Covid-19 Data Report .exe

Status: finished

Submission Time: 2021-09-07 15:29:27 +02:00

Malicious

Trojan

Spyware

Evader

Remcos

Comments

Details

Analysis ID:
479070
API (Web) ID:
846637
Analysis Started:

2021-09-07 15:39:27 +02:00
Analysis Finished:

2021-09-07 15:52:55 +02:00
MD5:
f7b7d0144665b034190e826e035f9c98
SHA1:
2a8d08e5189f56453424b3e2103589ae44d6db58
SHA256:
6712498150d5e13d83aca08d5720f38e0bb17b63d9850a33f7f57b5b86401c09
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 11/35

malicious

Score: 24/45

IPs

IP	Country	Detection
79.134.225.107	Switzerland

Domains

Name	IP	Detection
remcos.fingusti.club	79.134.225.107

URLs

Name	Detection
Xhpvfingusti.club
http://secure.globalsign.net/cacert/PrimObject.crt0
http://secure.globalsign.net/cacert/ObjectSign.crt09
Click to see the 4 hidden entries
http://www.globalsign.net/repository09
http://www.autoitscript.com/autoit3/0
http://www.globalsign.net/repository/0
http://www.globalsign.net/repository/03

Dropped files

Name	File Type	Hashes
C:\Users\user\53280493\glpmruvjds.pif	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\53280493\prwsqqdfl.dll	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\tlbbmigtfe.msc	ASCII text, with CRLF line terminators	#
Click to see the 78 hidden entries
C:\Users\user\53280493\swrswi.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\spihfhp.bmp	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\smgabf.ppt	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\ruosgms.ppt	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\rsel.xls	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\qckuffmko.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\qbfgf.bin	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\pudrgncexm.jpg	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\tnpmcqahoq.icm	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\ppvagipo.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\phng.jpg	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\pgjbsik.mp3	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\pdxc.msc	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\otggkjoob.bnv	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Users\user\53280493\omlppm.exe	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\ojmc.ppt	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\oiebljes.bmp	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\ogtukuwqh.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\vvhedbw.msc	ASCII text, with CRLF line terminators	#
C:\Users\user\temp\wuavvoeqs.pdf	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\remcos\logs.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\xvpumsb.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\xlcilbc.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\xevwfe.dll	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\wvxlnvkod.docx	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\wuavvoeqs.pdf	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\53280493\wnjjt.xml	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\wmnfoflxo.pdf	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\tlodellh.mp3	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\vssereuub.cpl	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\vbdetvhl.pdf	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\uvnrlp.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\urmf.xls	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\uikdqjn.xls	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\udvbltspem.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\ucoowohbq.exe	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\txsc.bmp	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\oavaapsk.ico	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\elmw.ico	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\ihgiaxcv.icm	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\iccii.icm	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\hwlfh.xl	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\huvtexmm.cpl	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\htrdshaq.xl	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\hhbng.cpl	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\gwuqk.exe	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\fmvnisu.mp3	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\fflkirjbw.pdf	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\isrjlttjqq.docx	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\eiqluixotc.xls	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\dxdgejcic.exe	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\ddxecn.dll	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\ddrlreh.jpg	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\cidbwvj.cpl	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\apqmcl.cpl	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\aplwr.xl	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\anbk.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\akvecmiek.ico	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\lnxwq.docx	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\acecvl.pdf	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\mjvutjqat.jpg	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\mibhghdc.icm	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\mfupqiv.dll	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\mfqo.jpg	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\megx.xls	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\mdlphmkbq.exe	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\mclr.docx	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\lwdpaxi.ico	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\obrdvagh.ico	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\lekcfklpqn.xls	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\laqcdswu.msc	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\krjplrktd.mp3	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\knjndlimwp.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\kfloojbqsj.pdf	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\jtkl.pdf	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\jtdfgk.bin	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\jqleufphfj.bin	ASCII text, with CRLF line terminators	#
C:\Users\user\53280493\jbprcjxwdo.xl	ASCII text, with CRLF line terminators	#

Covid-19 Data Report .exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Covid-19 Data Report .exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Covid-19 Data Report .exe