Register Login

sloganpng

top title background image

Royalistic.exe

Status: finished

Submission Time: 2023-03-17 10:37:07 +01:00

Malicious

Trojan

Evader

Spyware

GuLoader, AgentTesla

Comments

Tags

Details

Analysis ID:
828570
API (Web) ID:
1195673
Analysis Started:

2023-03-17 10:37:08 +01:00
Analysis Finished:

2023-03-17 11:04:47 +01:00
MD5:
d14335f61c99a9b8a2d5e87cdf83cdd0
SHA1:
f82f3481619be8f9f11d76638db3107b1d332912
SHA256:
08cabec4d0127fb3e6530b04448cb3539c2b8f28988e60499c2dbbfe475206df
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301

Third Party Analysis Engines

Open Full Report

malicious

Score: 35/69

malicious

Score: 10/39

IPs

IP	Country	Detection
142.250.184.225	United States
142.250.184.238	United States
64.185.227.155	United States

Domains

Name	IP	Detection
api4.ipify.org	64.185.227.155
drive.google.com	142.250.184.238
googlehosted.l.googleusercontent.com	142.250.184.225
Click to see the 2 hidden entries
doc-08-50-docs.googleusercontent.com	0.0.0.0
api.ipify.org	0.0.0.0

URLs

Name	Detection
https://api.ipify.org/
https://api.ipify.org
http://nsis.sf.net/NSIS_Error
Click to see the 6 hidden entries
http://nsis.sf.net/NSIS_ErrorError
https://doc-08-50-docs.googleusercontent.com/
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://drive.google.com/
https://doc-08-50-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/n5qeluef
https://doc-08-50-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/n5qeluefaghr8f6hcddgpiu2u5tcuo8v/1679046600000/04783729953593762461/*/1UVMbNINla56ELELB-JwuaeCfH_gJxWsR?e=download&uuid=a3c458a3-e946-4640-bad5-e344d2665c90

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\nslE084.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Afdelingskontorer.Ate	data	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Affaldsproblem\x-office-spreadsheet.png	PNG image data, 16 x 16, 8-bit colormap, non-interlaced	#
Click to see the 13 hidden entries
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Forhastelse\Kommandjsr\api-ms-win-core-processthreads-l1-1-1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Forhastelse\Kommandjsr\api-ms-win-crt-stdio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Forhastelse\Kommandjsr\drive-multidisk.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Konini\Firsaarsfdselsdage\Whorehouse\Faithworthy\System.Xml.XmlDocument.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Konini\Firsaarsfdselsdage\Whorehouse\Faithworthy\accessories-dictionary.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Laboratories53\x-office-address-book-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Mitheithel\Homoplasy\Wice\AMD.Power.Processor.ppkg	HTML document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\folder-new-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\folder-templates-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\printer-printing-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\screen-shared-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Stinkbranden\Middagsselskaber\AsMultiLang.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Stinkbranden\Middagsselskaber\PSReadline.psd1	HTML document, ASCII text, with CRLF line terminators	#