analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.garboweb.com/gweb3/

Full analysis: https://app.any.run/tasks/04c69b80-c715-41cc-9db5-97698e462066
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: March 21, 2019, 01:12:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
socgholish
Indicators:
MD5:

1EAAE4A8DFC73DE7835727068F2B3AA9

SHA1:

23B2594AE1BC5A731F9C53EBC75E95888F217E73

SHA256:

4EEC503D7A7E4F5D1937A7C9FD0794B86C6F146AC787286F167B4445105DF037

SSDEEP:

3:N8DSLerdySA:2OLerdyJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Creates files in the user directory

      • opera.exe (PID: 716)

    • Reads Microsoft Office registry keys

      • opera.exe (PID: 716)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
29
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
716"C:\Program Files\Opera\opera.exe" https://www.garboweb.com/gweb3/C:\Program Files\Opera\opera.exe
explorer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Version:
1748
Total events
460
Read events
398
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
74
Text files
183
Unknown types
10

Dropped files

PID
Process
Filename
Type
716opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprA465.tmp
MD5:
SHA256:
716opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprA475.tmp
MD5:
SHA256:
716opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprA4C4.tmp
MD5:
SHA256:
716opera.exeC:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp
MD5:
SHA256:
716opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\17AC4TXSAO28YQDWMZX6.temp
MD5:
SHA256:
716opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.datbinary
MD5:E8D75D7F6B6ADC8A2C103F941A1BF976
SHA256:7BF374C3D0B841A1D3EC927A39C56611669996B076BE55C721BDF2F16C9864C9
716opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xmlxml
MD5:D261C8E36C3CA35BC665E983E75A1401
SHA256:07BC04C3E617833E08388DEBDCD23F8C741FBA693292467B6CCD55E9284D1CD2
716opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.initext
MD5:9494AE8B21F63017C19D31555B26858A
SHA256:147F07D0A0939FBAEE060161D75A933535024601ACBB54D46D200DCDDC145891
716opera.exeC:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00002.tmpimage
MD5:C27B417227BE52AB5CE1C82F427E63ED
SHA256:2E289AFD77F54E5C817B8910421A038E396D56FD23D3872B230F5337D1175E4A
716opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RFfafde.TMPbinary
MD5:9BE9CCC710D3048CFD9BFA594A41206A
SHA256:85766104413F074C4D5A44FE7A2472002A0B99DC59D4224DB4CD1E19072D2903
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
94
DNS requests
35
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
716
opera.exe
GET
200
216.58.205.227:80
http://crl.pki.goog/gsr2/gsr2.crl
US
der
546 b
whitelisted
716
opera.exe
GET
200
172.217.22.10:80
http://fonts.googleapis.com/css?family=Open+Sans
US
text
199 b
whitelisted
716
opera.exe
GET
200
151.139.128.10:80
http://crl.comodoca.com/COMODORSACertificationAuthority.crl
US
der
812 b
whitelisted
716
opera.exe
GET
200
2.16.186.11:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgMfUyak8MPdfaDZzG0XfVT2fQ%3D%3D
unknown
der
527 b
whitelisted
716
opera.exe
GET
200
216.58.205.227:80
http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEB4RzBKmBEdWmokLqT%2Bc6Ds%3D
US
der
471 b
whitelisted
716
opera.exe
GET
200
2.16.186.11:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgPg8gGu45NVhJlTamzPncyWxQ%3D%3D
unknown
der
527 b
whitelisted
716
opera.exe
GET
302
185.26.182.110:80
http://redir.opera.com/speeddials/booking.com
unknown
whitelisted
716
opera.exe
GET
200
151.139.128.10:80
http://crl.usertrust.com/AddTrustExternalCARoot.crl
US
der
673 b
whitelisted
716
opera.exe
GET
302
185.26.182.110:80
http://redir.opera.com/speeddials/shopping/de
unknown
whitelisted
716
opera.exe
GET
302
185.26.182.110:80
http://redir.opera.com/speeddials/previews/shopping/de
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
716
opera.exe
35.196.235.9:443
www.garboweb.com
Google Inc.
US
suspicious
716
opera.exe
66.225.197.197:80
crl4.digicert.com
CacheNetworks, Inc.
US
whitelisted
716
opera.exe
192.35.177.64:80
crl.identrust.com
IdenTrust
US
malicious
716
opera.exe
82.145.215.40:443
certs.opera.com
Opera Software AS
whitelisted
716
opera.exe
185.26.182.94:443
sitecheck2.opera.com
Opera Software AS
whitelisted
716
opera.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
716
opera.exe
2.16.186.11:80
ocsp.int-x3.letsencrypt.org
Akamai International B.V.
whitelisted
716
opera.exe
216.58.205.234:443
ajax.googleapis.com
Google Inc.
US
whitelisted
716
opera.exe
216.58.205.227:80
ocsp.pki.goog
Google Inc.
US
whitelisted
716
opera.exe
172.217.22.10:80
ajax.googleapis.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.garboweb.com
  • 35.196.235.9
unknown
sitecheck2.opera.com
  • 185.26.182.94
  • 185.26.182.111
  • 185.26.182.112
  • 185.26.182.93
whitelisted
certs.opera.com
  • 82.145.215.40
whitelisted
crl4.digicert.com
  • 66.225.197.197
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
crl.identrust.com
  • 192.35.177.64
whitelisted
ocsp.int-x3.letsencrypt.org
  • 2.16.186.11
  • 2.16.186.27
whitelisted
ajax.googleapis.com
  • 216.58.205.234
  • 172.217.22.10
  • 172.217.18.10
  • 172.217.18.170
  • 172.217.23.138
  • 216.58.206.10
  • 216.58.207.74
  • 216.58.208.42
  • 172.217.16.138
  • 172.217.22.42
  • 172.217.22.74
  • 172.217.22.106
  • 216.58.210.10
  • 172.217.16.202
  • 172.217.18.106
whitelisted
fonts.googleapis.com
  • 172.217.22.10
whitelisted
ocsp.pki.goog
  • 216.58.205.227
whitelisted

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.garboweb.com/gweb3/