top title background image
flash

fTset285bI.exe

Status: finished
Submission Time: 2021-09-27 20:26:34 +02:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    491713
  • API (Web) ID:
    859280
  • Analysis Started:
    2021-09-27 20:31:48 +02:00
  • Analysis Finished:
    2021-09-27 20:46:05 +02:00
  • MD5:
    1fb012f2414da5a3515f704e855ab770
  • SHA1:
    1d5ff9db7dfeaf2d4b0200fbbda00e89d058f525
  • SHA256:
    6caf3e91a0bb501d8e7d08d8463407315debb31757137e5362795d91c161e6d6
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 20/69
malicious
Score: 12/45

IPs

IP Country Detection
162.159.130.233
United States
162.159.133.233
United States

Domains

Name IP Detection
cdn.discordapp.com
162.159.130.233

URLs

Name Detection
www.llaa11.xyz/scb0/
https://cdn.discordapp.com/attachments/836211098164265024/892047706770509844/Qybpdxzxxjklicipydzdiinowujxlof

Dropped files

Name File Type Hashes Detection
C:\Users\Public\Libraries\Qybpdxz\Qybpdxz.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER81DC.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Qybpdxzxxjklicipydzdiinowujxlof[2]
data
#
Click to see the 19 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Qybpdxzxxjklicipydzdiinowujxlof[1]
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Qybpdxzxxjklicipydzdiinowujxlof[1]
data
#
C:\Users\Public\nest.bat
ASCII text, with CRLF line terminators
#
C:\Users\Public\nest
ASCII text, with CRLF line terminators
#
C:\Users\Public\UKO.bat
ASCII text, with CRLF line terminators
#
C:\Users\Public\Trast.bat
ASCII text, with no line terminators
#
C:\Users\Public\Libraries\zxdpbyQ.url
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Qybpdxz\\Qybpdxz.exe">), ASCII text, with CRLF line terminators
#
C:\Users\Public\KDECO.bat
ASCII text, with no line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_mobsync.exe_4f8d1df0fba57de648265d9a2130aefb6b3891a_cdf4f12b_145ad42c\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D67.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER79AC.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Sep 28 03:33:16 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER55F5.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E91.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER46C0.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Sep 28 03:34:10 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER25CD.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F25.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1560.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Sep 28 03:33:58 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_secinit.exe_1cc8228464a2edeca80f27db11b39d78dd97a3a_b4caafd3_1af6fb99\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_secinit.exe_1cc8228464a2edeca80f27db11b39d78dd97a3a_b4caafd3_0c460f36\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#