Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

VoRTaSs6hl.exe

Status: finished
Submission Time: 2022-08-05 11:27:06 +02:00
Malicious
Trojan
Exploiter
Evader
DBatLoader, Remcos

Comments

Tags

  • exe

Details

  • Analysis ID:
    679178
  • API (Web) ID:
    1046684
  • Analysis Started:
    2022-08-05 11:27:07 +02:00
  • Analysis Finished:
    2022-08-05 11:40:44 +02:00
  • MD5:
    6e2d9824eeebad8b1507fa4238892439
  • SHA1:
    03a6497741b9697f9234f85644cd35aa5bf0e42e
  • SHA256:
    f10c2bbc2319e72bc4dee452a2de176573d88eafecc30e97748b5dd087f4ea1f
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 41/71
Open Full Report
malicious
Score: 14/35
malicious
Score: 21/26
malicious

IPs

IP Country Detection
87.251.79.109
 Russian Federation
13.107.43.12
 United States

Domains

Name IP Detection
bestsuccess.ddns.net
 87.251.79.109
l-0003.l-dc-msedge.net
 13.107.43.12
qkvera.am.files.1drv.com
 0.0.0.0
Click to see the 1 hidden entries
onedrive.live.com
 0.0.0.0

URLs

Name Detection
bestsuccess.ddns.net
http://schemas.xmlsoap.org/ws/2004/09/policyv8
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
Click to see the 34 hidden entries
https://qkvera.am.files.1drv.com/y4m6X9azireYGB5vWYP6H3S1U6wAPPTYdikVkLzvd_47vS0TaVf0JUb83MeKqofbXTM
https://qkvera.am.files.1drv.com/y4mEqsfDyLbLg_BIMCl3qtV1BiAL20N5mndyfdPbct9frsx0nho4awxehBKjGtDKXaa
http://schemas.xmlsoap.org/wsdl/soap12/
http://geoplugin.net/json.gp/C
https://qkvera.am.files.1drv.com/o
http://schemas.xmlsoap.org/ws/2005/07/securitypolicyd
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702s.DLLo
http://schemas.xmlsoap.org/wsdl/
https://qkvera.am.files.1drv.com/y4mp0J_hrjkY_ULP4q8yEN2WL9vZeBGm_IqLzlvV6rg6waLdlAGdzG0h00ZcMNpTPla
https://qkvera.am.files.1drv.com/-
http://schemas.xmlsoap.org/wsdl/soap12/P
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdU
http://www.emerge.de
http://docs.oasis-open.org/ws-sx/ws-trust/200512
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
https://qkvera.am.files.1drv.com/y4mLYGL4YEm4ocBoTqKRIz5az3J9i9gOhnCysY8sBkYur2wf2ks5JFqfc2xANHxQguz
http://schemas.xmlsoap.org/wsdl/H
http://www.pregrad.netopenU
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
http://www.pregrad.net
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdL
http://schemas.xmlsoap.org/wsdl/soap12/x_1
http://schemas.xmlsoap.org/ws/2004/09/policy
http://schemas.xmlsoap.org/ws/2004/09/policy6
https://qkvera.am.files.1drv.com/
http://schemas.xmlsoap.org/wsdl/.muiwo
http://schemas.xmlsoap.org/ws/2005/02/trustNcv8F
http://schemas.xmlsoap.org/ws/2004/09/policyZ
http://schemas.xmlsoap.org/ws/2005/02/trust
https://onedrive.live.com/F&resid=26943FEBC022618F%21144&authkey=AJQN0QmJX8uNcv8
https://qkvera.am.files.1drv.com/y4mA6YBAUOEcMgSRDQJ56K_UvKohvu8k_Y2-nVr27j9tNTSGtPV-P8bARuBZbALFxy7bbi34O90p78phUVUfHBWUah4IdDg38Lz87qrTVSfsdA61Bp2Yts3yrbJkuzUjF_S62vrADg1nIYrGUxMRnchNSwk7AjKhCGN_HMuiZy0rs3wzZsoNJPho0Kq-8TWHtDPMqjLBPW6zko3UHaL4HOXLw/Accyazbvbxqszzrfjnimerlsovywpte?download&psid=1
https://onedrive.live.com/
http://www.emerge.deDVarFileInfo$
https://onedrive.live.com/download?cid=26943FEBC022618F&resid=26943FEBC022618F%21144&authkey=AJQN0Qm

Dropped files

Name File Type Hashes Detection
C:\Users\Public\Libraries\Accyaz.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\Public\Libraries\Accyaz.exe:Zone.Identifier
 ASCII text, with CRLF line terminators
 #
C:\Users\Public\Libraries\zayccA.url
 MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Accyaz.exe">), ASCII text, with CRLF line terminators
 #
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Accyazbvbxqszzrfjnimerlsovywpte[1]
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Accyazbvbxqszzrfjnimerlsovywpte[2]
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Accyazbvbxqszzrfjnimerlsovywpte[2]
 data
 #