Quote.jar

Status: finished

Submission Time: 2020-07-31 13:45:53 +02:00

Malicious

Trojan

Exploiter

Evader

AdWind JRat

Comments

Details

Analysis ID:
255339
API (Web) ID:
405985
Analysis Started:

2020-07-31 22:09:41 +02:00
Analysis Finished:

2020-07-31 22:19:57 +02:00
MD5:
2f774f15add4f97cb391452846d017ab
SHA1:
b530f9db4bbab82dfcd4896498cc751e639d305b
SHA256:
3d1bd80e9ec2560a482520bad73232921285cf0b47af37b873f56be90498fc7e
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
185.140.53.142	Sweden

Domains

Name	IP	Detection
silviaburtontrade.duckdns.org	185.140.53.142

URLs

Name	Detection
http://apache.org/xml/properties/internal/document-scanner
http://apache.org/xml/features/generate-synthetic-annotations
http://apache.org/xml/features/
Click to see the 97 hidden entries
http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyr/
http://null.oracle.com/
http://java.oracle.com/
http://apache.org/xml/properties/internal/document-scannerult;)V7
http://xml.org/sax/features/validation#
http://apache.org/xml/properties/internal/entity-resolver
http://bugreport.sun.com/bugreport/
http://apache.org/xml/properties/internal/dtd-processorx5
http://xml.org/sax/features/use-entity-resolver2
http://apache.org/xml/features/generate-synthetic-annotationsset9
http://www.symauth.com/cps0(
http://apache.org/xml/features/standard-uri-conformant
http://apache.org/xml/features/continue-after-fatal-error
http://creativecommons.org/licenses/WOAFID3PrivateFramehttp://musicbrainz.org%d/%d%drxRemixcr
http://java.sun.com/xml/stream/properties/ignore-external-dtd
http://apache.org/xml/features/validation/schema/normalized-valueC
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your
http://apache.org/xml/features/internal/parser-settingsf7
http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
http://policy.camerfirma.com0
http://java.sun.com/xml/stream/properties/report-cdata-event
http://javax.xml.XMLConstants/property/accessExternalDTDk
http://apache.org/xml/properties/dom/current-element-nodeh
http://apache.org/xml/properties/schema/external-schemaLocation
http://apache.org/xml/properties/internal/dtd-scanner
http://apache.org/xml/features/validation/schema
http://apache.org/xml/features/scanner/notify-builtin-refssion
http://java.sun.com/xml/stream/properties/
http://apache.org/xml/features/namespace-growthK
http://java.sun.com/xml/dom/properties/ancestor-check
http://apache.org/xml/properties/security-manager
http://www.quovadis.bm0
http://apache.org/xml/properties/internal/xinclude-handler
http://java.sun.com/xml/dom/properties/I(
http://xml.org/sax/features/validation
http://java.sun.com/xml/stream/properties/va/lanA
http://crl.xrampsecurity.com/XGCA.crl0
http://www.symauth.com/rpa00
http://javax.xml.XMLConstants/property/accessExternalDTD;
http://apache.org/xml/features/validation/schema/normalized-valuedom/DocB
http://apache.org/xml/properties/internal/namespace-binder
http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
http://apache.org/xml/features/include-comments0
http://apache.org/xml/features/validation/balance-syntax-trees
http://xml.org/sax/features/external-parameter-entities3
http://xml.org/sax/features/allow-dtd-events-after-endDTD
http://java.sun.com/dtd/properties.dtd
http://apache.org/xml/features/validate-annotations
http://apache.org/xml/features/internal/parser-settings
http://apache.org/xml/properties/internal/symbol-tableQ
http://apache.org/xml/properties/dom/document-class-name$
http://apache.org/xml/features/namespace-growth
http://apache.org/xml/properties/internal/dtd-processor
http://apache.org/xml/properties/internal/entity-manager
http://xml.org/sax/features/use-entity-resolver2C
http://xml.org/sax/features/namespace-prefixes
http://apache.org/xml/features/internal/tolerate-duplicates0
http://repository.swisssign.com/0
http://apache.org/xml/features/standard-uri-conformant2
http://www.chambersign.org1
http://apache.org/xml/features/dom/include-ignorable-whitespace
https://store.qua.one
http://java.sun.com/xml/stream/properties/reader-in-defined-stateString;
http://apache.org/xml/properties/internal/validator/schema
http://apache.org/xml/properties/internal/datatype-validator-factory
http://apache.org/xml/properties/input-buffer-size
http://apache.org/xml/features/validation/warn-on-undeclared-elemdef/Err:
http://crl.chambersign.org/chambersroot.crl0
http://apache.org/xml/properties/internal/validator/dtd
http://java.sun.com/xml/schema/features/
http://apache.org/xml/features/validation/schema/augment-psvi
http://apache.org/xml/features/validation/dynamic
http://apache.org/xml/features/validation/dynamicalyzer;
http://apache.org/xml/features/scanner/notify-char-refs
http://apache.org/xml/features/include-comments
http://apache.org/xml/xmlschema/1.0/anonymousTypesS
http://xml.org/sax/features/allow-dtd-events-after-endDTDy;
http://javax.xml.XMLConstants/property/accessExternalSchema
http://apache.org/xml/features/warn-on-duplicate-entitydef.(Ljav
http://apache.org/xml/features/honour-all-schemaLocationsments
http://apache.org/xml/features/warn-on-duplicate-entitydef
http://apache.org/xml/features/dom/create-entity-ref-nodesk
http://apache.org/xml/properties/internal/namespace-context
http://apache.org/xml/properties/internal/error-reporter
http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
http://apache.org/xml/features/dom/create-entity-ref-nodes
http://apache.org/xml/properties/internal/grammar-pool6
http://apache.org/xml/features/xinclude/fixup-base-uris
http://www.certplus.com/CRL/class2.crl0
http://javax.xml.XMLConstants/feature/secure-processing
http://apache.org/xml/properties/internal/stax-entity-resolver
http://apache.org/xml/features/validation/balance-syntax-treesfe1
http://java.sun.com/xml/dom/properties/
http://www.certplus.com/CRL/class3P.crl0
http://apache.org/x
http://apache.org/xml/properties/internal/datatype-validator-factoryarse:
http://apache.org/xml/features/create-cdata-nodes

Dropped files

Name	File Type	Hashes
C:\Users\user\Oracle\bin\javaw.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\FVKwo\WbZqr.class	Java archive data (JAR)	#
C:\Users\user\Oracle\bin\client\Xusage.txt	ASCII text	#
Click to see the 97 hidden entries
C:\Users\user\Oracle\bin\fxplugins.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\fontmanager.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\eula.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\dtplugin\npdeployJava1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\dtplugin\deployJava1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\dt_socket.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\dt_shmem.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\deploy.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\decora_sse.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\dcpr.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\concrt140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\client\jvm.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\client\classes.jsa	data	#
C:\Users\user\Oracle\bin\glib-lite.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\bci.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\awt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-utility-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-time-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-stdio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-runtime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-process-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-private-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-multibyte-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\java_crw_demo.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\jfxwebkit.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\jfxmedia.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\jfr.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\jdwp.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\jawt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\javaws.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\javafx_iio.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\javafx_font_t2k.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\javafx_font.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\javacpl.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\javacpl.cpl	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\glass.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\java.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\java.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\java-rmi.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\jabswitch.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\jaas_nt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\j2pkcs11.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\j2pcsc.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\instrument.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\hprof.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\gstreamer-lite.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-math-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt	UTF-8 Unicode (with BOM) text	#
C:\Users\user\Oracle\bin\api-ms-win-core-file-l2-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-file-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-file-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-errorhandling-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-debug-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-datetime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-console-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\WindowsAccessBridge-32.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\JavaAccessBridge-32.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\JAWTAccessBridge-32.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\Welcome.html	HTML document, ASCII text	#
C:\Users\user\Oracle\THIRDPARTYLICENSEREADME.txt	UTF-8 Unicode text	#
C:\Users\user\Oracle\bin\api-ms-win-core-handle-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\README.txt	ASCII text	#
C:\Users\user\Oracle\LICENSE	ASCII text	#
C:\Users\user\Oracle\COPYRIGHT	ISO-8859 text	#
C:\Users\user\FVKwo\Desktop.ini	Windows desktop.ini, ASCII text, with CRLF line terminators	#
C:\Users\user\Documents\20200731\PowerShell_transcript.648351.ReMqFpRj.20200731221117.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\83aa4cc77f591dfc2374580bbd95f6ba_d06ed635-68f6-4e9a-955c-4899f5f57b9a	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ly0arg1h.q5g.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cstlvwp5.jfg.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\NGtfcvsQzc1001732050639420581.xml	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\.ntusernt.ini	ASCII text, with no line terminators	#
C:\Users\user\Oracle\bin\api-ms-win-core-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-locale-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-filesystem-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-environment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-convert-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-crt-conio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-util-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-timezone-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-sysinfo-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-synch-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-synch-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp	ASCII text, with CRLF line terminators	#
C:\Users\user\Oracle\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-profile-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-processthreads-l1-1-1.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-processthreads-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-processenvironment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-namedpipe-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-memory-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-localization-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-libraryloader-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-interlocked-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\Oracle\bin\api-ms-win-core-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#

Quote.jar

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Quote.jar Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

Quote.jar