File: b7ca2d9033ff2bc8b30f16a440ff6149

Metadata
File name:Donacion.doc
File type:docx
File size:49742 bytes
Analysis date:Analyzed on March 23 2017 19:55:52
MD5:b7ca2d9033ff2bc8b30f16a440ff6149
SHA1:0417aa980334e2dc43c2557142de3cc3950ff0d2
SHA256:7f76ddaf808068d6f4f2bfbc3ac8d2e56686bd94010153959d112a5cebfcb003
SHA512:0eeb81f1b74825234e5458e33e2d69226ac8b0ade2861abd1a73256f3ecf4df71598d375b9ace158d7d618bc24bad30f7fcd7912d4a82d97e1134314ba748422
SSDEEP:-
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with b7ca2d9033ff2bc8b30f16a440ff6149.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
kjfjdehfjonglfdgm.in-
fnvijfdbviengk.in-
niwfbnbuibgioege.ru104.27.160.77
ncjksdbnfvirfbirfb.in-
chargeprocess.international104.24.106.228
elgendysoft.com107.180.34.92
nvjrufghbgiufdes.in-
jbregiwfonoawfe.in-
nhtygkdnajkoo4.in-
Hosts
Hosts the malware sample communicates with.
107.180.34.92
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
107.180.34.92/beta.exeMozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
N/A
N/A
N/A
104.27.160.77/kin/logout.php?pid=905Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
104.24.106.228/neutrino.exe0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F [..User-Agent
N/A
N/A
N/A
104.27.160.77/kin/logout.phpMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
104.27.160.77/kin/logout.php?id=22011680A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A [.User-Agent
N/A
N/A
N/A
104.27.160.77/kin/logout.php?pid=863Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
104.27.160.77/kin/logout.phpMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
104.27.160.77/kin/logout.php?id=32952180A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A [.User-Agent
N/A
N/A
N/A
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
"\Sessions\1\BaseNamedObjects\Local\10MU_ACBPIDS_S-1-5-5-0-61684"
"\Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906"
"\Sessions\1\BaseNamedObjects\Local\10MU_ACB10_S-1-5-5-0-61684"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Global\MsoShellExtRegAccess_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\ZonesCounterMutex"
"Local\ZonesLockedCacheCounterMutex"
"Local\ZoneAttributeCacheCounterMutex"
"Local\ZonesCacheCounterMutex"
"Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Global\MsoShellExtRegAccess_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\10MU_ACB10_S-1-5-5-0-61684"
"Global\552FFA80-3393-423d-8671-7BA046BB5906"
"Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\10MU_ACBPIDS_S-1-5-5-0-61684"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about b7ca2d9033ff2bc8b30f16a440ff6149.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.