zmbct5agcD.exe

Status: finished

Submission Time: 2021-09-27 19:45:56 +02:00

Malicious

Trojan

Spyware

Evader

TrickBot

Comments

Details

Analysis ID:
491679
API (Web) ID:
859243
Analysis Started:

2021-09-27 19:57:35 +02:00
Analysis Finished:

2021-09-27 20:09:25 +02:00
MD5:
7bb8f00948d80dc7a3936c4c1fa2b276
SHA1:
e60d2828c4a5716d1d96ba1a141e239a2df374f8
SHA256:
c3b12369d950f2420697e8b05b80a29a0cea58fd7d858d7a622611291d3496f5
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 32/69

malicious

Score: 21/45

IPs

IP	Country	Detection
88.87.15.96	Bulgaria
103.140.207.110	Indonesia
116.203.16.95	Germany
Click to see the 13 hidden entries
171.103.187.218	Thailand
179.42.137.105	unknown
195.39.233.29	Ukraine
103.239.6.30	Bangladesh
91.232.241.58	Ukraine
79.110.193.67	Poland
182.160.98.250	Bangladesh
109.87.143.67	Ukraine
77.252.26.5	Poland
182.160.99.205	Bangladesh
178.151.205.154	Ukraine
91.191.55.135	Bosnia and Herzegowina
178.182.254.64	Poland

Domains

Name	IP	Detection
ip.anysrc.net	116.203.16.95
72.150.189.185.b.barracudacentral.org	0.0.0.0
72.150.189.185.dnsbl-1.uceprotect.net	0.0.0.0
Click to see the 3 hidden entries
72.150.189.185.zen.spamhaus.org	0.0.0.0
72.150.189.185.spam.dnsbl.sorbs.net	0.0.0.0
72.150.189.185.cbl.abuseat.org	0.0.0.0

URLs

Name	Detection
http://79.110.193.67:443NQ
http://109.87.143.67:443ary=
http://91.191.55.135:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/83/
Click to see the 97 hidden entries
http://91.232.241.58:443NYLR
https://0.79
http://109.87.143.67:443M
http://91.232.241.58:443FLL
http://178.182.254.64:443VXJ
http://109.87.143.67:443O
http://109.87.143.67:443E
http://79.110.193.67:4431
http://79.110.193.67:4434
http://79.110.193.67:4433
http://79.110.193.67:443153/
http://79.110.193.67:443/
http://109.87.143.67:44354
http://79.110.193.67:443%
http://77.252.26.5:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/83/3/
http://178.151.205.154:443ry=
http://91.232.241.58:443CSDB
http://91.191.55.135:443O15
https://109.87.143.67:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/83/
http://182.160.98.250:443IFH
https://178.151.205.154:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/83/
http://77.252.26.5:4438
http://79.110.193.67:443o
http://178.182.254.64:443CPP
http://178.151.205.154:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/83/http://91.191
http://79.110.193.67:443L
http://91.232.241.58:443BGR
http://103.239.6.30:443AA
http://77.252.26.5:4433JNH
http://195.39.233.29:443
http://178.182.254.64:443SPJ
http://79.110.193.67:443WAO
http://79.110.193.67:443q
http://77.252.26.5:443MS
https://8.250
http://79.110.193.67:443YBI
http://178.182.254.64:443EUQ
http://79.110.193.67:443f
http://182.160.98.250:443HF
http://109.87.143.67:443HDU
http://109.87.143.67:443/
http://79.110.193.67:443VEGK
http://79.110.193.67:443/tot153109.87.143.67X
http://182.160.98.250:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/83/
http://109.87.143.67:4431
http://109.87.143.67:4434
http://91.232.241.58:443Ky=
http://91.191.55.135:443y=
http://77.252.26.5:443/8y=
http://182.160.98.250:443F
http://182.160.98.250:443E
http://109.87.143.67:443MJM
http://77.252.26.5:443NT
http://182.160.98.250:443B
http://103.239.6.30:443/tot15
http://182.160.98.250:443K
http://182.160.98.250:443M
http://178.182.254.64:443JCY
http://77.252.26.5:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/83//
http://182.160.98.250:443I
http://182.160.98.250:443C
http://195.39.233.29:443dary=
http://103.239.6.30:443KZOYL
http://77.252.26.5:4433EFH
http://182.160.98.250:443Y
http://178.182.254.64:443ZCX
http://103.239.6.30:443dary=
http://77.252.26.5:443P1
http://195.39.233.29:443/tot153TFYLMDHBKCVYZNWZ.135
http://178.182.254.64:443PPW
http://91.232.241.58:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/83/
http://91.191.55.135:443CYN
http://182.160.98.250:443ry=
http://182.160.99.205:443SVA
https://support.google.com/chrome/?p=plugin_shockwave
http://77.252.26.5:443/
http://195.39.233.29:443XCX
http://77.252.26.5:4430
http://109.87.143.67:443RR
http://77.252.26.5:4433
http://77.252.26.5:443N
http://77.252.26.5:4430f
http://182.160.98.250:443LMD
https://79.110.193.67:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/83/
https://195.39.233.29:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/90/
http://109.87.143.67:443POC
http://103.239.6.30:443ECM
https://54.64
https://91.191.55.135:443/tot153/114127_W10017134.DD1CAFF728CCA332C99E42E85D11CCBB/83/
http://77.252.26.5:443pA
http://77.252.26.5:443P$
http://182.160.98.250:4435
http://182.160.98.250:443/
http://182.160.99.205:443ary=
http://182.160.99.205:443BG
http://91.191.55.135:443TPNB
http://77.252.26.5:4433JON

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies.bak	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History.bak	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak	SQLite 3.x database, last written using SQLite version 3032001	#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 61157 bytes, 1 file	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.bak	ASCII text, with very long lines, with no line terminators	#

zmbct5agcD.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

zmbct5agcD.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

zmbct5agcD.exe