Register Login

sloganpng

top title background image

Bank Details Changed..exe

Status: finished

Submission Time: 2020-06-15 16:53:37 +02:00

Malicious

Trojan

Spyware

Evader

Remcos

Comments

Tags

Details

Analysis ID:
238565
API (Web) ID:
373071
Analysis Started:

2020-06-15 16:53:37 +02:00
Analysis Finished:

2020-06-15 17:06:02 +02:00
MD5:
6b2475dca41dcefb5c1e09e5976ddad0
SHA1:
23270c9d5ba2905df6c72a4d476a71d2d2868ef3
SHA256:
94e4f0b4cbafbf6739f873f126465745f59df8251bf79adf3cbd03a04c65e9c4
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 17/72

IPs

IP	Country	Detection
185.244.30.82	Netherlands
192.169.69.25	United States
216.58.207.65	United States

Domains

Name	IP	Detection
oluchi.ddns.net	185.244.30.82
easter87.duckdns.org	192.169.69.25
dns.dunamix.me	185.244.30.82
Click to see the 2 hidden entries
googlehosted.l.googleusercontent.com	216.58.207.65
doc-0k-5o-docs.googleusercontent.com	0.0.0.0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Gijz\Gijzset.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\remcos\logs.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Gijz\Gijz.hta	HTML document, ASCII text, with CRLF line terminators	#