flash

StZAEFSb2j.exe

Status: finished
Submission Time: 2022-11-03 12:26:19 +01:00
Malicious
Trojan
Spyware
Evader
RedLine

Comments

Tags

  • exe
  • RedLineStealer

Details

  • Analysis ID:
    736967
  • API (Web) ID:
    1104299
  • Analysis Started:
    2022-11-03 12:43:40 +01:00
  • Analysis Finished:
    2022-11-03 12:53:09 +01:00
  • MD5:
    c71616e2b7cedf9fc8e2ca6f6929abdf
  • SHA1:
    896a4c41792c73db51074ccff5ef3f0577f510c5
  • SHA256:
    4a9f8a3b847fa9d2e854d3a7235ddee8e4c093d04c3901f006d430be1060fae5
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
14/54

malicious
14/41

malicious

IPs

IP Country Detection
50.115.174.192
United States
194.55.186.201
Germany

Domains

Name IP Detection
tgc8x.tk
50.115.174.192
api.ip.sb
0.0.0.0

URLs

Name Detection
http://194.55.186.201:6008/
https://tgc8x.tk/tt/lamb.txt
194.55.186.201:6008
Click to see the 43 hidden entries
https://tgc8x.tk/tt/BLACKDEV.txt
https://api.ipify.orgcookies//settinString.Removeg
http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
http://tempuri.org/Endpoint/SetEnvironmentResponse
http://tgc8x.tk
https://tgc8x.tkD8
http://194.55.186.201:6008
http://tempuri.org/Endpoint/GetUpdates
https://ac.ecosia.org/autocomplete?q=
https://search.yahoo.com?fr=crmas_sfp
http://schemas.xmlsoap.org/ws/2004/08/addressing
http://194.55.186.201:
http://tempuri.org/Endpoint/SetEnvironment
http://tempuri.org/Endpoint/GetUpdatesResponse
http://tempuri.org/Endpoint/EnvironmentSettingsResponse
http://tempuri.org/Endpoint/VerifyUpdate
http://tempuri.org/0
https://tgc8x.tk
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://schemas.xmlsoap.org/soap/actor/next
https://search.yahoo.com?fr=crmas_sfpf
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/ac/?q=
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
http://tempuri.org/Endpoint/CheckConnectResponse
http://schemas.datacontract.org/2004/07/
http://tempuri.org/Endpoint/EnvironmentSettings
http://tempuri.org/t_
https://api.ip.sb/geoip%USERPEnvironmentROFILE%
http://schemas.xmlsoap.org/soap/envelope/
https://ipinfo.io/ip%appdata%
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://schemas.xmlsoap.org/soap/envelope/D
http://tempuri.org/
http://tempuri.org/Endpoint/CheckConnect
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://ns.adobe.c/g
https://tgc8x.tk4
http://tempuri.org/Endpoint/VerifyUpdateResponse
http://tempuri.org/Endpoint/SetEnviron
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\StZAEFSb2j.exe.log
CSV text
#
C:\Users\user\AppData\Local\Temp\tmpC92.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpF80C.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
Click to see the 23 hidden entries
C:\Users\user\AppData\Local\Temp\tmpEBC.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpE8C.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpE406.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
#
C:\Users\user\AppData\Local\Temp\tmpE3D6.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
#
C:\Users\user\AppData\Local\Temp\tmpE3B6.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
#
C:\Users\user\AppData\Local\Temp\tmpE2D.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpDBF.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpD60.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpD30.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpCF62.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
#
C:\Users\user\AppData\Local\Temp\tmpCC2.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpC33.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpBF4.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpB95.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\tmpA4F5.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
#
C:\Users\user\AppData\Local\Temp\tmpA487.tmp
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
#
C:\Users\user\AppData\Local\Temp\tmp1951.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp1921.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp1920.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp18B2.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp18B1.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp1881.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aspnet_compiler.exe.log
ASCII text, with CRLF line terminators
#