- "body": "",
- "uri": "http://www.eloka.com/www/images/flash_downloader.php",
- "user-agent": "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)",
- "method": "GET",
- "host": "www.eloka.com",
- "version": "1.1",
- "path": "/www/images/flash_downloader.php",
- "data": "GET /www/images/flash_downloader.php HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)\r\nHost: www.eloka.com\r\n\r\n",
- "port": 80
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
