flash

xmsGPH324z.exe

Status: finished
Submission Time: 08.10.2021 14:05:15
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • exe
  • NanoCore
  • RAT

Details

  • Analysis ID:
    499483
  • API (Web) ID:
    867055
  • Analysis Started:
    08.10.2021 14:11:39
  • Analysis Finished:
    08.10.2021 14:28:42
  • MD5:
    6a4e9c8b6e38bab16622b8d26164b3fd
  • SHA1:
    03e107e3fd378d414297721ac63007a220a4d1cf
  • SHA256:
    b80e381178fe2bf37eb0101d9066864fb73cad0c825b807cd18d3f9a86a70147
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
9/35

malicious
11/27

IPs

IP Country Detection
185.19.85.175
Switzerland
105.112.32.231
Nigeria

Domains

Name IP Detection
strongodss.ddns.net
105.112.32.231

URLs

Name Detection
http://www.onnodb.com/aetraymenuH(

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\tmp2367.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\emeighxa.pif
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 42 hidden entries
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
Non-ISO extended-ASCII text, with no line terminators
#
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegSvcs.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp2ADA.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\Update.vbs
ASCII text, with no line terminators
#
C:\Users\user\AppData\Roaming\14893442\airawo.jpg
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\dhnkdkbusp.icm
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\dptpb.ico
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\drxa.xl
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\dtqvilvv.ico
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\dxbeg.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\elumce.jpg
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\fchqkno.txt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\fmgp.xls
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\fnutoqo.mp3
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\fvfpas.msc
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\gqitwx.ppt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\grmnqeklh.dll
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\gvmpx.ppt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\hjiathvmq.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\hjsqia.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\igmjuxprv.pdf
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\jljrgtr.lni
data
#
C:\Users\user\AppData\Roaming\14893442\jrlbcrbc.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\medptq.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\mgvaaq.exe
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\mpiregn.icm
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\ouws.txt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\ovlavxu.bmp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\qnio.txt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\sens.exe
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\tfseottth.ppt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\ulltauphv.ppt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\uwkdufhhqu.jpg
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\whko.xl
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\xhhgdqg.xl
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\14893442\xikdv.xma
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Roaming\14893442\xrkitj.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
ASCII text, with no line terminators
#
C:\Users\user\temp\fnutoqo.mp3
ASCII text, with CRLF line terminators
#
\Device\ConDrv
ASCII text, with CRLF, LF line terminators
#