Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

A.BAT.bat

Status: finished
Submission Time: 2024-04-30 21:22:09 +02:00
Malicious
Trojan
Exploiter
Evader
AsyncRAT, PureLog Stealer, zgRAT

Comments

Tags

  • bat

Details

  • Analysis ID:
    1434315
  • API (Web) ID:
    1434315
  • Analysis Started:
    2024-04-30 21:22:35 +02:00
  • Analysis Finished:
    2024-04-30 21:31:57 +02:00
  • MD5:
    8f693928f972edc589a62b6644823b5d
  • SHA1:
    e4433322485430bc3559d441e0052fe2aa1bfff8
  • SHA256:
    77bfe9eb66b6c9196e5a54967956cbb4b5ce6d2dbc30a7517a8478c738e281c6
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
malicious

IPs

IP Country Detection
173.201.176.185
 United States
197.37.198.12
 Egypt

Domains

Name IP Detection
totalhorsehealth.com
 173.201.176.185
helpher.linkpc.net
 197.37.198.12

URLs

Name Detection
http://pesterbdd.com/images/Pester.png
https://totalhorsehealth.com/wp-admin/images/images/im/im.png
https://totalhorsehealth.com
Click to see the 16 hidden entries
https://contoso.com/License
https://oneget.org
https://github.com/Pester/Pester
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://aka.ms/pscore68
http://totalhorsehealth.com
https://oneget.orgX
https://contoso.com/Icon
http://nuget.org/NuGet.exe
http://www.microsoft.co
https://nuget.org/nuget.exe
https://contoso.com/
https://go.micro
http://www.apache.org/licenses/LICENSE-2.0.html
https://totalhorsehealth.com/wp-admin/images/images/im/im.pngX
http://www.apache.org/licenses/LICENSE-2.0

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Express\Cotrl.bat
 ASCII text, with CRLF line terminators
 #
C:\ProgramData\Express\Cotrl.ps1
 ASCII text, with very long lines (64902), with CRLF line terminators
 #
C:\ProgramData\Express\Cotrl.vbs
 ASCII text, with CRLF line terminators
 #
Click to see the 12 hidden entries
C:\ProgramData\Express\xx.bat
 ASCII text, with CRLF line terminators
 #
C:\ProgramData\Express\xx.vbs
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aspnet_compiler.exe.log
 CSV text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
 data
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cw5tsdzy.ili.psm1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_duhle5me.1re.psm1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ey4wb3zo.lnc.ps1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i2ve0grf.lx2.psm1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_omy1txb1.b2b.psm1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_onmpuvqx.cuq.ps1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pn5uklbi.myz.ps1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u2bcb04t.ay4.ps1
 ASCII text, with no line terminators
 #