top title background image
flash

gunzipped.exe

Status: finished
Submission Time: 2022-01-06 07:56:18 +01:00
Malicious
Trojan
Spyware
Evader
Oski Stealer Vidar

Comments

Tags

  • exe
  • OskiStealer

Details

  • Analysis ID:
    548641
  • API (Web) ID:
    916163
  • Analysis Started:
    2022-01-06 07:56:19 +01:00
  • Analysis Finished:
    2022-01-06 08:04:14 +01:00
  • MD5:
    c2301b62539adcba29dcf6a3200bd017
  • SHA1:
    fd80f7e8e32661d5ec12e7a901f22a9ed82e17a7
  • SHA256:
    c30ce79d7b5b0708dc03f1532fa89afd4efd732531cb557dc31fe63acd5bc1ce
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 23/43

IPs

IP Country Detection
2.56.57.108
Netherlands

URLs

Name Detection
http://2.56.57.108/osk//4.jpg
http://2.56.57.108/osk//2.jpg
http://2.56.57.108/osk//7.jpg
Click to see the 26 hidden entries
http://2.56.57.108/osk//6.jpg
http://2.56.57.108/osk//1.jpghttp://2.56.57.108/osk//4.jpghttp://2.56.57.108/osk//7.jpghttp://2.56.5
http://2.56.57.108/osk//1.jpg
http://2.56.57.108/osk//3.jpg
http://2.56.57.108/osk//5.jpg2
http://2.56.57.108/osk/
http://www.mozilla.com0
http://ocsp.thawte.com0
http://2.56.57.108/osk//main.php
http://2.56.57.108/osk//5.jpg
http://2.56.57.108/osk//2.jpghttp://2.56.57.108/osk//6.jpghttp://2.56.57.108/osk//3.jpghttp://2.56.5
http://2.56.57.108/osk//7.jpgB
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://duckduckgo.com/chrome_newtab
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://nsis.sf.net/NSIS_Error
https://ac.ecosia.org/autocomplete?q=
http://nsis.sf.net/NSIS_ErrorError
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
https://support.google.com/chrome/?p=plugin_flash
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://support.google.com/chrome/answer/6258784
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://duckduckgo.com/ac/?q=
http://www.mozilla.com/en-US/blocklist/

Dropped files

Name File Type Hashes Detection
C:\ProgramData\834793065949733\_8347930659.zip
Zip archive data, at least v2.0 to extract
#
C:\ProgramData\834793065949733\cookies\Google Chrome_Default.txt
ASCII text, with CRLF line terminators
#
C:\ProgramData\834793065949733\screenshot.jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
#
Click to see the 12 hidden entries
C:\ProgramData\834793065949733\system.txt
ISO-8859 text, with CRLF line terminators
#
C:\ProgramData\834793065949733\temp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\sqlite3.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\3lzr9t8b2fewpx2
data
#
C:\Users\user\AppData\Local\Temp\dxaqqkiiu
data
#
C:\Users\user\AppData\Local\Temp\nsy255F.tmp\qhvek.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#