Analysis Report http://api.btloader.com

Overview

General Information

Sample URL: http://api.btloader.com
Analysis ID: 320662

Most interesting Screenshot:

Errors
  • URL not reachable

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

There are no high impact signatures.

Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api.btloader.comConnection: Keep-Alive
Source: unknown DNS traffic detected: queries for: api.btloader.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Thu, 19 Nov 2020 15:49:24 GMTContent-Length: 19Via: 1.1 googleData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: ~DF418C9E573E468D37.TMP.1.dr String found in binary or memory: http://api.btloader.com/
Source: {3A2CE5FB-2ACA-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: http://api.btloader.com/Root
Source: classification engine Classification label: unknown0.win@3/14@1/1
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DFC54352A0EDBDD3A0.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5684 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5684 CREDAT:17410 /prefetch:2 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 320662 URL: http://api.btloader.com Startdate: 19/11/2020 Architecture: WINDOWS Score: 0 5 iexplore.exe 2 61 2->5         started        process3 7 iexplore.exe 39 5->7         started        dnsIp4 10 api.btloader.com 130.211.23.194, 49720, 49721, 80 GOOGLEUS United States 7->10
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
130.211.23.194
unknown United States
15169 GOOGLEUS false

Contacted Domains

Name IP Active
api.btloader.com 130.211.23.194 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://api.btloader.com/ false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown