top title background image
flash

f5hb2BasFl.exe

Status: finished
Submission Time: 2020-07-31 10:36:15 +02:00
Malicious
Trojan
Spyware
Evader
MassLogger RAT

Comments

Tags

  • exe
  • MassLogger

Details

  • Analysis ID:
    255243
  • API (Web) ID:
    405788
  • Analysis Started:
    2020-07-31 20:25:51 +02:00
  • Analysis Finished:
    2020-07-31 20:42:43 +02:00
  • MD5:
    c56b8249e2d2be73d21bd63af677772e
  • SHA1:
    af5308028d7432d264a27218c79e9870d17c724e
  • SHA256:
    2323b4b4394b43e7b111f83e2f487238bdfa3ce99215309a7f86cac39be51235
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
184.73.222.237
United States
23.21.203.116
United States
54.235.182.194
United States
Click to see the 1 hidden entries
198.54.122.60
United States

Domains

Name IP Detection
elb097307-934924932.us-east-1.elb.amazonaws.com
23.21.203.116
mail.privateemail.com
198.54.122.60
g.msn.com
0.0.0.0
Click to see the 1 hidden entries
api.ipify.org
0.0.0.0

URLs

Name Detection
https://www.youtube.com/watch?v=Qxk6cu21JSg
http://api.ipify.org
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Click to see the 14 hidden entries
http://mail.privateemail.com
http://crt.sectigo.com/Secti
http://api.ipify.orgH
http://api.ipify8
http://elb097307-934924932.us-east-1.elb.amazonaws.com
http://api.ipify.org4
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
http://api.ipify.org/p
http://api.ipify.org/
http://ocsp.sectigo.com0
https://sectigo.com/CPS0
http://api.ipify.orgD
http://www.codeplex.com/DotNetZip.
http://api.ipify.org/P8

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\EF6DEE558C\Log.txt
ASCII text, with CRLF, LF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\web.vbs
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\appdata\hfsjrifske.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 11 hidden entries
C:\Users\user\AppData\Roaming\appdata\hfsjrifske.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_hfsjrifske.exe_24fa8d93116921525e11f2eaeef683e94e880a9_90f4a7d5_0c52a857\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7021.tmp.dmp
Mini DuMP crash report, 15 streams, Sat Aug 1 03:27:42 2020, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER888C.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C36.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hfsjrifske.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\EF6DEE558C\DotNetZip-3rvexftl.tmp
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\EF6DEE558C\DotNetZip-wxyhh00t.tmp
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\EF6DEE558C\DotNetZip-y3khqfwg.tmp
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\EF6DEE558C\Screenshot.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
#
C:\Users\user\AppData\Roaming\appdata\hfsjrifske.exe:ZoneIdentifier
empty
#