top title background image
flash

7yyqdBJVGf.exe

Status: finished
Submission Time: 2021-09-28 15:11:51 +02:00
Malicious
Trojan
Spyware
Evader
Cryptbot Glupteba

Comments

Tags

  • CryptBot
  • exe

Details

  • Analysis ID:
    492301
  • API (Web) ID:
    859863
  • Analysis Started:
    2021-09-28 15:22:44 +02:00
  • Analysis Finished:
    2021-09-28 15:39:59 +02:00
  • MD5:
    267667a4bbfdfcf20c407c2b191fd0ed
  • SHA1:
    73870de4caa2eaaf162c81c34740527e12b8467c
  • SHA256:
    c3b9a8dde21bf3c1bb09426a261c77eb4b59cb2f36ac82e5b8f6b4a4d3565b5b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 36/68
malicious
Score: 22/45
malicious

IPs

IP Country Detection
208.95.112.1
United States
45.140.167.227
United Kingdom
104.168.214.97
United States
Click to see the 2 hidden entries
88.99.66.31
Germany
185.185.71.183
Russian Federation

Domains

Name IP Detection
zukelx03.top
185.185.71.183
ip-api.com
208.95.112.1
iplogger.org
88.99.66.31
Click to see the 3 hidden entries
pacdpo22.top
45.140.167.227
moreil02.top
104.168.214.97
YWPUxosKSQKjQIKzFVtwgwCR.YWPUxosKSQKjQIKzFVtwgwCR
0.0.0.0

URLs

Name Detection
http://zukelx03.top/downfiles/lv.exe
http://ip-api.com/json
http://223.252.173.63/4r5tgh/fcvgbth654/fv5yh.exehttps://iplogger.org/1N5Jh7string
Click to see the 20 hidden entries
http://zukelx03.top/download.php?file=lv.exe
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://2no.co/2T4yW6UShttp://223.252.173.63/4r5tgh/fcvgbth654/fv5yh.exehttps://iplogger.org/1N5Jh7s
https://evernote.com/
http://nsis.sf.net/NSIS_ErrorError
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://ip-api.com/jsonH
https://ac.ecosia.org/autocomplete?q=
http://ip-api.com/jsonq
http://ip-api.com/jsonQ
http://ip-api.com/jsonC:
http://moreil02.top/index.php
http://ip-api.com/jsoncountryCodeinvalid
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://iplogger.org/1N5Jh7
https://duckduckgo.com/ac/?q=
http://pacdpo22.top/index.php
https://duckduckgo.com/chrome_newtab

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\Intel Rapid\IntelRapid.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\lv[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\File.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 30 hidden entries
C:\Users\user\AppData\Local\Temp\dislip\wheezy.exe
PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
#
C:\Users\user\AppData\Local\Temp\dislip\parted.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\IXP000.TMP\Bisogna.exe.com
Targa image data - Mono 65536 x 184 x 0 +65535 ""
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\files_\screenshot.jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\_Files\_Information.txt
Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\_Files\_Screen_Desktop.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\files_\_Chrome\default_cookies.db
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\files_\_Chrome\default_key.bin
data
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\files_\_Chrome\default_logins.db
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\files_\_Chrome\default_webdata.db
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\_Files\_Chrome\default_cookies.db
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\files_\system_info.txt
Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\mrBjrfbmEC.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\lmlpnsexh.vbs
ASCII text
#
C:\Users\user\AppData\Local\Temp\nsc24D7.tmp\UAC.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelRapid.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Tue Sep 28 21:24:18 2021, mtime=Tue Sep 28 21:24:18 2021, atime=Tue Sep 28 08:46:06 2021, length=3570176, window=hide
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\_Files\_Chrome\default_webdata.db
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\_Files\_Chrome\default_logins.db
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\_Files\_Chrome\default_key.bin
data
#
C:\Program Files (x86)\foler\olader\acledit.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\djUYPUrixI\EHvwMhiAAtER.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\IXP000.TMP\l
ASCII text, with very long lines, with CRLF, CR, LF line terminators
#
C:\Users\user\AppData\Local\Temp\IXP000.TMP\Quegli.wav
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\IXP000.TMP\Bel.wav
data
#
C:\Users\user\AppData\Local\Temp\IXP000.TMP\Attitudine.wav
ASCII text, with very long lines, with CRLF, CR, LF line terminators
#
C:\Users\user\AppData\Local\Temp\F466.tmp
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\24DD.tmp
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\json[1].json
ASCII text, with no line terminators
#
C:\Program Files (x86)\foler\olader\adprovider.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\foler\olader\acppage.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#