top title background image
flash

Fec9qUX4at.exe

Status: finished
Submission Time: 2021-08-03 09:40:10 +02:00
Malicious
Trojan
Evader
Spyware
GuLoader, GuLoader Remcos

Comments

Tags

  • exe

Details

  • Analysis ID:
    458355
  • API (Web) ID:
    825943
  • Analysis Started:
    2021-08-03 09:40:10 +02:00
  • Analysis Finished:
    2021-08-03 10:03:37 +02:00
  • MD5:
    2046b941817392e3815535fccb1f39dc
  • SHA1:
    843d243a71131baf9fbe0fcf4ba129f51ee74c8f
  • SHA256:
    c0d3da1cefd1a979c8b8ce102fd5d3ff090779f72f4d1098eb383cbbb3480bee
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 88
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Suspected Instruction Hammering Hide Perf

Third Party Analysis Engines

malicious
Score: 20/69
malicious
Score: 6/46

IPs

IP Country Detection
194.5.97.128
Netherlands
101.99.94.119
Malaysia

Domains

Name IP Detection
wealthyrem.ddns.net
194.5.97.128

URLs

Name Detection
http://101.99.94.119/WEALTH_fkWglQyCXO188.bin

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\DYKKERDRAGTS\FANEBREREN.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\DYKKERDRAGTS\FANEBREREN.vbs
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\wqhhwuvojbjzckdf.vbs
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\remcos\logs.dat
data
#