top title background image
flash

niberius.dll

Status: finished
Submission Time: 2021-07-09 03:09:09 +02:00
Malicious
Phishing
Trojan
Spyware
Evader
Hancitor

Comments

Tags

  • dll
  • Hancitor
  • MAN1
  • Moskalvzapoe
  • TA511

Details

  • Analysis ID:
    446231
  • API (Web) ID:
    813820
  • Analysis Started:
    2021-07-09 03:09:09 +02:00
  • Analysis Finished:
    2021-07-09 03:20:12 +02:00
  • MD5:
    d22d8bb38cf8d6a5ce6d8be4106350e7
  • SHA1:
    02fc51e6572a17f5dbbc32c4e3dd03cca3c51afe
  • SHA256:
    4dc9d5ee1debdba0388fbb112d4bbbc01bb782f015e798cced3fc2edb17ac557
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 12/89

IPs

IP Country Detection
23.21.224.49
United States
77.222.42.67
Russian Federation
8.211.241.0
Singapore
Click to see the 2 hidden entries
95.213.179.67
Russian Federation
23.21.173.155
United States

Domains

Name IP Detection
srand04rf.ru
8.211.241.0
pospvisis.com
95.213.179.67
sudepallon.com
77.222.42.67
Click to see the 2 hidden entries
elb097307-934924932.us-east-1.elb.amazonaws.com
23.21.173.155
api.ipify.org
0.0.0.0

URLs

Name Detection
http://srand04rf.ru/7hfjsdfjks.exe
http://thentabecon.ru/8/forum.php
http://anspossthrly.ru/8/forum.php
Click to see the 26 hidden entries
http://sudepallon.com/8/forum.php
http://sudepallon.com/8/forum.phponnection:
http://api.ipify.org/?format=xml
http://sudepallon.com/8/forum.phpp
http://sudepallon.com/8/forum.phpq
http://sudepallon.com/8/forum.php2
http://sudepallon.com/8/forum.php.com/8/forum.phpeBH
http://sudepallon.com/8/forum.phps
http://sudepallon.com/8/forum.php8
http://sudepallon.com/8/forum.php:
http://api.ipify.org/
http://sudepallon.com/fjsdfjks.exe
http://sudepallon.com/8/forum.phpb
http://sudepallon.com/8/forum.php.com/8/forum.php
http://sudepallon.com/8/forum.phpK
http://sudepallon.com/8/forum.php&
http://sudepallon.com/8/forum.phph
http://sudepallon.com/8/forum.phpk
http://api.ipify.org
http://sudepallon.com/8/forum.php6O
http://sudepallon.com/8/forum.phpT
http://sudepallon.com/8/forum.phpea
http://sudepallon.com/8/forum.phppR
http://sudepallon.com/8/forum.php=
http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID
http://sudepallon.com/8/forum.phpeBH

Dropped files

Name File Type Hashes Detection
C:\ProgramData\kaosdma.txt
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\RCR7H9R6.txt
ASCII text, with no line terminators
#