top title background image
flash

REQUIREMENT.exe

Status: finished
Submission Time: 2021-10-13 15:36:13 +02:00
Malicious
Trojan
Evader
Spyware
GuLoader, GuLoader FormBook

Comments

Tags

  • exe
  • guloader

Details

  • Analysis ID:
    502075
  • API (Web) ID:
    869650
  • Analysis Started:
    2021-10-13 15:36:14 +02:00
  • Analysis Finished:
    2021-10-13 16:03:38 +02:00
  • MD5:
    fb70ff484021669624233d0fbd77ec6a
  • SHA1:
    6820b13631967663ec2637c43c828468633051fd
  • SHA256:
    2b40757a6763aa725d86426ce3cd16fcf1380a9152837d4fbe5e5b085710054c
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 68
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
malicious
Score: 100
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

Third Party Analysis Engines

malicious
Score: 18/37

IPs

IP Country Detection
15.197.150.5
United States
154.195.206.5
Seychelles
216.189.108.75
United States
Click to see the 29 hidden entries
199.34.228.191
United States
198.54.117.211
United States
66.96.130.148
United States
198.59.144.16
United States
192.0.78.25
United States
137.117.17.70
United States
154.215.231.81
Seychelles
151.101.192.119
United States
3.121.211.190
United States
47.88.32.85
United States
91.195.240.94
Germany
172.67.139.41
United States
199.101.245.90
United States
185.73.226.109
unknown
156.67.72.176
United States
192.64.116.180
United States
75.2.115.196
United States
103.164.172.49
unknown
156.239.224.4
Seychelles
51.77.52.109
France
142.250.185.161
United States
172.217.168.78
United States
172.217.168.46
United States
204.141.43.204
United States
93.184.220.29
European Union
172.217.168.33
United States
34.102.136.180
United States
198.54.117.210
United States
142.250.186.179
United States

Domains

Name IP Detection
www.6ohmf.info
0.0.0.0
www.shopsharpgraphics.com
199.34.228.191
www.cinargeridonusum.com
154.215.231.81
Click to see the 49 hidden entries
hkautobox.com
51.77.52.109
www.researchlearningspirit.xyz
172.67.139.41
www.xn--4pvw92bcry.com
75.2.115.196
www.jkwhitleyphotography.com
0.0.0.0
www.uprisehealthmonitoring.com
137.117.17.70
www.high-clicks.com
192.64.116.180
www.nazfoodstuff.com
0.0.0.0
www.domainair.biz
0.0.0.0
tpmionline.com
216.189.108.75
www.hkautobox.com
0.0.0.0
www.estudio-me.com
0.0.0.0
www.bestofnapa.guide
0.0.0.0
www.boliden-ab.com
0.0.0.0
www.sanchalanprokashon.com
0.0.0.0
www.alexanderorlandis.com
0.0.0.0
www.marvellouslles.com
0.0.0.0
www.originial-motors.com
0.0.0.0
www.centralcontable.net
0.0.0.0
www.yakyu-eiga.com
0.0.0.0
www.ebbtidefloodtide.com
0.0.0.0
www.jachaljuega.com
0.0.0.0
www.ceruleden.com
47.88.32.85
www.bqgfk.com
154.195.206.5
www.taichan.xyz
0.0.0.0
www.tpmionline.com
0.0.0.0
alexanderorlandis.com
156.67.72.176
centralcontable.net
198.59.144.16
www.mobileiranian2.com
185.73.226.109
taichan.xyz
103.164.172.49
www.fishermandm.com
66.96.130.148
estudio-me.com
192.0.78.25
www.nu12.online
91.195.240.94
www.i8news-de.website
3.121.211.190
a402f69f12f4a8640.awsglobalaccelerator.com
15.197.150.5
www.thousandoaks-buickgmc.com
199.101.245.90
www.alo360.net
156.239.224.4
www.cacaolixir.com
0.0.0.0
www.soymilk-design.com
151.101.192.119
googlehosted.l.googleusercontent.com
142.250.185.161
doc-0o-60-docs.googleusercontent.com
0.0.0.0
doc-04-7g-docs.googleusercontent.com
0.0.0.0
clients.config.office.net
0.0.0.0
ghs.googlehosted.com
142.250.186.179
zhs.zohosites.com
204.141.43.204
drive.google.com
172.217.168.46
cacaolixir.com
34.102.136.180
parkingpage.namecheap.com
198.54.117.210
docs.google.com
172.217.168.78
bestofnapa.guide
34.102.136.180

URLs

Name Detection
http://www.nazfoodstuff.com/cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC
http://www.taichan.xyz/cogu/?E6=A+BqLwYGva59ha/kPE6YS9y5Cw6+WAl2lefwiAx9zEuoRfqY6i5KVFoFLUK0YMYmgzYy&EVpdF=D6AlWhC
http://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP
Click to see the 97 hidden entries
http://www.boliden-ab.com/cogu/?E6=S26i6wvHPThQg5EmN96E/uV1flc9kx0qaETcxJTPPIRiBsvCj8OwSBVU0bghLZ2zBTNI&-Z=5j3dv6rhizRPl0MP
http://www.uprisehealthmonitoring.com/cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi
http://www.marvellouslles.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=jcFOH/ZxkSx2B+eOzji128R7cFyPyE6Tynf2GelbWKAhzBX6sEIR/9TLWk4pwFmf1t+F
http://www.shopsharpgraphics.com/cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&JXeD0V=5jFpKDWXi
http://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF
http://www.nu12.online/cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF
http://www.xn--4pvw92bcry.com/cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&-Z=5j3dv6rhizRPl0MP
http://www.ceruleden.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=xvNBpPJxoT3V4STjWu+oXBc4W2+zox4LkJxyAqr5flGYxwgg6ZSnpz45f2Sl431JRkcr
http://www.hkautobox.com/cogu/?E6=XfIccXNfLX5VXF4pbqJOgkj9hfbfozamY6uAUfQ6uaB911jdIVb8IPx0hpo8MPsnFfll&EVpdF=D6AlWhC
http://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC
http://www.cinargeridonusum.com/cogu/
www.tpmionline.com/cogu/
http://www.shopsharpgraphics.com/cogu/
http://www.xn--4pvw92bcry.com/cogu/
http://www.nu12.online/cogu/
http://www.soymilk-design.com/cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC
http://www.bqgfk.com/cogu/?E6=Esy+SZGnlGcFL3b4TdwIqkWYMoe5TN9PO2uJWgi8huQtR8iqs12O2F0FkbqpOK+vLGht&EVpdF=D6AlWhC
http://www.domainair.biz/cogu/
http://www.high-clicks.com/cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC
http://www.researchlearningspirit.xyz/cogu/
http://www.fishermandm.com/cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC
http://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC
http://www.fishermandm.com/cogu/
http://www.xn--4pvw92bcry.com/cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&GJE=6lTPJF
http://www.nazfoodstuff.com/cogu/
http://www.alo360.net/cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF
http://www.alexanderorlandis.com/cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi
http://www.i8news-de.website/cogu/?E6=CWSu9rBRqjtTkxrJy4pABq4mxihAfalcaoFBMiLqB2EmPhnp5uCs+6CRD45lGLAfaluR&JXeD0V=5jFpKDWXi
http://www.high-clicks.com/cogu/
http://www.domainair.biz/cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC
http://www.estudio-me.com/cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi
http://www.jkwhitleyphotography.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2
http://www.shopsharpgraphics.com/cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC
http://www.tpmionline.com/cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC
http://www.cinargeridonusum.com/cogu/?E6=YWc9mILWetVQGhipA+G2uDb+SeX0Cd/MjDmv0ZQMTg5SMMvYjLI+xM6WaOuTEiNNd0Xk&GJE=6lTPJF
http://www.tpmionline.com/cogu/
http://www.jachaljuega.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ
https://doc-0o-60-docs.googleusercontent.com/b
http://schemas.micro
https://doc-04-7g-docs.googleusercontent.com/t
https://docs.google.com/Gql
https://aka.ms/odirm
http://www.cacaolixir.com/cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC
http://www.cacaolixir.com/cogu/
http://www.google.com/support/accounts/answer/151657?hl=en
https://docs.google.com/
https://www.msn.com/de-ch/?ocid=iehp
https://drive.google.com/cA
https://drive.google.com/f
https://doc-0o-60-docs.googleusercontent.com/docs/secure
https://excel.office.com
https://drive.google.com/ertificates
http://www.thousandoaks-buickgmc.com/cogu/W
https://docs.google.com/k
http://www.bestofnapa.guide/cogu/?E6=0YOc4eMaPzOzEkITDzffiHUHUfLmwWJQOjcrghoXxwbMleRPqH/xhR7l6RpoJjhKUSQ4&EVpdF=D6AlWhC
https://www.zoho.com/sites/images/professionally-crafted-themes.png
https://docs.google.com/com_q
https://api.msn.com:443/v1/news/Feed/Windows?
https://powerpoint.office.com
http://www.foreca.com
http://www.thousandoaks-buickgmc.com/cogu/L
https://doc-0o-60-docs.googleusercontent.com/-
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcj
https://docs.google.com/nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleuserco
https://www.msn.com/?ocid=iehp
https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra
https://docs.google.com/osoft
http://www.searchvity.com/
http://www.searchvity.com/?dn=
https://doc-0o-60-docs.googleusercontent.com/%%doc-0o-60-docs.googleusercontent.com
http://www.thousandoaks-buickgmc.com/cogu/
http://www.thousandoaks-buickgmc.com/cogu/6
https://doc-04-7g-docs.googleusercontent.com/%%doc-04-7g-docs.googleusercontent.com
https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb
https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
https://doc-04-7g-docs.googleusercontent.com/3
https://outlook.com
https://word.office.comcaS
https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external
https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra59sspsgplogf893q75230rnc/1634132775000/18281895610876391208/*/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download
https://docs.google.com/nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e%3Ddownload&hash=ne1ffd4kaaa27pue6e32mldfstfdqasf
https://doc-0o-60-docs.googleusercontent.com/
https://doc-04-7g-docs.googleusercontent.com/W
https://doc-04-7g-docs.googleusercontent.com/S
https://api.msn.com/v1/news/Feed/Windows?
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download&nonce=r167qul5841hi&user=04225796272126474013Z&hash=htm37s8j60l12inv0q761u8k5rdo7ceb
https://drive.google.com/
https://doc-0o-60-docs.googleusercontent.com/uT
https://www.zoho.com/sites/?src=parkeddomain&dr=www.nazfoodstuff.com
http://www.shopsharpgraphics.com
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download
https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
https://www.msn.com/?ocid=iehpLMEM
https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
https://doc-04-7g-docs.googleusercontent.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Aidr0p8lx\certmgr3ff.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\DB1
SQLite 3.x database, last written using SQLite version 3035005
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
Composite Document File V2 Document, Cannot read section info
#