top title background image
flash

BV10013 (Rev A).exe

Status: finished
Submission Time: 2020-07-30 09:17:13 +02:00
Malicious
Phishing
Trojan
Spyware
Evader
AveMaria GuLoader

Comments

Tags

  • AveMariaRAT
  • scr

Details

  • Analysis ID:
    253854
  • API (Web) ID:
    403250
  • Analysis Started:
    2020-07-30 09:26:49 +02:00
  • Analysis Finished:
    2020-07-30 09:39:22 +02:00
  • MD5:
    5ba833ae0b992d08486739f4dc0065dd
  • SHA1:
    3ee633de3f2b4445383efd7b7bb0d3d943b11904
  • SHA256:
    0b9431b196547553849eebdb7a4a6cb57fc6d7d9af2c61c1abfffbf83e337984
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
68.65.123.182
United States
216.170.119.24
United States

Domains

Name IP Detection
asf-ris-prod-neurope.northeurope.cloudapp.azure.com
168.63.67.155
seedwellresources.xyz
68.65.123.182
g.msn.com
0.0.0.0

URLs

Name Detection
http://stascorp.comDVarFileInfo$
http://seedwellresources.xyz/oke_qrerqI1.bin
https://github.com/syohex/java-simple-mine-sweeperC:

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\subfolder1\fipic.scr
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\subfolder1\fipic.vbs
ASCII text, with CRLF line terminators
#
C:\Program Files\Microsoft DN1\rdpwrap.ini
ASCII text, with CRLF line terminators
#
Click to see the 1 hidden entries
C:\Program Files\Microsoft DN1\sqlmap.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#