SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe

Status: finished

Submission Time: 2023-03-20 16:45:20 +01:00

Malicious

Trojan

Spyware

Evader

FormBook

Comments

Details

Analysis ID:
830750
API (Web) ID:
1197839
Analysis Started:

2023-03-20 16:58:12 +01:00
Analysis Finished:

2023-03-20 17:12:24 +01:00
MD5:
c7714b273571ba64c0b77afca236ac6d
SHA1:
c24d9460bee8a724abe8b0dcf3d74851dd5737ed
SHA256:
e62c1e809c48e66104c34ae3e977b82fbea2e984dee708bda431b608c2774c28
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 29/69

malicious

Score: 16/38

malicious

IPs

IP	Country	Detection
85.187.128.34	United States
91.195.240.94	Germany
45.33.30.197	United States
Click to see the 7 hidden entries
78.141.192.145	France
161.97.163.8	United States
81.17.18.198	Switzerland
192.185.17.12	United States
94.176.104.86	Romania
213.145.228.111	Austria
199.192.30.147	United States

Domains

Name	IP	Detection
www.bitservicesltd.com	161.97.163.8
www.younrock.com	81.17.18.198
www.energyservicestation.com	213.145.228.111
Click to see the 12 hidden entries
www.thewildphotographer.co.uk	45.33.30.197
www.shapshit.xyz	199.192.30.147
www.222ambking.org	91.195.240.94
thedivinerudraksha.com	85.187.128.34
un-object.com	192.185.17.12
white-hat.uk	94.176.104.86
gritslab.com	78.141.192.145
www.un-object.com	0.0.0.0
www.white-hat.uk	0.0.0.0
www.gritslab.com	0.0.0.0
www.thedivinerudraksha.com	0.0.0.0
www.fclaimrewardccpointq.shop	0.0.0.0

URLs

Name	Detection
http://www.avisrezervee.com/u2kb/www.avisrezervee.com
http://www.un-object.com/u2kb/?pJ=y0bMVGhK3R&s7=pRDkJdNDOVoQCU+9NHQShuJ8RlIM2fjCZpxzdvjpnmqfDHzh6n+FGyromdVZx0/+Z3ctR0ZwX+ep4hJ0NBR+2QmcJmTx4hb/kQ==
http://www.shapshit.xyz/u2kb/?s7=Yd5Rzn4EVOpL1Cl/e5Amzdaa+E7UlYBpl8BtE0ZhlgLGbR5cH1Fns9iDSFPM0EqDoX1il4mP+EMsdt2zebBtiTAOJDfFAse6Fg==&pJ=y0bMVGhK3R
Click to see the 79 hidden entries
http://www.gritslab.com/u2kb/?s7=ydCzFiH7iMWnz6xHMre3IWaEcfnK5+fYQUsmgPEoYCSsyD6HgT3yZXCBsea1O+OKnOGwPNRrrKn2ANadQmZjx8zjtO3/lmb0Gg==&pJ=y0bMVGhK3R
http://www.gritslab.com/u2kb/
http://www.white-hat.uk/u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr4kURdfD0IyZUuXLnrTzZCke5/3tklxZoaLCmex8cw==
http://www.bitservicesltd.com/u2kb/
http://www.thedivinerudraksha.com/u2kb/www.thedivinerudraksha.com
http://www.thewildphotographer.co.uk/u2kb/
http://www.younrock.com/u2kb/?s7=05tPwqSdqXO2xf32BHQi8E1nUfoFa2c80hhB3sQ3FFDNPs5AZDU6EjUymll22Wm6Scj5xbzg3GdXyuHgSKq8rTPQW1vWIa2Wug==&pJ=y0bMVGhK3R
http://www.shapshit.xyz/u2kb/
http://www.un-object.com/u2kb/
http://www.energyservicestation.com/u2kb/
http://www.thedivinerudraksha.com/u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7lq2SPR1Q6pROq8Gck3yLtOH/fXnE++yuD9U7pi0eI0K5lBX7KNLg==
http://www.bitservicesltd.com/u2kb/?pJ=y0bMVGhK3R&s7=rr+sOBvEXsBdGevUkZEAvniGWrNxzC1YNHmXivr92FQhRIIYsedRhL+YGaN2VCieGtjtLTUTzUqxDX3Wf7Wl2JIBHu0WW9vDmQ==
http://www.222ambking.org/u2kb/?s7=IEUpLmGg2fqLmrhwDd0CH8vm0i8ubOQDFcodV2ACJcW4bHSQscR3aN4MRDv2q1O0g2vnwuasF99orDvyVUesQZcBXW4MNpIrrg==&pJ=y0bMVGhK3R
http://www.younrock.com/u2kb/
http://www.thedivinerudraksha.com/u2kb/
http://www.energyservicestation.com/u2kb/?pJ=y0bMVGhK3R&s7=IK59b/MdFRha+CUVMWpzDpHQ2riuD6F66TLC1fPPNwLnZq29gpb12AWvlZbo17UEh0sBgFvevrMQsuZfYKuNRicmmGgsJT37Uw==
http://www.thewildphotographer.co.uk/u2kb/www.thewildphotographer.co.uk
http://www.gritslab.com/u2kb/www.gritslab.com
http://www.222ambking.org/u2kb/
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://nsis.sf.net/NSIS_ErrorError
http://www.un-object.com/u2kb/www.un-object.com
http://white-hat.uk/u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr
http://www.bitservicesltd.com/u2kb/www.bitservicesltd.com
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://www.employerseervices.com
http://www.avisrezervee.com/u2kb/
http://www.mygloballojistik.online/u2kb/www.mygloballojistik.online
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://www.un-object.com
https://alldomains.hosting/
http://www.fclaimrewardccpointq.shop
http://www.ecomofietsen.com/u2kb/www.ecomofietsen.com
https://www.sedo.com/services/parking.php3
https://ac.ecosia.org/autocomplete?q=
https://search.yahoo.com?fr=crmas_sfp
http://www.ecomofietsen.com/u2kb/
http://www.shapshit.xyz/u2kb/www.shapshit.xyz
http://www.222ambking.org
https://alldomains.hosting/hosting-webhosting.html
http://www.germanreps.com/u2kb/www.germanreps.com
http://www.younrock.com/u2kb/www.younrock.com
http://www.germanreps.com/u2kb/
http://thedivinerudraksha.com/u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7l
http://www.mygloballojistik.online/u2kb/
http://www.dzyngiri.com
http://www.employerseervices.com/u2kb/www.employerseervices.com
http://www.white-hat.uk
http://www.energyservicestation.com/u2kb/www.energyservicestation.com
http://www.white-hat.uk/u2kb/www.white-hat.uk
http://www.thedivinerudraksha.com
http://www.ecomofietsen.com
http://www.avisrezervee.com
http://www.germanreps.com
http://www.shapshit.xyz
http://www.mygloballojistik.online
https://search.yahoo.com?fr=crmas_sfpf
http://img.sedoparking.com
https://www.name.com/domain/renew/222ambking.org?utm_source=Sedo_parked_page&utm_medium=button&utm_c
https://duckduckgo.com/ac/?q=
http://www.222ambking.org/u2kb/www.222ambking.org
http://www.younrock.com/u2kb/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4c
https://alldomains.hosting/e-mail-server.html
http://www.employerseervices.com/u2kb/
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://www.energyservicestation.com
https://www.name.com/domain/rene
http://www.autoitscript.com/autoit3/J
http://www.fclaimrewardccpointq.shop/u2kb/
http://www.younrock.com
http://www.fclaimrewardccpointq.shop/u2kb/www.fclaimrewardccpointq.shop
http://www.thewildphotographer.co.uk
http://www.gritslab.com
https://alldomains.hosting/domain-registrieren.html
http://www.white-hat.uk/u2kb/
http://justinmezzell.com
http://www.bitservicesltd.com

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HI4NJ046K	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m	data	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\nsjF9DC.tmp	data	#
C:\Users\user\AppData\Local\Temp\rdypmbfg.qv	data	#

SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe