worVoBJYGD.dll

Status: finished

Submission Time: 2021-08-03 20:24:22 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
458873
API (Web) ID:
826442
Analysis Started:

2021-08-03 20:24:22 +02:00
Analysis Finished:

2021-08-03 20:37:26 +02:00
MD5:
2f3c83a9b7d37b99c603a28d09c74cc6
SHA1:
697235d82ea9218b2349cb1055276a1ebe96aefd
SHA256:
68ab9c658f136782ec8e341d0ad8257989689882cfc03db4cdf719b3a68c8e85
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 11/89

malicious

IPs

IP	Country	Detection
185.228.233.17	Russian Federation

Domains

Name	IP	Detection
gtr.antoinfer.com	185.228.233.17
app.flashgameo.at	185.228.233.17
resolver1.opendns.com	208.67.222.222

URLs

Name	Detection
http://gtr.antoinfer.com/FXZ4lJvs/pnPhoUboMRVeoTe_2BxFQHV/VrMabiiED1/fjSHMBnhaHvqGkBru/BBTTQ6QwiwG2/i_2B4XLvHY3/zQLJ0W4RRFNlvQ/B3u_2FSgrcZQDj_2BbFWa/Bx8WB7z_2BuLUgre/PCgyAB0W6V5ZAPj/EUhKDrtuQoVEfKF_2F/dcW7lxG1t/oqJkrgpYdakzYVLuFura/45KMjCH_2BPWhKVH2At/F3l8q550AYqbFa84glQVmt/K2gCe0Lr0TKfs/y_2FaOCB/ygw2OjZ6hu69MXjNR4EuLCN/Av5n84Tspg/9rzu_2F5EAjaDhz2A/PQ8PWyfZ/9t_2F
http://gtr.antoinfer.com/08OjUeXqnP9/J746P5EGkluNVd/IJ_2B0pRlg5g_2Fpunyf_/2BXLVHvYLaERgrs5/6QTGZHoxYTnKCap/ZPQAuenP_2FyJ6hWxg/pWql_2F5l/kLJRoq5u3UoR4652KiHp/EmofwTCfdG6EODl70rf/KEalVhNFb6NVkmQGTmfz_2/B7kttRIp_2Bne/TjMfdOpf/19l29_2BHFRm1Q66bkvKZWZ/DZZfqXshBY/y14LEgOTtytG3Ix8L/xeX8bRPtnh6u/r2W_2BXkRqN/peDwoZDDU11DTW/WVHbt8_2BPQcYfD7tFwK0/zJnaF28QV4LV_2F7/vA9Gd_2F8SeHe3M/sh52_2Bep9d5h/oiu8Z2yw
http://gtr.antoinfer.com/mTRcVo1kR/Y_2FA_2BfssGFqVyATv2/Ha48GIz6nIiYpIeUH4v/_2FG2EmK4VeNaMJVBDrk0J/_2B1TzmrJnGIJ/nya_2F8I/cdZf2M97sVJPBZwkgGorhXf/mRYeY9vLlb/ql65kRpFXqGZwBQer/rXMufQHq_2FU/nIy69w6PhML/8J3AhNFQ4Jy96G/w5vhfh_2BIJ7d9IoLb98y/oKxTbr81HhqnJ1L1/Jh1VS63mbokZ6cg/EiF4xFifMJVfOHV2Q_/2FlZvyJ76/jzog_2BoRPm_2FGOWmRI/FPnBmD_2BoCBmqUOVLw/rpKEm_2F86qO2njAFbe3qJ/1v9sWMzqblkv_/2F_2BDgW007d7/LtA8
Click to see the 13 hidden entries
http://gtr.antoinfer.com/DeX5GWZg0Peq/7NgceSVLwb_/2FKBdrhD_2BrPB/8c1uiDVblu0VRxOwf86RB/7RlrJfNAcSl8yK9M/_2BR6tZsQdJK7DQ/0XeQ_2FDLrv1nAxzaB/T3xKAFAr_/2Fp4Ltq73VjaHHoQztD1/x183TFWpQzC6_2F2n_2/FW_2BJ7_2BLURkcNjyg4hv/iERXmjmDxZ_2B/MqlUCL1c/d0YTAfP_2B2t_2FpDPiA4C7/kp7kRE_2BM/6ThuCNdgd0HyvWufQ/x61l_2FymcLS/YGjjC9Byoh4/QKUChdjQOX9Lh8/tWuTsS4vrxaovoeb8MTe0/n0ug3jEb10v8CjXy/4y_2Bffi5hDHF4e/taOpwFWZ_2FIS/gE
http://nuget.org/NuGet.exe
http://constitution.org/usdeclar.txt
http://pesterbdd.com/images/Pester.png
http://www.apache.org/licenses/LICENSE-2.0.html
https://contoso.com/
https://nuget.org/nuget.exe
http://constitution.org/usdeclar.txtC:
https://contoso.com/License
https://contoso.com/Icon
http://https://file://USER.ID%lu.exe/upd
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://github.com/Pester/Pester

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\vbpfsg54\vbpfsg54.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\senxb4p4\senxb4p4.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\jqkof1ka\jqkof1ka.0.cs	UTF-8 Unicode (with BOM) text	#
Click to see the 28 hidden entries
C:\Users\user\Documents\20210803\PowerShell_transcript.472847.skhGMmiY.20210803202633.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210803\PowerShell_transcript.472847.9H_WKwxk.20210803202644.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\vbpfsg54\vbpfsg54.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\vbpfsg54\vbpfsg54.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\vbpfsg54\vbpfsg54.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\vbpfsg54\CSCC3210ABFD4B4742A7EBA7934EB0D0.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\senxb4p4\senxb4p4.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\senxb4p4\senxb4p4.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\senxb4p4\senxb4p4.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\senxb4p4\CSCD728609DA3104BA4891CE07457BF77DE.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\jqkof1ka\jqkof1ka.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\jqkof1ka\jqkof1ka.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\jqkof1ka\jqkof1ka.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Temp\jqkof1ka\CSCA3035077FC7544A28C7D2FD8A94650.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\fedhsvoj\fedhsvoj.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\fedhsvoj\fedhsvoj.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\fedhsvoj\fedhsvoj.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\fedhsvoj\fedhsvoj.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\fedhsvoj\CSC2C7CB35724FE4D03B8B83A389D1E5FE.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xugd3ey5.3ho.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vb04gpdl.oyg.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lusmgaxq.saw.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0w25flno.lby.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\RESE546.tmp	data	#
C:\Users\user\AppData\Local\Temp\RESCE3.tmp	data	#
C:\Users\user\AppData\Local\Temp\RES419.tmp	data	#
C:\Users\user\AppData\Local\Temp\RES278F.tmp	data	#

worVoBJYGD.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

worVoBJYGD.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

worVoBJYGD.dll