Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

skynet_0.2.exe

Status: finished
Submission Time: 2020-07-19 21:37:35 +02:00
Malicious
E-Banking Trojan
Trojan
Evader
ZeusVM

Comments

Tags

  • skynet

Details

  • Analysis ID:
    247418
  • API (Web) ID:
    390436
  • Analysis Started:
    2020-07-20 05:35:53 +02:00
  • Analysis Finished:
    2020-07-20 05:50:03 +02:00
  • MD5:
    0adb101c9c09d85a19facdf4a68677e9
  • SHA1:
    3ca97d68f8f7ecb5ef5b3df7a1cc45dc27d3ca6c
  • SHA256:
    3ee04e378f6430e85f5756093e80b243c2ebbcb9f2ee77cc32acd1cd9e333301
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 59/70
Open Full Report
malicious
Score: 26/39
malicious
Score: 27/31
malicious

IPs

IP Country Detection
131.186.113.70
 United States
208.83.223.34
 United States
212.112.245.170
 Germany
Click to see the 1 hidden entries
213.115.239.118
 Sweden

Domains

Name IP Detection
checkip.dyndns.com
 131.186.113.70
checkip.dyndns.org
 0.0.0.0

URLs

Name Detection
http://checkip.dyndns.org/
http://127.0.0.1:64691/btc/--uuuser--pUUB97ad2--w1128--Idd--kppoclbm---api-listenW64#
http://127.0.0.1:64691/btc/--uuuser--pUUB97ad2--w1128--Idd--kppoclbm---api-listenW64b
Click to see the 7 hidden entries
http://sourceware.org/pthreads-win32/DVarFileInfo$
http://127.0.0.1:64691/btc/--uuuser--pUUB97ad2--w1128--Idd--kppoclbm---api-listenW64
http://127.0.0.1:64691/btc/
http://curl.haxx.se/rfc/cookie_spec.html
http://127.0.0.1:64691/btc/-uuser-pUB97ad2-w128-Id-kpoclbm--api-listen
http://127.0.0.1:64691/btc/--uuuser--pUUB97ad2--w1128--Idd--kppoclbm---api-listenW64iQ
http://127.0.0.1:64691/btc/--uuuser--pUUB97ad2--w1128--Idd--kppoclbm---api-listenW64~

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\cgminer.exe
 PE32 executable (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\M5ICV4W1.htm
 HTML document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\libcurl-4.dll
 PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
 #
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Temp\libpdcurses.dll
 PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
 #
C:\Users\user\AppData\Local\Temp\poclbm120222.cl
 C source, ASCII text
 #
C:\Users\user\AppData\Local\Temp\pthreadGC2.dll
 PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
 #
C:\Users\user\AppData\Roaming\tor\hidden_service\hostname.tmp
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\tor\hidden_service\private_key.tmp
 PEM RSA private key
 #
C:\Users\user\AppData\Roaming\tor\state.tmp
 ASCII text, with CRLF line terminators
 #
\Device\ConDrv
 ASCII text, with CRLF line terminators
 #