We are hiring! Windows Kernel Developer (Remote), apply here!
flash

file.exe

Status: finished
Submission Time: 2022-10-03 17:32:12 +02:00
Malicious
Ransomware
Trojan
Spyware
Evader
CryptOne, Djvu, Raccoon Stealer v2, Smok

Comments

Tags

  • exe

Details

  • Analysis ID:
    715161
  • API (Web) ID:
    1082604
  • Analysis Started:
    2022-10-03 17:32:59 +02:00
  • Analysis Finished:
    2022-10-03 17:45:28 +02:00
  • MD5:
    417429fd2a6efc7f87c32696c8545146
  • SHA1:
    04624a0080341cc2409f76bd1f5d9def049f46a9
  • SHA256:
    d15624abf29ec8f68092007b8359b03182e3a82b0d8b8c3cd72f1d765e8ca1bb
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
6/88

malicious
12/40

IPs

IP Country Detection
104.21.93.30
United States
193.38.55.180
Russian Federation
162.0.217.254
Canada

Domains

Name IP Detection
furubujjul.net
104.21.93.30
api.2ip.ua
162.0.217.254

URLs

Name Detection
http://guluiiiimnstra.net/
http://nvulukuluir.net/
http://liubertiyyyul.net/
Click to see the 46 hidden entries
http://bururutu44org.org/
http://winnlinne.com/lancer/get.php
http://nuluitnulo.me/
http://furubujjul.net/
http://193.38.55.180/981c0ceb6cf45499fb5c43ee25c05c17
http://youyouumenia5.org/
http://starvestitibo.org/
http://193.38.55.180/
http://gulutina49org.org/
http://furubujjul.net/Mozilla/5.0
http://stalnnuytyt.org/
http://hulimudulinu.net/
https://api.2ip.ua/geo.json
https://duckduckgo.com/chrome_newtab
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://193.38.55.180/981c0ceb6cf45499fb5c43ee25c05c17it
http://193.38.55.180/V
http://193.38.55.180/981c0ceb6cf45499fb5c43ee25c05c17v
http://193.38.55.180/981c0ceb6cf45499fb5c43ee25c05c17j4
http://193.38.55.180/981c0ceb6cf45499fb5c43ee25c05c17l
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
https://api.2ip.ua/geo.jsonc
https://ac.ecosia.org/autocomplete?q=
https://search.yahoo.com?fr=crmas_sfp
https://mozilla.org0
https://api.2ip.ua/B
http://193.38.55.180/981c0ceb6cf45499fb5c43ee25c05c17(
https://gcc.gnu.org/bugs/):
https://duckduckgo.com/ac/?q=
http://193.38.55.180/981c0ceb6cf45499fb5c43ee25c05c17%
https://search.yahoo.com?fr=crmas_sfpf
http://193.38.55.180/981c0ceb6cf45499fb5c43ee25c05c17ftK
http://193.38.55.180/2
http://www.openssl.org/support/faq.html
http://193.38.55.180/aN7jD0qO6kT
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://193.38.55.180/981c0ceb6cf45499fb5c43ee25c05c174
http://www.sqlite.org/copyright.html.
https://api.2ip.ua/geo.json_
https://api.2ip.ua/
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://api.2ip.ua/geo.jsonZ
http://193.38.55.180/981c0ceb6cf45499fb5c43ee25c05c17d
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://api.2ip.ua/geo.jsonn

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\LocalLow\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\sfrvjvv:Zone.Identifier
ASCII text, with CRLF line terminators
#
Click to see the 19 hidden entries
C:\Users\user\AppData\LocalLow\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\sfrvjvv
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\sqlite3.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\FED8.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\959.exe
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\253.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\zpW7O7U8iJFQ
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
#
\Device\ConDrv
ASCII text, with no line terminators
#
C:\Users\user\AppData\Roaming\wjsucgc
data
#
C:\Users\user\AppData\Local\Temp\64FF.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\5A6F.tmp
SQLite 3.x database, last written using SQLite version 3038005, file counter 10, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 10
#
C:\Users\user\AppData\Local\Temp\144C.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
#
C:\Users\user\AppData\LocalLow\22wTvv5mR62E
SQLite 3.x database, last written using SQLite version 3038005, file counter 10, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 10
#
C:\Users\user\AppData\LocalLow\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\rE5287BD83io
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\LocalLow\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\Zsrw9A4N7Zio
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\LocalLow\GOpRcXXjoWmm
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
#