Click to jump to signature section
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | ReversingLabs: Detection: 13% |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Virustotal: Detection: 29% | Perma Link |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: Joe Sandbox View | IP Address: 34.117.186.192 34.117.186.192 |
Source: Joe Sandbox View | IP Address: 34.117.186.192 34.117.186.192 |
Source: unknown | DNS query: name: ipinfo.io |
Source: unknown | DNS query: name: ipinfo.io |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioUser-Agent: Go-http-client/1.1Accept-Encoding: gzip |
Source: unknown | DNS traffic detected: queries for: ipinfo.io |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1734668192.00007FF61A2F1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://invalidkey4.dblookup |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1728106690.000000C00009C000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://ipinfo.ioHTTP/1.1HTTP/1.1I |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1728106690.000000C00009C000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://ipinfo.ioHTTP/1.1HTTP/1.1Ihttp/1.1http/1.1yipinfo.io:80HTTP_PROXYhttp_proYhttp_proxyhttp_prox |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000362000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000356000.00000004.00001000.00020000.00000000.sdmp, nPKJDroJ.dat.0.dr, e0qE9KyD.dat.0.dr | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000362000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000356000.00000004.00001000.00020000.00000000.sdmp, nPKJDroJ.dat.0.dr, e0qE9KyD.dat.0.dr | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000362000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000356000.00000004.00001000.00020000.00000000.sdmp, nPKJDroJ.dat.0.dr, e0qE9KyD.dat.0.dr | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000362000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000356000.00000004.00001000.00020000.00000000.sdmp, nPKJDroJ.dat.0.dr, e0qE9KyD.dat.0.dr | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000362000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000356000.00000004.00001000.00020000.00000000.sdmp, nPKJDroJ.dat.0.dr, e0qE9KyD.dat.0.dr | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000362000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000356000.00000004.00001000.00020000.00000000.sdmp, nPKJDroJ.dat.0.dr, e0qE9KyD.dat.0.dr | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000362000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000356000.00000004.00001000.00020000.00000000.sdmp, nPKJDroJ.dat.0.dr, e0qE9KyD.dat.0.dr | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1728106690.000000C00016E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1728106690.000000C000092000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000280000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/missingauth |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1728106690.000000C000092000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/missingauthreflect.Value.SetMapIndex |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1728106690.000000C000092000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://t.me/PSoftware |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1728106690.000000C000086000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1728106690.000000C000092000.00000004.00001000.00020000.00000000.sdmp, system.txt.0.dr | String found in binary or memory: https://t.me/Planet_Stealer |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000362000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000356000.00000004.00001000.00020000.00000000.sdmp, nPKJDroJ.dat.0.dr, e0qE9KyD.dat.0.dr | String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000362000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe, 00000000.00000002.1732392613.000000C000356000.00000004.00001000.00020000.00000000.sdmp, nPKJDroJ.dat.0.dr, e0qE9KyD.dat.0.dr | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: samlib.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: framedynos.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: msxml6.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: vbscript.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: framedynos.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: msxml6.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe | Section loaded: srvcli.dll | |