top title background image
flash

wuxvGLNrxG.jar

Status: finished
Submission Time: 2021-08-03 18:12:28 +02:00
Malicious
Trojan
Exploiter
Evader
Ursnif

Comments

Tags

  • Gozi
  • jar

Details

  • Analysis ID:
    458767
  • API (Web) ID:
    826334
  • Analysis Started:
    2021-08-03 18:18:32 +02:00
  • Analysis Finished:
    2021-08-03 18:33:25 +02:00
  • MD5:
    62f16f566ecdf99cfc14e82dadf0f18e
  • SHA1:
    9b1dee428b273fe00921b43821fd5deeadf9dd30
  • SHA256:
    04b9398217671d5282716edd773af60c3a57765b679214aa65a04f2565437190
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 11/89
malicious

IPs

IP Country Detection
185.228.233.17
Russian Federation
162.241.216.53
United States

Domains

Name IP Detection
gtr.antoinfer.com
185.228.233.17
app.flashgameo.at
185.228.233.17
data.green-iraq.com
162.241.216.53
Click to see the 1 hidden entries
resolver1.opendns.com
208.67.222.222

URLs

Name Detection
http://gtr.antoinfer.com/
http://app.flashgameo.at/3RCQ0msRVVnLSJ5u/TSJ_2Fxz80keoop/a7EjDDG7wrXHG68ZtX/Pmtf7IzJN/aJqNiYsKzCerz7CxDBe7/e24yGD4QU8YxhhSD3YO/03mvbgBdqeCIW6TNLEFcOV/EK49ihmFywAO1/pIF7jejl/dujcubamjFalP53t_2FHK8B/KFSEJwMt_2/BtevMf85tQFfIELR_/2BcnIXZSnbYO/KZzJGKYFtQN/vyvR7VHvQcMFD4/kY1tU9entnPFjHGBpC6PC/rfEItxXtG1ipdjW8/L_2BLpkqRSBRNu3/Qm7zxsLhdRlaAq032b/I1k1iSuisV_2F/6
http://gtr.antoinfer.com/vADDezNeSke9U/kvoRl9HX/wg75j_2F1ccwy_2BN_2FgkC/Yh7aCXFF09/ee6kz01isjr6jdjmu/pk1iZnzuGks_/2FuxytqUYce/a5iWzRhuhKAZ4y/D3pXNK4fyJfK_2FkQ5xOt/JVfaKqEHewQX_2Bv/e8GLEmqyRCDOz2z/IZT7WGXdb3gbjuggsB/nJqV1sh4i/1CBsNlHce4vH9r545Rqj/lW_2BT5w8VeL3I13xEE/kQKMsI_2FV_2BAmRAPTTX_/2Fpo46_2FxhKi/aU1VyuXn/ftd9GHd_2FR3UMOYr1sC0hP/YgHDHBl7oA/36ctrYN2Q45zT_2FE/cFBpdxQOL4tl/xsOclWLyg_2B/TAMc8
Click to see the 58 hidden entries
https://sectigo.com/CPS0
http://ocsp.sectigo.com
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://null.oracle.com/
http://java.oracle.com/
http://bugreport.sun.com/bugreport/
http://www.certplus.com/CRL/class2.crl
http://cps.letsencrypt.org0
http://x1.c.lencr.org/
http://cps.root-x1.letsencrypt.orgK
http://x1.i.lencr.org/
http://crl.xrampsecurity.com/XGCA.crl
http://policy.camerfirma.com0
http://cps.root-x1.letsencrypt.org0
http://repository.swisssign.com/
http://www.quovadisglobal.com/cps
http://cps.chambersign.org/cps/chambersroot.html
http://www.certplus.com/CRL/class3P.crl
http://r3.i.lencr.org/;
https://sectigo.com/CPS
http://crl.securetrust.com/STCA.crl
http://constitution.org/usdeclar.txt
http://crl.xrampsecurity.com/XGCA.crl0
http://www.quovadis.bm
http://www.quovadis.bm0
http://x1.i.lencr.org/k
http://cps.root-x1.letsencrypt.org
https://data.green-iraq.com/app.dll
http://crl.chambersign.org/chambersroot.crl
http://cps.letsencrypt.org
http://r3.o.lencr.org
http://r3.o.lencr.orgC
http://crl.chambersign.org/chambersroot.crl0
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
http://ocsp.sectigo.com0
http://cps.chambersign.org/cps/chambersroot.html0
http://cps.letsencrypt.orgk
http://constitution.org/usdeclar.txtC:
http://www.chambersign.org1
http://https://file://USER.ID%lu.exe/upd
http://repository.swisssign.com/0
http://policy.camerfirma.com
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
https://ocsp.quovadisoffshore.com
http://www.chambersign.org
http://crl.securetrust.com/STCA.crl0
http://www.certplus.com/CRL/class3P.crl0
http://r3.i.lencr.org/
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl
http://www.certplus.com/CRL/class2.crl0
http://r3.i.lencr.org/07
http://www.quovadisglobal.com/cps0
http://x1.c.lencr.org/0
http://x1.i.lencr.org/0
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
http://r3.o.lencr.org0
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt
https://ocsp.quovadisoffshore.com0

Dropped files

Name File Type Hashes Detection
C:\Users\user\winapp.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\wm2qs3oi\wm2qs3oi.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\wfvgme3v\wfvgme3v.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
Click to see the 16 hidden entries
C:\Users\user\AppData\Local\Temp\wfvgme3v\wfvgme3v.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Documents\20210803\PowerShell_transcript.579569.PzaIZfVx.20210803182038.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\83aa4cc77f591dfc2374580bbd95f6ba_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
#
C:\Users\user\AppData\Local\Temp\wm2qs3oi\wm2qs3oi.out
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\wm2qs3oi\wm2qs3oi.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\wm2qs3oi\wm2qs3oi.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\wm2qs3oi\CSC4DF65D5B5CD44487ACE6B52D8E184D85.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\wfvgme3v\wfvgme3v.out
ASCII text, with CRLF, CR line terminators
#
C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\wfvgme3v\wfvgme3v.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\wfvgme3v\CSCBEAB7CEF44BD41E5AC32CBB29DE9912D.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_swqqbxtk.cak.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qt0tzypn.feq.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\RES50C8.tmp
data
#
C:\Users\user\AppData\Local\Temp\RES3CF2.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#