top title background image
flash

EXPORT INVOICE 2021.exe

Status: finished
Submission Time: 2021-10-13 18:18:13 +02:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • xloader

Details

  • Analysis ID:
    502233
  • API (Web) ID:
    869807
  • Analysis Started:
    2021-10-13 18:20:09 +02:00
  • Analysis Finished:
    2021-10-13 18:31:05 +02:00
  • MD5:
    54bb8fbbfe0a665ca59579a0240ce2f0
  • SHA1:
    0b97e4463c76df4541179880902bb6966ef3f894
  • SHA256:
    3bd841c6957e9fdb7e9d4558fb417dca9d7317d087cdbbb270155d9a6698e657
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 22/67
malicious
Score: 6/35

IPs

IP Country Detection
51.161.86.13
Canada
209.17.116.165
United States

Domains

Name IP Detection
ratqueen.art
51.161.86.13
www.piedmontpines.school
209.17.116.165
www.kalitelihavaperdesi.com
0.0.0.0
Click to see the 4 hidden entries
www.sosibibyslot.space
0.0.0.0
www.zoipartner.com
0.0.0.0
www.ratqueen.art
0.0.0.0
www.yuezhong66.com
0.0.0.0

URLs

Name Detection
www.vulcanopresale.icu/mqi9/
http://www.ratqueen.art/mqi9/?4heD=-Zg8bjv8BJx4HBw&z0=iv8Ag4bEJuIinTRZ0o23voggRtPwqtQ/ydF60y+S+AJP0Z2gEdIzW1gU1h5YO8GPbSLa
http://www.piedmontpines.school/mqi9/?z0=TImHsH9dZg2P5abYftozWuM8TNrG03iNFbmWCvRDMTsTbH54OyQX2B6DGU+4mOJFrbhV&4heD=-Zg8bjv8BJx4HBw
Click to see the 1 hidden entries
http://www.founder.com.cn/cn

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\EXPORT INVOICE 2021.exe.log
ASCII text, with CRLF line terminators
#