top title background image
flash

tgamf4XuLa.exe

Status: finished
Submission Time: 2021-09-15 10:02:12 +02:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • 32
  • exe
  • trojan

Details

  • Analysis ID:
    483617
  • API (Web) ID:
    851185
  • Analysis Started:
    2021-09-15 10:07:32 +02:00
  • Analysis Finished:
    2021-09-15 10:21:20 +02:00
  • MD5:
    f8146a71dedc3eeeaa1624d6832c39a4
  • SHA1:
    b1007a3beab21c77513bb9c4e6fc2a04c6346c04
  • SHA256:
    3611c1a2e9d1897825d5e7100a1c01d807f62a9c75d5f12602c168b0726d56ca
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
91.195.240.94
Germany
52.25.92.0
United States
99.83.154.118
United States
Click to see the 3 hidden entries
103.72.144.19
China
34.102.136.180
United States
34.98.99.30
United States

Domains

Name IP Detection
www.cherrybunk.life
52.25.92.0
www.hellocharmaine.com
91.195.240.94
www.syzhtr.com
103.72.144.19
Click to see the 11 hidden entries
www.d0berman245.xyz
99.83.154.118
www.realstylecelebz.com
99.83.154.118
www.discomountainkombucha.com
91.195.240.94
www.tjandamber.com
0.0.0.0
www.fraktal.media
0.0.0.0
www.expertexceleratorchallenge.com
0.0.0.0
www.dressmids.com
0.0.0.0
fraktal.media
34.98.99.30
expertexceleratorchallenge.com
34.98.99.30
dressmids.com
34.98.99.30
tjandamber.com
34.102.136.180

URLs

Name Detection
http://www.hellocharmaine.com/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=HiF2JmV2owPq8HevY+6PLH0l3KgiDbtf8XOoOMXvRXgVDxDLxjWebHI9Pw488vMk9ORY
http://www.cherrybunk.life/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=xxaskX4zCBVE3yBbpvO7oTQxeCyuhPQrJ3bXakBVisDWUfPX6szXkiX7lnBBy6F9sRNz
http://www.syzhtr.com/vuja/?a6PLdH6=u+wR1aKzpDV/TxGllf2QnEgeBGa/HBhCNRhMkmFjTPYp6U2j3/+A9H921q8yWaN2LpI/&SrK0m=8pbLu8l0SV1lo
Click to see the 11 hidden entries
http://www.d0berman245.xyz/vuja/?a6PLdH6=knesP9qPdEIwhrsdCBVrK6TYPa8ARfupLdS+O1KjpVkHadf5O3a6XCWpr2FomIuS86ow&SrK0m=8pbLu8l0SV1lo
http://www.realstylecelebz.com/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=mvPzLoePd3E50JyZDmieD6pkHjcUl/YW6tCUslk4/nfE0VzZdnTMarol9oC9qsPy2Se0
www.dressmids.com/vuja/
http://www.discomountainkombucha.com/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=vHKhDfdz3QjyoUuaK0fKX3k6vNUdxhN00gDlJT2hTfXNtdoBfWWdNbHAMnY3fHnn7Aqd
https://www.value-domain.com/
http://www.fraktal.media/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=+jKwoP3rxSUE2G3GWZal8U7hYP6reGb39kDXBTdBOy+lOhqfFK02kSVdLKlhCp2Y/9bB
https://www.colorfulbox.jp/common/img/bnr/colorfulbox_bnr01.png
http://www.dressmids.com/vuja/?a6PLdH6=mgzvXufYj6psHtNzSOMfQOc1unGQJGuCHGGdhDQCsGfwe59mkNL58xvD94UsnjjJj5NK&SrK0m=8pbLu8l0SV1lo
https://www.value-domain.com/modall.php
http://www.tjandamber.com/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=O/mUfy2FFtS6I/aReU4qHel2aPwRekNUtr7VAEKDTW8BEYcE6LKZB1SF0N7UsHI7MTf5
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tgamf4XuLa.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmpEC5E.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\HpnpObXJP.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\HpnpObXJP.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#