download: | index.html |
Full analysis: | https://app.any.run/tasks/20a9894e-6e76-459f-af79-a69e195933d5 |
Verdict: | Malicious activity |
Threats: | njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. |
Analysis date: | May 29, 2020, 23:23:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | EFD7252BBD0F532D60D606633A9DBCD3 |
SHA1: | EAC9530D75EC32A12CBFBD3BDF12ACEB88EDD495 |
SHA256: | FC6F931FD99E1CEEDA12539C3096F3F5F999DCA3739283A1D6237607BA2BA3CE |
SSDEEP: | 3072:P6+ChrmdcUDl0A8Cup+8OIAk8CQn93Wqb3E3P3Bvo3v3pQo3v3/WgG/kPJmG+Jm9:PB6ChDlJWgSUJN+JmKoma |
.xml/atom | | | Atom web feed (92.2) |
---|---|---|
.html | | | HyperText Markup Language (7.7) |
twitterCreator: | @username |
---|---|
twitterSite: | @username |
twitterTitle: | - |
twitterCard: | summary |
twitterDomain: | https://www.vnhax.site/ |
Keywords: | YOUR KEYWORDS HERE |
Description: | YOUR DESCRIPTION HERE |
Title: | Vn-Hax PUBG Mobile Game |
Generator: | blogger |
ContentType: | text/html; charset=UTF-8 |
viewport: | width=device-width, initial-scale=1, maximum-scale=1 |
googleSiteVerification: | xPvbMKtymrsIa1kxhbmbXOH0zfoovK087jzqA68FIWE |
msvalidate01: | BD9F757CB13949150F5BD95C75056F1F |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1192 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
832 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1192 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
380 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | — | explorer.exe |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 68.0.1 | ||||
2716 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 68.0.1 | ||||
2316 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2716.0.493259387\1219946460" -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2716 "\\.\pipe\gecko-crash-server-pipe.2716" 1188 gpu | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 68.0.1 | ||||
2424 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2716.3.1392187240\2044403809" -childID 1 -isForBrowser -prefsHandle 1700 -prefMapHandle 1672 -prefsLen 1 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2716 "\\.\pipe\gecko-crash-server-pipe.2716" 1688 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 68.0.1 | ||||
3884 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2716.13.50069995\595599916" -childID 2 -isForBrowser -prefsHandle 2892 -prefMapHandle 2896 -prefsLen 5997 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2716 "\\.\pipe\gecko-crash-server-pipe.2716" 2916 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 68.0.1 | ||||
2892 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2716.20.1509801051\1420397729" -childID 3 -isForBrowser -prefsHandle 3672 -prefMapHandle 3676 -prefsLen 7299 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2716 "\\.\pipe\gecko-crash-server-pipe.2716" 3688 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 68.0.1 | ||||
4008 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SETUP-Thuvien.rar" | C:\Program Files\WinRAR\WinRAR.exe | firefox.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3224 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2716.27.1592879477\827383403" -childID 4 -isForBrowser -prefsHandle 8068 -prefMapHandle 1356 -prefsLen 8707 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2716 "\\.\pipe\gecko-crash-server-pipe.2716" 3084 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 68.0.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1192 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1192 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF9FB1A45ED5180F41.TMP | — | |
MD5:— | SHA256:— | |||
1192 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF331C36C92FF1603B.TMP | — | |
MD5:— | SHA256:— | |||
1192 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF8CD42A5A7163B533.TMP | — | |
MD5:— | SHA256:— | |||
1192 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{65BE88EF-A203-11EA-9EB1-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
1192 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF71D61B06E87D1CAA.TMP | — | |
MD5:— | SHA256:— | |||
2716 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin | — | |
MD5:— | SHA256:— | |||
2716 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm | — | |
MD5:— | SHA256:— | |||
2716 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js | — | |
MD5:— | SHA256:— | |||
2716 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2716 | firefox.exe | POST | 200 | 195.138.255.16:80 | http://ocsp.int-x3.letsencrypt.org/ | DE | der | 527 b | whitelisted |
2716 | firefox.exe | GET | 301 | 216.239.36.21:80 | http://vnhax.site/ | US | html | 219 b | malicious |
2716 | firefox.exe | POST | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gts1o1 | US | der | 472 b | whitelisted |
2716 | firefox.exe | POST | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gts1o1 | US | der | 471 b | whitelisted |
2716 | firefox.exe | GET | 301 | 216.239.34.21:80 | http://www.vnhax.site/ | US | html | 172 b | malicious |
2716 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2716 | firefox.exe | POST | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gts1o1 | US | der | 471 b | whitelisted |
2716 | firefox.exe | POST | 200 | 195.138.255.16:80 | http://ocsp.int-x3.letsencrypt.org/ | DE | der | 527 b | whitelisted |
2716 | firefox.exe | POST | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gts1o1 | US | der | 471 b | whitelisted |
2716 | firefox.exe | POST | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gts1o1 | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 216.58.208.42:445 | fonts.googleapis.com | Google Inc. | US | whitelisted |
1192 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2716 | firefox.exe | 2.16.107.40:80 | detectportal.firefox.com | Akamai International B.V. | — | malicious |
2716 | firefox.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
4 | System | 216.58.208.42:139 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2716 | firefox.exe | 216.58.212.163:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2716 | firefox.exe | 34.211.106.52:443 | search.services.mozilla.com | Amazon.com, Inc. | US | unknown |
2716 | firefox.exe | 172.217.18.4:443 | www.google.com | Google Inc. | US | whitelisted |
2716 | firefox.exe | 35.165.138.131:443 | push.services.mozilla.com | Amazon.com, Inc. | US | unknown |
2716 | firefox.exe | 216.58.206.10:443 | safebrowsing.googleapis.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
fonts.googleapis.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
detectportal.firefox.com |
| whitelisted |
a1089.dscd.akamai.net |
| whitelisted |
search.services.mozilla.com |
| whitelisted |
search.r53-2.services.mozilla.com |
| whitelisted |
push.services.mozilla.com |
| whitelisted |
autopush.prod.mozaws.net |
| whitelisted |
snippets.cdn.mozilla.net |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .cloud TLD |
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .cloud TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |