Register Login

sloganpng

top title background image

rUUR0qQI22.exe

Status: finished

Submission Time: 2021-05-01 05:50:16 +02:00

Malicious

Ransomware

Spyware

Evader

DarkSide

Comments

Tags

Details

Analysis ID:
401962
API (Web) ID:
706077
Analysis Started:

2021-05-01 05:59:58 +02:00
Analysis Finished:

2021-05-01 06:08:22 +02:00
MD5:
9d418ecc0f3bf45029263b0944236884
SHA1:
eeb28144f39b275ee1ec008859e80f215710dc57
SHA256:
151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 27/29

malicious

IPs

IP	Country	Detection
185.105.109.19	Russian Federation

Domains

Name	IP	Detection
securebestapp20.com	185.105.109.19

URLs

Name	Detection
http://darksidfqzcuhtk2.onion/CZEX8E0GR0AO4ASUCJE1K824OKJA1G24B8B3G0P84LJTTE7W8EC86JBE7NBXLMRT
http://nuget.org/NuGet.exe
http://pesterbdd.com/images/Pester.png
Click to see the 11 hidden entries
http://www.apache.org/licenses/LICENSE-2.0.html
https://go.micro
https://securebestapp20.com/jVPuJOnhRSBlO
https://contoso.com/
https://nuget.org/nuget.exe
https://contoso.com/License
https://torproject.org/
https://contoso.com/Icon
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://github.com/Pester/Pester
https://securebestapp20.com/jVPuJOnhRSBl

Dropped files

Name	File Type	Hashes	Detection
C:\README.418990b0.TXT	ASCII text, with very long lines, with CRLF line terminators	#
C:\Recovery\README.418990b0.TXT	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\README.418990b0.TXT	ASCII text, with very long lines, with CRLF line terminators	#
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\418990b0.ico	MS Windows icon resource - 5 icons, 64x64, 32 bits/pixel, 48x48, 32 bits/pixel	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u4ayydvj.e53.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w5w3taum.vrt.psm1	very short file (no magic)	#
C:\Users\user\Documents\20210501\PowerShell_transcript.390120.OOGUKqeP.20210501060116.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\bootTel.dat.418990b0	data	#
\Device\Null	ASCII text, with CRLF line terminators	#