flash

2GirCpksIO.exe

Status: finished
Submission Time: 22.11.2021 15:11:22
Malicious
Ransomware
Trojan
Evader
Spyware
GuLoader Lokibot

Comments

Tags

Details

  • Analysis ID:
    526365
  • API (Web) ID:
    893891
  • Analysis Started:
    22.11.2021 15:16:43
  • Analysis Finished:
    22.11.2021 15:39:36
  • MD5:
    5cc619f7dd365ec061f1f385d25bea30
  • SHA1:
    5b28cb97973da18953fb284648f13257f0aba2f3
  • SHA256:
    7f5124088c09a925ad3a162b4e56391557dfc7d9950b9a55044036698d369d13
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
84/100

System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

malicious
100/100

malicious
22/68

malicious
9/44

IPs

IP Country Detection
192.185.217.246
United States
68.66.226.70
United States

Domains

Name IP Detection
afrocompass.com
68.66.226.70
karinedocesesalgados.com.br
192.185.217.246

URLs

Name Detection
http://karinedocesesalgados.com.br/nedo/five/fre.php
https://afrocompass.com/k
https://karinedocesesalgados.com.br/nedo/five/fre.php
Click to see the 17 hidden entries
https://afrocompass.com/karinedocesesalgados_Hpi
http://schemas.microso
https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
http://schemas.xmlsoap.org/ws/2004/09/policy
http://schemas.xmlsoap.org/wsdl/erties
http://schemas.xmlsoap.org/wsdl/soap12/
http://schemas.xmlsoap.org/wsdl/
https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin0;
http://www.live.com
http://www.msn.com
http://schemas.xmlsoap.org/ws/2005/02/trust
http://docs.oasis-open.org/ws-sx/ws-trust/200512
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin_
https://afrocompass.com/c

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Credentials\93CE54EBD72B5E2187F75E8118A14612_dec
data
#
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.hdb
data
#
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.lck
very short file (no magic)
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb
data
#