Register Login

sloganpng

top title background image

Covid19-UPDATE_PDF.exe

Status: finished

Submission Time: 2020-03-20 16:14:16 +01:00

Malicious

Spyware

Evader

Lokibot

Comments

Tags

Details

Analysis ID:
216865
API (Web) ID:
330730
Analysis Started:

2020-03-20 16:14:17 +01:00
Analysis Finished:

2020-03-20 16:27:57 +01:00
MD5:
ffb36c8c28030744b454a85a2c900c8e
SHA1:
c0f8a7dd769043b2ae56982f100ab425d756976a
SHA256:
b4d98575660e7cbba4683b3aed502fd84c902272134b2c27d60bebf0f6e827bf
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 35/73

malicious

Score: 26/43

IPs

IP	Country	Detection
104.31.90.21	United States
104.31.91.21	United States

Domains

Name	IP	Detection
brokenservices.xyz	104.31.90.21

URLs

Name	Detection
http://brokenservices.xyz/Broken/fre.php
http://www.ibsensoftware.com/

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\1CF93A\AA2F06.lck	very short file (no magic)	#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-58933367-3072710494-194312298-1003\96bdc98f969deb1d88501139d4850d83_59407d34-c8c5-44df-a766-ba8a11cb1cb0	data	#