top title background image
flash

RFQ#5647201929.exe

Status: finished
Submission Time: 2020-03-30 05:53:54 +02:00
Malicious
Ransomware
Trojan
Spyware
Evader
GuLoader Lokibot

Comments

Tags

Details

  • Analysis ID:
    218796
  • API (Web) ID:
    334473
  • Analysis Started:
    2020-03-30 05:53:54 +02:00
  • Analysis Finished:
    2020-03-30 06:00:21 +02:00
  • MD5:
    e7b875024185dd28341c9f7dfbbbe22a
  • SHA1:
    0cba6609f6c24db0b56ca56d2657c37956a5c567
  • SHA256:
    0327ddc89cfc9310f3a83cf6e14068733f8a8b2d0a5a4e723412865a0c7fc952
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 99
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 8/70
malicious

IPs

IP Country Detection
94.176.239.112
Lithuania
216.58.207.65
United States

Domains

Name IP Detection
googlehosted.l.googleusercontent.com
216.58.207.65
doc-0k-6o-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
http://94.176.239.112/panel02/fre.php
http://pki.goog/gsr2/GTS1O1.crt0
http://crl.pki.goog/gsr2/gsr2.crl0?
Click to see the 5 hidden entries
http://myurl/myfile.bin
http://ocsp.pki.goog/gsr202
https://pki.goog/repository/0
http://crl.pki.goog/GTS1O1.crl0
http://ocsp.pki.goog/gts1o10

Dropped files

Name File Type Hashes Detection
C:\Users\user\Trkvogn\TELETE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Trkvogn\TELETE.vbs
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\1CF93A\AA2F06.lck
very short file (no magic)
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-58933367-3072710494-194312298-1002\4216a73197943a17d1161a6bdc4512b0_59407d34-c8c5-44df-a766-ba8a11cb1cb0
data
#