Covid19_Vacine_Investment_Proposals_1st_Quarter2021 pdf.jar

Status: finished

Submission Time: 2021-02-23 20:46:25 +01:00

Malicious

Trojan

Exploiter

Evader

STRRAT

Comments

Details

Analysis ID:
356987
API (Web) ID:
615958
Analysis Started:

2021-02-23 20:46:26 +01:00
Analysis Finished:

2021-02-23 21:19:38 +01:00
MD5:
5435ec679cdd07fe6f4fc6f49a117ea8
SHA1:
eab4494e7db4bcbebf9dc5c0197ce0081a6dda6e
SHA256:
5a962977909fafba0a1c202306068bd5f8297335b16989a07c1f119302155c84
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 80	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 80	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Without Tracing

IPs

IP	Country	Detection
23.239.31.129	United States
107.175.144.243	United States
199.232.192.209	United States
Click to see the 3 hidden entries
140.82.121.3	United States
104.23.98.190	United States
185.199.110.154	Netherlands

Domains

Name	IP	Detection
pluginserver.duckdns.org	23.239.31.129
strizzz100.duckdns.org	107.175.144.243
str-master.pw	0.0.0.0
Click to see the 6 hidden entries
jbfrost.live	0.0.0.0
sonatype.map.fastly.net	199.232.192.209
github.com	140.82.121.3
github-releases.githubusercontent.com	185.199.110.154
pastebin.com	104.23.98.190
repo1.maven.org	0.0.0.0

URLs

Name	Detection
http://www.quovadis.bm
http://www.quovadisglobal.com/cps
http://cps.chambersign.org/cps/chambersroot.html
Click to see the 45 hidden entries
http://www.certplus.com/CRL/class3P.crl
http://www.certplus.com/CRL/class3P.crl0
http://crl.chambersign.org/chambersroot.crlK%
http://crl.securetrust.com/STCA.crl
http://str-master.pw/strigoi/server/ping.php?
http://www.certplus.com/CRL/class2.crl0
http://www.quovadisglobal.com/cps0
http://crl.xrampsecurity.com/XGCA.crl0
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
http://str-master.pw/strigoi/server/ping.php?lid=
http://www.quovadis.bm0
https://ocsp.quovadisoffshore.com0
http://www.allatori.com
http://str-master.pw
http://crl.chambersign.org/chambersroot.crl
http://repository.swisssign.com/
http://www.chambersign.org
https://api.github.com/_private/browser/errors
https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
http://policy.camerfirma.com0
http://str-master.pw/strigoi/server/ping.php?lid=RUGR-ATSN-D14P-VBXX-49LW
http://www.chambersign.org1
https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
http://crl.chambersign.org/chambersroot.crl0
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
http://www.apache.org/licenses/LICENSE-2.0.txt
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICEN
http://www.certplus.com/CRL/class2.crl
http://bugreport.sun.com/bugreport/
http://cps.chambersign.org/cps/chambersroot.html0
http://java.oracle.com/
http://null.oracle.com/
http://crl.xrampsecurity.com/XGCA.crl
https://github-releases.githubusercontent.com/51361554/623ef000-9da4-11e9-9ea2-d90155318994?X-Amz-Al
http://str-master.pw/strigoi/server/ping.php
http://repository.swisssign.com/0
https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
http://policy.camerfirma.com
http://ops.com.pa/jre7.zip
http://ops.com.pa/jre7.zipnf
https://ocsp.quovadisoffshore.com
https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar
http://crl.securetrust.com/STCA.crl0

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\pruoglcim.txt	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Roaming\plugins.jar	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Roaming\lib\sqlite-jdbc-3.14.2.1.jar	Zip archive data, at least v1.0 to extract	#
Click to see the 16 hidden entries
C:\Users\user\pruoglcim.txt	Zip archive data, at least v2.0 to extract	#
C:\Users\user\lib\system-hook-3.5.jard	Zip archive data, at least v1.0 to extract	#
C:\Users\user\lib\sqlite-jdbc-3.14.2.1.jard	Zip archive data, at least v1.0 to extract	#
C:\Users\user\lib\jna-platform-5.5.0.jard	Java archive data (JAR)	#
C:\Users\user\lib\jna-5.5.0.jard	Java archive data (JAR)	#
C:\Users\user\fukvowbkrs.js	ASCII text, with very long lines	#
C:\Users\user\AppData\Roaming\lib\system-hook-3.5.jar	Zip archive data, at least v1.0 to extract	#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\pruoglcim.txt	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Roaming\lib\jna-platform-5.5.0.jar	Java archive data (JAR)	#
C:\Users\user\AppData\Roaming\lib\jna-5.5.0.jar	Java archive data (JAR)	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pruoglcim.txt	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\83aa4cc77f591dfc2374580bbd95f6ba_d06ed635-68f6-4e9a-955c-4899f5f57b9a	data	#
C:\Users\user\AppData\Local\Temp\jna-99048687\jna822539700341149381.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\jna-99048687\jna552460949331173543.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\jna-99048687\jna3285767908382047760.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp	ASCII text, with CRLF line terminators	#

Covid19_Vacine_Investment_Proposals_1st_Quarter2021 pdf.jar

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Covid19_Vacine_Investment_Proposals_1st_Quarter2021 pdf.jar Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

Covid19_Vacine_Investment_Proposals_1st_Quarter2021 pdf.jar