Source: C:\Users\user\AppData\Roaming\astro-grep.exe |
Avira: detection malicious, Label: TR/Dropper.Gen |
Source: C:\Users\user\AppData\Roaming\astro-grep.exe |
ReversingLabs: Detection: 80% |
Source: ASTRO-GREP.exe |
Virustotal: Detection: 65% |
Perma Link |
Source: ASTRO-GREP.exe |
ReversingLabs: Detection: 80% |
Source: C:\Users\user\AppData\Roaming\astro-grep.exe |
Joe Sandbox ML: detected |
Source: 11.2.astro-grep.exe.380000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 12.0.astro-grep.exe.790000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 12.2.astro-grep.exe.790000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 1.0.ASTRO-GREP.exe.e50000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 1.2.ASTRO-GREP.exe.e50000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 11.0.astro-grep.exe.380000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: ASTRO-GREP.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: unknown |
HTTPS traffic detected: 104.23.99.190:443 -> 192.168.2.4:49764 version: TLS 1.0 |
Source: ASTRO-GREP.exe |
Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: unknown |
DNS query: name: pastebin.com |
Source: Joe Sandbox View |
IP Address: 104.23.99.190 104.23.99.190 |
Source: Joe Sandbox View |
IP Address: 104.23.99.190 104.23.99.190 |
Source: Joe Sandbox View |
JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad |
Source: unknown |
HTTPS traffic detected: 104.23.99.190:443 -> 192.168.2.4:49764 version: TLS 1.0 |
Source: unknown |
DNS traffic detected: queries for: pastebin.com |
Source: astro-grep.exe, 0000000B.00000002.908562991.00000000026FF000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/CloudflareIncRSACA-2.crt0 |
Source: astro-grep.exe, 0000000B.00000002.908562991.00000000026FF000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/CloudflareIncRSACA-2.crl07 |
Source: astro-grep.exe, 0000000B.00000002.908562991.00000000026FF000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m |
Source: astro-grep.exe, 0000000B.00000002.908562991.00000000026FF000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/CloudflareIncRSACA-2.crl0 |
Source: astro-grep.exe, 0000000B.00000002.908562991.00000000026FF000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: astro-grep.exe, 0000000B.00000002.908562991.00000000026FF000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0: |
Source: astro-grep.exe, 0000000B.00000002.908562991.00000000026FF000.00000004.00000001.sdmp |
String found in binary or memory: http://pastebin.com |
Source: astro-grep.exe |
String found in binary or memory: http://schemas.microsof |
Source: ASTRO-GREP.exe, 00000001.00000002.703282881.000000000328F000.00000004.00000001.sdmp, astro-grep.exe, 0000000B.00000002.908534883.00000000026ED000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: astro-grep.exe, 0000000B.00000002.908562991.00000000026FF000.00000004.00000001.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0v |
Source: astro-grep.exe, 0000000B.00000002.908534883.00000000026ED000.00000004.00000001.sdmp |
String found in binary or memory: https://pastebin.com |
Source: astro-grep.exe, 0000000C.00000002.761945326.0000000002A11000.00000004.00000001.sdmp |
String found in binary or memory: https://pastebin.com/raw |
Source: astro-grep.exe, 0000000C.00000002.761945326.0000000002A11000.00000004.00000001.sdmp |
String found in binary or memory: https://pastebin.com/raw/VTByvKGM |
Source: astro-grep.exe, 0000000B.00000002.908548844.00000000026F6000.00000004.00000001.sdmp |
String found in binary or memory: https://pastebin.com4:kt |
Source: astro-grep.exe, 0000000B.00000002.908597069.000000000271F000.00000004.00000001.sdmp |
String found in binary or memory: https://pastebin.comD8:k |
Source: astro-grep.exe, 0000000B.00000002.908597069.000000000271F000.00000004.00000001.sdmp |
String found in binary or memory: https://pastebin.comD8:kL |
Source: astro-grep.exe, 0000000B.00000002.908586603.000000000271B000.00000004.00000001.sdmp, astro-grep.exe, 0000000B.00000002.908597069.000000000271F000.00000004.00000001.sdmp |
String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct |
Source: astro-grep.exe, 0000000B.00000002.908562991.00000000026FF000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49764 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49764 -> 443 |
Source: Yara match |
File source: ASTRO-GREP.exe, type: SAMPLE |
Source: Yara match |
File source: 1.2.ASTRO-GREP.exe.329c300.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.ASTRO-GREP.exe.e50000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.2.astro-grep.exe.790000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 11.0.astro-grep.exe.380000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.0.astro-grep.exe.790000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.ASTRO-GREP.exe.e50000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.ASTRO-GREP.exe.329c300.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 11.2.astro-grep.exe.380000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0000000C.00000000.712642418.0000000000792000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.702213908.0000000000E52000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000002.907735012.0000000000382000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.703312210.000000000329C000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.640492795.0000000000E52000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000002.761563202.0000000000792000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000000.706815836.0000000000382000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: astro-grep.exe PID: 6520, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: astro-grep.exe PID: 6508, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: ASTRO-GREP.exe PID: 3844, type: MEMORY |
Source: Yara match |
File source: C:\Users\user\AppData\Roaming\astro-grep.exe, type: DROPPED |
Source: C:\Users\user\Desktop\ASTRO-GREP.exe |
Code function: 1_2_017B8148 |
1_2_017B8148 |
Source: C:\Users\user\Desktop\ASTRO-GREP.exe |
Code function: 1_2_017BB258 |
1_2_017BB258 |
Source: C:\Users\user\Desktop\ASTRO-GREP.exe |
Code function: 1_2_017B7878 |
1_2_017B7878 |
Source: C:\Users\user\Desktop\ASTRO-GREP.exe |
Code function: 1_2_017B7130 |
1_2_017B7130 |
Source: C:\Users\user\AppData\Roaming\astro-grep.exe |
Code function: 11_2_00CF8148 |
11_2_00CF8148 |
Source: C:\Users\user\AppData\Roaming\astro-grep.exe |
Code function: 11_2_00CF7878 |
11_2_00CF7878 |
Source: C:\Users\user\AppData\Roaming\astro-grep.exe |
Code function: 11_2_00CF7130 |
11_2_00CF7130 |
Source: C:\Users\user\AppData\Roaming\astro-grep.exe |
Code function: 11_2_00CFE628 |
11_2_00CFE628 |
Source: Joe Sandbox View |
Dropped File: C:\Users\user\AppData\Roaming\astro-grep.exe 17D1C0045155AD9C523C07E0F37AA16CD036915F38B73090D8D8BA930DB149FB |
Source: ASTRO-GREP.exe |
Binary or memory string: OriginalFilename vs ASTRO-GREP.exe |
Source: ASTRO-GREP.exe, 00000001.00000002.707460158.00000000061C0000.00000002.00000001.sdmp |
Binary or memory string: System.OriginalFileName vs ASTRO-GREP.exe |
Source: ASTRO-GREP.exe, 00000001.00000002.706204130.0000000005FB0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs ASTRO-GREP.exe |
Source: ASTRO-GREP.exe, 00000001.00000002.703061185.00000000018F0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs ASTRO-GREP.exe |
Source: ASTRO-GREP.exe, 00000001.00000002.702213908.0000000000E52000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameStub.exe" vs ASTRO-GREP.exe |
Source: ASTRO-GREP.exe, 00000001.00000002.707650182.00000000063E0000.00000002.00000001.sdmp |
Binary or memory string: originalfilename vs ASTRO-GREP.exe |
Source: ASTRO-GREP.exe, 00000001.00000002.707650182.00000000063E0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs ASTRO-GREP.exe |
Source: ASTRO-GREP.exe |
Binary or memory string: OriginalFilenameStub.exe" vs ASTRO-GREP.exe |
Source: ASTRO-GREP.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: ASTRO-GREP.exe, zElUlVwqERLYn/eHcZPkAtyHA.cs |
Base64 encoded string: 'QHy8sfXkGmhL4GfCIxO4J1WB7dWaURp1TcEzVJkn3+Ahjg1xP+UJRRGNLO2H1f8OBBUg1zZFbOawMqFIJs9TzA==', 'NGowqIIaRfZK9xE4MaYAMZJNSBiADXG98tScxjas+TYluA/Nyk7JqsIeKhWHRmXvZLhCzwhMhg58B1Wf4D6HcA==', 'R3oLaKXfDr6rAO99i7NEiwrOhtYr7FQkF66mH80NeUrbSGM+wSwyQY2Bz8neKR3fz49dNiaC8H/QRRz9YPVBEA==', 'RvqIMWuetijphaJZAJE6FoIGlFfHd25BS7fS+/kn3XyLxV5NuiPDP84jJByv/aNjcL32QvZRFQOVa9fjv0ooG5j+NGJ1TRck/hQaLqAr0a96bejTy0gL0EM+fafDTGfBnpIy3rL4eZ3f5vWEwIkP5XpbjlLWdXOw5JoUho71glN6elqv9tRnzekVw6QYg8KU/otB6KhQaIusTJFZKxYCRNlNumfruS1uyjAuGcEvFJJbcshDtsaDTx2ie05B51ZKmui01EZaQanWQIUbgwIWImfXD+Rx0Kxw8abxib/OnZ3wss8k62VXgzXiU1pEDwMGzrWCoqzDd1xct9tMaVj5T2rRQXNJQTuxij2Ad1muU/o4NID8d7DUfS0RBQg1LhXEfwvlTigh547Pji4H5EeUWudKWRWbylJcz3lLIKeOYMtthSboq9mgEg4UZWiG3a0dKkpR9PGSIdAvaLX78GyZR5TibIs42NRyBLkMRlwa8Awo/EXCZRHKKHndGehExORa3FHp9Y7gmFLK9XNaMMM27XaZUPbOdtv//APfKv2ZgLnzkSMmqS7RaH5wTGSHg9bbn5qOzKHCjaHF3XzpV5evIVcid9KGy8KMvhPo/e7ngbpQODVrG7rWZ5jAkxY1RtFAUvXXppD4ZQG+CGu0ve80tNU/dIVHWI6J74kY1h6draQh+zLrO63jzLO2szPMs4NcrkmMSbyDJuTV5upHFtQTHEWn5NENVUlmYlJ6TKa+s//A3iAZYjuvrXC49N8rcL1SO9rbwRyV03Hb11LVlwxo+vw2CNsDQcUshL3DbU3G3ZUtoM9pd3yORe5TrOOHAW/YPjKiNIulAz1F5c98QRABd147y8uNmOmEbwG69p92AtKMHm+BBQ4L65yjFchPEu7LDz2I7OyiI4bx4ex9tYYCdoRNVmbFKacF5I2wMSD66KbjoJbgqSTVYp4RMa13Um/NCTaRJYbFzlbzoRJdSh+TJ4YAzh3RgjSyDk58OY+hkczehjDruNkypEoeROrhPO7WBtP3kTCTcrc0V7jmBHciZiKGhIEnyE0TZf5b5BMVm1WqS5jnH5T9hkgpB7CdGaJCRnzt285c6Q3Yxq29q/w/O/2Qurw1KqcNi0qjBhE3CGmOZa/3I2DqBxV4OWMuK/3AiJ2F5ojQ5/lv7197Wwh2D5xbUgJ/LC8uVQpbeGhqdqk0a+2xhZR0XLAt7QC1QzPIAw9XorjUZ0kvRAcbpvQuVEcHEQiSk8vjduCV1X1n4dc/wRVppbPJPZvjK1Mh2Zcpzgpu9MS0vVjuu5Y4xvPvf1c6iqzCiny1TFHzmLYdc8K1wTNOoZQB2VrICC9kmng3ZtSHTR+rkuKM6or+X1sCAmuuJkjiNTowtmPDBpYXqTvV7rM1udwyAcV4pdco7151c+y+nY3s1EBhyFlLh6AET832+hhvA5YIgtBixfREJ37RPLohibVqUMOLsfWSlJePkgO+DS3hSjMukU4ikBnh4T0JEv2OZ4qZAuOHtOe42EEdbCZqhnY0ed8gY0LH7KQoPsXve4QOqCi5pz5sSN2bdtD1Pe5SRf5Q0/VDvmOm8jBhiI4F9kJxtK0uEJEqrUeYeeUck8GNsyx8WHqW6DHeMgQYSOay5tDU3QVd4nA6VePHiyAoGo1NkluauABdvACMi+1S2U2HuC2K/kpvIO78Ey4fi03DIWOdKwjAPz6HTRErqFL8GU8m8cRnBSLEFfTLsFAK3PpjoYr5p1LilKhivCm3eDI8rg7Kce9LS6XJsshf1zVjdvXbhKM8t7tS4s80MhTDXOjV5BhutYCI7cMgXZ+HSSXbv+GX2XSaZPkWHGXgVii2qDmY1HeSKyMRSs0cGf2s1S/Ai6FJBl9fRhqRyccV50Pwxghb3prrGgGNi+RFVZuKLsMCMDJNr3unwJ0A4GXx/QxjgoHld10w0sr5PlE6nxOr16yIqis1YgbnpOYyVmLpI9gD8t7NHQ3Z1lRLOv5W83gbhwqgWGQRBl9tUGW9qrkMDNf5tGxAdAJMr7+IAqJu5IsIBdleNiU3ImffMARkIL/WytZNaFjp5FTVBBnLkQy2GwuZeziqCfCBBDB1aY7fCQtZsL+KJ+XFqA4EPxUJr6OXTBtFT3xCMBE+Fy9Pme3WBIcjpair31ibEC7Vc/FOFQw8NuYqHJJRJmJ6UlncQs1 |