Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

bedrapes.exe

Status: finished
Submission Time: 2020-07-14 22:38:46 +02:00
Malicious
Trojan
Evader
NetWire GuLoader

Comments

Tags

Details

  • Analysis ID:
    245494
  • API (Web) ID:
    386660
  • Analysis Started:
    2020-07-14 22:38:46 +02:00
  • Analysis Finished:
    2020-07-14 22:44:49 +02:00
  • MD5:
    0edc42611fb4661272cf5eab4b754bf6
  • SHA1:
    69d03aca2fe3bda7cc653578ddb19e863c7e59f6
  • SHA256:
    b9a87098dddc8de98d1ec0e5ffb4b57bb195df8af61e8a909860722815cf2d7a
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 13/73
malicious

IPs

IP Country Detection
154.118.68.3
 Nigeria
54.179.179.37
 United States
79.134.225.103
 Switzerland

Domains

Name IP Detection
wealthybillionaire.ddns.net
 154.118.68.3

URLs

Name Detection
http://54.179.179.37/WEALTH_ucPrzgGP165.bin
http://54.179.179.37/WEALTH_ucPrzgGP165.bin79.37
http://54.179.179.37/WEALTH_ucPrzgGP165.binA
Click to see the 1 hidden entries
https://wdcp.microsoft.

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\dhanush\kantaterne.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\dhanush\kantaterne.vbs
 ASCII text, with CRLF line terminators
 #