qbot1.dll

Status: finished

Submission Time: 2023-06-02 22:58:44 +02:00

Malicious

Trojan

Evader

Qbot

Comments

Details

Analysis ID:
880899
API (Web) ID:
1247879
Analysis Started:

2023-06-02 22:58:45 +02:00
Analysis Finished:

2023-06-02 23:11:25 +02:00
MD5:
ed1e3d58c0007138766c943eec3147cc
SHA1:
6c38ca3132d913a7affa418d7c5e0574ec6e7d6c
SHA256:
b79f84e78fb345b15551c3443e91ef2a3213d216b77ba753db7bce96037d21c7
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
175.156.217.7	Singapore
50.68.186.195	Canada
186.75.95.6	Panama
Click to see the 96 hidden entries
93.187.148.45	United Kingdom
98.163.227.79	United States
79.77.142.22	United Kingdom
87.252.106.39	Italy
70.64.77.115	Canada
81.229.117.95	Sweden
173.17.45.60	United States
70.28.50.223	Canada
27.0.48.233	India
103.139.242.6	India
45.62.70.33	Canada
80.6.50.34	United Kingdom
103.42.86.42	India
2.49.63.160	United Arab Emirates
201.244.108.183	Colombia
90.104.151.37	France
203.109.44.236	India
184.63.133.131	United States
201.143.215.69	Mexico
91.160.70.68	France
85.61.165.153	Spain
103.212.19.254	India
174.58.146.57	United States
78.192.109.105	France
103.140.174.20	India
77.86.98.236	United Kingdom
113.11.92.30	Bangladesh
92.9.45.20	United Kingdom
74.12.147.139	Canada
103.123.223.133	India
77.126.99.230	Israel
75.98.154.19	United States
65.95.141.84	Canada
5.192.141.228	United Arab Emirates
223.166.13.95	China
95.45.50.93	Ireland
90.29.86.138	France
92.154.17.149	France
45.62.75.250	Canada
86.173.2.12	United Kingdom
176.142.207.63	France
200.44.198.47	Venezuela
199.27.66.213	United States
79.168.224.165	Portugal
47.199.241.39	United States
12.172.173.82	United States
83.249.198.100	Sweden
213.64.33.92	Sweden
87.221.153.182	Spain
70.49.205.198	Canada
184.181.75.148	United States
183.87.163.165	India
176.133.4.230	France
69.160.121.6	Jamaica
117.195.17.148	India
72.205.104.134	United States
73.88.173.113	United States
67.70.120.249	Canada
24.234.220.88	United States
114.143.176.236	India
70.50.1.252	Canada
161.142.103.187	Malaysia
121.121.108.120	Malaysia
174.4.89.3	Canada
125.99.69.178	India
200.84.211.255	Venezuela
184.182.66.109	United States
84.215.202.8	Norway
209.171.160.69	Canada
83.110.223.61	United Arab Emirates
70.160.67.203	United States
2.82.8.80	Portugal
116.75.63.183	India
47.205.25.170	United States
94.204.202.106	United Arab Emirates
180.151.19.13	India
66.241.183.99	United States
124.122.47.148	Thailand
88.126.94.4	France
75.109.111.89	United States
109.130.247.84	Belgium
147.147.30.126	United Kingdom
124.246.122.199	Singapore
38.2.18.164	United States
81.101.185.146	United Kingdom
125.99.76.102	India
188.28.19.84	United Kingdom
96.56.197.26	United States
64.121.161.102	United States
92.1.170.110	United Kingdom
70.50.83.216	Canada
103.141.50.43	India
100.4.163.158	United States
181.4.225.225	Argentina
85.101.239.116	Turkey
72.163.4.185	United States

Domains

Name	IP	Detection
c-0001.c-msedge.net	13.107.4.50
cisco.com	72.163.4.185
www.cisco.com	0.0.0.0

URLs

Name	Detection
https://duo.com/solutions/risk-based-authentication?utm_medium=web-referral&utm_source=cisco#eyJoYXN
https://www.cisco.com/c/en/us/about/careers.html
https://www.cisco.com/web/fw/i/logo-open-graph.gif
Click to see the 97 hidden entries
https://www.cisco.com/c/cs_cz/index.html
https://www.cisco.com/c/en/us/training-events/training-certifications.html
https://www.cisco.com/c/m/en_us/solutions/hybrid-work/workplace-solutions/penn1-lookbook.html?ccid=c
https://www.cisco.com/c/es_pe/index.html
https://cisco.com/
https://www.cisco.com/c/uk_ua/index.html
https://www.cisco.com/c/en/us/buy.html
https://www.cisco.com/c/pt_pt/index.html
https://www.cisco.com/c/en/us/about/legal/terms-conditions.html
https://www.cisco.com/c/es_co/index.html
https://www.cisco.com/c/en_za/index.html
https://www.cisco.com/c/nl_be/index.html
https://www.cisco.com/site/ca/fr/index.html
https://www.cisco.com/c/ro_ro/index.html
https://www.cisco.com/c/ko_kr/index.html
https://www.cisco.com/c/ar_eg/index.html
https://twitter.com/Cisco/
https://www.cisco.com/c/es_cr/index.html
https://www.cisco.com/c/no_no/index.html
https://www.cisco.com/c/es_ar/index.html
https://www.cisco.com/c/en_ph/index.html
https://ciscocx.qualtrics.com/jfe/form/SV_0Tcp9VU8pUm4lBY?Ref=/c/en/us/index.html
https://www.cisco.com/c/en/us/training-events/events.html
https://www.cisco.com/c/zh_tw/index.html
https://www.cisco.com/c/en_be/index.html
https://www.cisco.com/c/en_id/index.html
https://www.cisco.com/c/en_ae/index.html
https://www.cisco.com/c/dam/en_us/about/supply-chain/cisco-modern-slavery-statement.pdf
https://www.cisco.com/site/ca/en/index.html
https://www.cisco.com/c/fr_ch/index.html
https://www.cisco.com/
https://www.linkedin.com/company/cisco
https://www.cisco.com/c/zh_hk/index.html
https://www.cisco.com/c/es_bz/index.html
https://www.cisco.com/site/jp/ja/index.html
https://www.cisco.com/c/tr_tr/index.html
https://www.cisco.com/c/en/us/solutions/design-zone.html
https://www.cisco.com/site/uk/en/index.html
https://www.cisco.com/c/en/us/about/help.html
https://www.cisco.com/c/en/us/about/legal/privacy-full.html
https://cdn.appdynamics.com
http://cdn.appdynamics.com
http://upx.sf.net
https://www.cisco.com/c/vi_vn/index.html
https://blogs.cisco.com/networking/it-leaders-contend-with-secure-multicloud-access-the-2023-global-
https://community.cisco.com/
https://pdx-col.eum-appdynamics.com
https://www.cisco.com/c/en/us/partners/connect-with-a-partner.html
https://www.cisco.com/c/nl_nl/index.html
https://www.cisco.com/site/fr/fr/index.html
http://pdx-col.eum-appdynamics.com
https://www.cisco.com/c/de_ch/index.html
https://www.cisco.com/c/fr_dz/index.html
https://www.cisco.com
https://blogs.cisco.com/security/now-is-the-time-to-step-up-your-security?utm_medium=web-referral&ut
https://www.cisco.com/c/pl_pl/index.html
https://learninglocator.cloudapps.cisco.com/#/home
https://www.cisco.com/c/ru_ru/index.html
https://www.cisco.com/c/sv_se/index.html
https://www.cisco.com/c/en/us/about/sitemap.html
https://www.cisco.com/site/au/en/index.html
https://www.schema.org
https://www.cisco.com/c/en/us/about/contact-cisco.html
https://software.cisco.com/download/navigator.html
https://www.cisco.com/site/in/en/index.html
https://www.cisco.com/c/hu_hu/index.html
https://www.cisco.com/c/en_dz/index.html
https://www.cisco.com/c/en_sg/index.html
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m05/cisco-launches-program-for-customers-and-p
https://www.cisco.com/c/ar_ae/index.html
https://www.cisco.com/c/en/us/solutions/service-provider/routed-optical-networking/index.html?ccid=c
https://www.youtube.com/user/cisco
https://www.cisco.com/c/it_it/index.html
https://www.cisco.com/c/fr_be/index.html
https://www.cisco.com/c/es_mx/index.html
https://www.cisco.com/c/en/us/about/accessibility.html
https://www.instagram.com/cisco/
https://www.cisco.com/c/ru_ua/index.html
https://www.cisco.com/c/da_dk/index.html
https://www.cisco.com/c/es_pa/index.html
https://www.cisco.com/c/de_at/index.html
https://www.cisco.com/c/en_hk/index.html
https://newsroom.cisco.com/c/r/newsroom/en/us/index.html
https://www.cisco.com/site/cn/zh/index.html
https://www.cisco.com/c/en_il/index.html
https://www.cisco.com/c/en_eg/index.html
https://www.cisco.com/c/es_es/index.html
https://www.cisco.com/c/en_my/index.html
https://www.ciscolive.com/global.html?CID=cdchp&TEAM=global_events&MEDIUM=digital_direct&CAMPAIGN=bt
http://schema.org/ImageObject
https://search.cisco.com/search?query=
https://www.cisco.com/site/de/de/index.html
https://www.cisco.com/c/th_th/index.html
https://www.cisco.com/c/pt_br/index.html
https://www.cisco.com/c/en/us/about.html
https://www.cisco.com/c/en/us/about/legal/trademarks.html
https://www.cisco.com/c/es_ec/index.html

Dropped files

Name	File Type	Hashes
C:\ProgramData\Microsoft\Windows\WER\Temp\WER994F.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG1	MS Windows registry file, NT/2000 or above	#
C:\Windows\appcompat\Programs\Amcache.hve.tmp	MS Windows registry file, NT/2000 or above	#
Click to see the 21 hidden entries
C:\Windows\appcompat\Programs\Amcache.hve.LOG1	MS Windows registry file, NT/2000 or above	#
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\t5[1]	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\NKLS59D5.htm	HTML document, Unicode text, UTF-8 text, with very long lines (1206), with CRLF, LF line terminators	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 63843 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A2B.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A1B.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER996E.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_0be69799\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9670.tmp.dmp	Mini DuMP crash report, 14 streams, Sat Jun 3 05:59:53 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9641.tmp.dmp	Mini DuMP crash report, 14 streams, Sat Jun 3 05:59:54 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7445.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7415.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER73A7.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7378.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER721F.tmp.dmp	Mini DuMP crash report, 14 streams, Sat Jun 3 05:59:44 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER71E0.tmp.dmp	Mini DuMP crash report, 14 streams, Sat Jun 3 05:59:44 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f72750b22a9214184114f6be25e810eecaece948_82810a17_1d6aa12e\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_1c92a005\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_13ba9799\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#

qbot1.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

qbot1.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

qbot1.dll