=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

dngqoAXyDd.exe

Status: finished
Submission Time: 2021-11-06 12:12:40 +01:00
Malicious
Trojan
Evader
Spyware
TrickBot

Comments

Tags

  • exe
  • top147
  • TrickBot

Details

  • Analysis ID:
    516930
  • API (Web) ID:
    884485
  • Analysis Started:
    2021-11-06 15:02:51 +01:00
  • Analysis Finished:
    2021-11-06 15:24:51 +01:00
  • MD5:
    0afbb383c5cea9f11202d572141bb0f4
  • SHA1:
    148266112b25087f10ac1124ea32630e48fb0bd9
  • SHA256:
    6a910ec8055b3844e3dd14c7af08a68110abc9395a88ab9199e69ed07be27210
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
80/100

System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

malicious
100/100

malicious
80/100

malicious
18/66

malicious
13/45

IPs

IP Country Detection
46.99.175.217
Albania
116.203.16.95
Germany
202.58.199.82
Indonesia
Click to see the 1 hidden entries
24.45.255.9
United States

Domains

Name IP Detection
ip.anysrc.net
116.203.16.95
91.143.129.102.b.barracudacentral.org
127.0.0.2
91.143.129.102.zen.spamhaus.org
0.0.0.0
Click to see the 1 hidden entries
91.143.129.102.cbl.abuseat.org
0.0.0.0

URLs

Name Detection
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/14/user/user/0/
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/10/62/LDBHBJFHFNV/1/
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/23/100019/
Click to see the 97 hidden entries
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/5/file/
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/64/pwgrabb/VERS//
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/0/Windows%2010%20x64/1108/102.129.143.91/6760749C3E0F3C8028653796E6C431FC062A0AA0107C34B734353BDE5C7824FB/K4eaS6gi8qoueakyUIyY/
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/14/path/C:%5CUsers%5Cuser%5CAppData%5CRoaming%5CGNU-Rach-559H%5CdngqoAXyDd.exe/0/
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/5/dpost/
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/64/pwgrabb/DEBG//
https://duckduckgo.com/chrome_newtab
https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
https://duckduckgo.com/ac/?q=
https://www.autoitscript.com/site/autoit/downloads/https://www.autoitscript.com/site/autoit/download
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/14/NAT%20status/clien
https://packetstormsecurity.com/files/download/22459/BIOS320.EXEDownload:
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/10/62/LDBHBJFHFNV/1/t
http://110.38.58.198:443
http://103.111.83.86:443
https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE
https://setup.office.com/home/ProvisionLoading?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8-_
http://27.109.116.144:443
https://www.google.com/search?q=java
https://24.45.255.9/
http://116.206.62.138:443
http://ip.anysrc.net/
https://24.45.255.9:443/login.cgi?uri=/index.html#
https://play.google.com/store/apps/details?id=com.ubnt.umobile
http://186.96.153.223:443
https://46.99.175.217/
http://138.94.162.29:443
https://46.99.175.217/rovider
https://packetstormsecurity.com/https://packetstormsecurity.com/files/download/22459/BIOS320.EXEhttp
https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://office.com/setup
https://recoveringlib.blogspot.com/2015/04/bios320exe-64-bit.htmlBios320.Exe
http://45.115.174.234:443
https://46.99.175.217:443/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/5/dpost/
https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292K
https://202.58.199.82/roviderg/
http://139.255.41.122:443
https://account.live.com/Abuse?mkt=EN-US&uiflavor=web&client_id=1E000040382627&id=293577&lmif=40&abr
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/10/62/LDBHBJFHFNV/1/g
https://setup.office.com/?ms.officeurl=setup
http://36.95.73.109:443
https://202.58.199.82/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/5/pwgrabb64/
https://aka.office.com/office/url/setupMicrosoft
https://recoveringlib.blogspot.com/2015/04/bios320exe-64-bit.html
https://24.45.255.9/login.cgi?uri=/index.html
https://aka.office.com/office/url/setup
https://setup.office.com/SignIn?ru=https%3A%2F%2Fsetup.office.com%2F%3Fms.officeurl%3DsetupSign
https://windows-drivers-x04.blogspot.com/2013/06/bios320exe-64-bit-download.htmlBios320.Exe
https://www.google.com/search?q=autoit
https://46.99.175.217/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/64/pwgrabb/DEBG//0u0u
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://setup.office.com/?ms.officeurl=setupMicrosoft
https://202.58.199.82/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/5/pwgrabc64/
https://login.windows.net/consumers/oauth2/v2.0/authorize?client_id=77f68844-337b-4044-a0d4-153795cf
https://setup.office.com/SignIn?ru=https%3A%2F%2Fsetup.office.com%2F%3Fms.officeurl%3Dsetup2V
https://www.google.com/favicon.ico
https://www.google.com/search?q=adobe
https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=77f68844-337b-4044-a0d4-
http://45.115.174.60:443
https://setup.office.com/Home/Provision?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8.
https://www.office.com/setupMicrosoft
http://96.9.74.169:443
https://packetstormsecurity.com/files/22459/BIOS320.EXE.htmlBIOS320.EXE
https://setup.office.com/Home/Provision?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Continue/
http://196.44.109.73:443
http://202.152.56.10:443
https://www.autoitscript.com/site/autoit/downloads/AutoIt
http://ip.anysrc.net/plain
http://96.9.69.207:443
https://24.45.255.9/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/5/pwgrabb64/
https://24.45.255.9/index.html
https://46.99.175.217/roviders/
https://setup.office.com/EnterPin?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
http://alldrivers4devices.net/download.php?driver=Drv5609xx-zip&key=libDriver
http://www.alldrivers4devices.net/blogstat/click.php?f=bios320_exe64bit.rar%3E%3Cspan%20style=Driver
http://114.7.243.26:443
http://packetstormsecurity.com/files/22459/BIOS320.EXE.html
http://206.251.37.27:443
http://www.alldrivers4devices.net/blogstat/click.php?f=bios320_exe64bit.rar%3E%3Cspan%20style=
http://alldrivers4devices.net/download.php?driver=Drv5609xx-zip&key=lib
https://setup.office.com/SignIn?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8&redirectUri=https%3A%2F%2F
http://45.116.68.109:443
https://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/8u301-b09/d3c52aa6bfa54d3ca74e617f18309292/JavaSetup8u301
http://103.75.32.173:443
http://64.64.150.203:443
http://190.183.60.164:443
https://setup.office.com/Home/EligibileActModern?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Microsoft
https://www.google.com/search?q=testzentrum
http://117.54.140.98:443
https://setup.office.com/Home/EligibileActModern?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
https://cdn.stubdownloader.services.mozilla.com/builds/firefox-latest-ssl/en-GB/win64/b5110ff5d41570
https://www.google.com/search?q=at
https://24.45.255.9/cookiechecker?uri=/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/5/pwgrabb64/
https://202.58.199.82/S/6a
https://202.58.199.82:443/top147/061544_W10019042.34ED337BB336C4191A537F33B775D9BB/5/pwgrabb64/
https://stubdownloader.services.mozilla.com/?attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bT
https://www.alldrivers4devices.net/blogstat/click.php?f=bios320_exe64bit.rar%3E%3Cspan%20style=Drive

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies.bak
SQLite 3.x database, last written using SQLite version 3035005
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History.bak
SQLite 3.x database, last written using SQLite version 3035005
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak
SQLite 3.x database, last written using SQLite version 3035005
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak
SQLite 3.x database, last written using SQLite version 3035005
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.bak
ASCII text, with very long lines, with no line terminators
#