61f113091fd0c.dll

Status: finished

Submission Time: 2022-01-26 10:25:21 +01:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
560270
API (Web) ID:
927797
Analysis Started:

2022-01-26 10:26:42 +01:00
Analysis Finished:

2022-01-26 10:47:57 +01:00
MD5:
687f33ac9cb2e8b3c1e7659422caf253
SHA1:
472513fe01ecbc2f51d70d762c1992a4a24c6c15
SHA256:
d1ca0d9f10382d484d02e90d4d5d987653de42a8c4eb5544e4368e4f1965803c
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
194.76.226.200	Germany

URLs

Name	Detection
http://194.76.226.200/drew/m0QZKcj4ankL3W/8FVzGu6iQpcBkrTN5v3eZ/A6WzaqZBs9gogbdq/m8YEYG_2B_2FLSM/NM7eY2w3b1aL2aX8An/zJ6Vy7aKV/77q51XwDss_2Bne92xk6/rrRqhSV7rhVbP2hjU6R/_2B0H8cg3MM0IyieU8GPC9/gTwDi0Qx4J0HW/gyC_2FqL/iUkABk5euk2dlDO3ecBxilL/xQJUPbO4iF/9AhmuI174lSXWne_2/Fo5eEhaaDB/xKb9szQ5MHJ/1.jlk
http://194.76.226.200/drew/S0hO4k1kNWmaIbAIKk6J/C6ltlnn67F9zU4319Wq/SHohWMCDfW7oiPhqwsiIKI/bmU8FVW7oRmBm/mR3BXgY_/2FBwUjw6HBJfko8dOlgJjVp/0AJ_2FHS_2/F6As3DqY8qnvNETrK/YeXgHXybA3MO/9wS_2FpxfKh/va60IJVV7f3myC/lkXy0Vd4C9gsuVelNEUUO/TZ36G6O4b_2Br5X5/Ty9Sl6i_2F9Ot_2/Fw5KU6KNbXI13KA_2B/fSlw9uxRZ/1GDQy2uvqr3Bg6MoNgQy/Xe_2F1.jlk
http://194.76.226.200/drew/q2MoEGVRNe15Nk60/LDrmU6_2F0GkU3d/_2F0Knrw_2BLeOfpGj/fbCS28O8a/HzEmaSZQ4r2vrrl3ds_2/FJYs8ohc9ZfX55MptAq/LUXti_2BtVHZBpG5bp31OD/nUDVndp9HwGDI/fdApFg3Y/hh5zxa6uVZWdnbZZ4Zw497E/am4BWYNw05/CiWFAq8EmF0WMEY2m/vQZOFYV25Mfi/UplJo0Tr14k/U65NpQlAx9OU47/ZEIy4h_2BMYYm16tA/UAd.jlk
Click to see the 21 hidden entries
http://194.76.226.200/drew/qj8KFpDyUAB/xQ_2FW_2FRVQUR/xo7UR19sTv1fTteFGwviu/H1QAugjBS9BAganl/OqUmHFdTh92Mttp/bKzDAO3E0N_2BxZ1ow/sTpBKLA2p/6BUrMhtfsbHTEuRLWcq7/jTbARM2BAFwOLbLtYBa/i_2BLCetjq8jqUWnEo5XCb/sLP1ktID7e6VC/G3BV6Vkb/N29_2BJlXZ2HReVfDXYWlEP/mt9DueL_2F/NgPtBNn5wZiJtUInd/fWiE7TY0/hCY.jlk
http://194.76.226.200/drew/2f3T6_2Fldpw_2BA6Engti/ap9anBYrptHHy/xCGyvO5i/wYPccsVOVAKMkuNvsUxMYE4/RkZB4YqLqe/XacN1M_2FaB24Ib2R/hVRxOozHufuZ/c6WQY_2FOGu/wQlIyAdYSezuQl/ojNT2IxdKraylKm035Q_2/FdvJBuYlSvhCsegR/oboSzu_2BtJ_2BW/XMLPOefEKMYQuO_2B_/2FNWtFwdl/dQERZJKq6wr_2FxRn8R5/MLhj_2Fz9ge97_2BBFz/rUr1Agrx59/b.jlk
http://194.76.226.200/drew/GVxzdEn3rJxHPgJaE/ckcbKS4onbSJ/ZdlWFtgOHAM/pJGsS1vTtWNP8h/yNsXRCxcvAA6AXQPJwabF/oYnH6redQswcAwtL/rDlMsMT_2FoiQ_2/BdNrJdcFdtJq9vsrPj/Pi_2B3_2B/dnsHU70OV9c4KUJyE_2F/0ip_2FIZ7Wqza0Ho2lN/KYodlnq6PG5KK9SBFWXHj5/viPS4jjPVWzpA/_2B2JOAM/KOBPUpSnsG9auoSxo_2BhjX/PvM1mRJl_2/FaBIYOp1w1wVY3Kqd/ZfinCIlH/i.jlk
http://194.76.226.200/drew/F2DN_2FU1e/fQ5u04QtqSS_2Fpez/wjKfLKebrhaF/MMToBjmjMxS/2NhI76XoCH_2F5/14TeSntbngCZZYLUNIrhm/x6MB8tXx2hU99kkL/VY0QQM3MDv5NCL1/6ydwr5AoPHPZyujorj/zsR7mWAsu/Dgwxr2J_2Bt6yrRwZsuj/G0YF7iDIM95RsJq2szP/8WMC9D3LjonMIPvdKF1kRz/NQS_2FA_2BozQ/hVadPzcD/tG9pjaS8y_2BWqM0wQM2d5M/W.jlk
http://194.76.226.200/drew/SzHdMdWvg/8JrkfhvX1ImoPdiWmQP6/QNbELOUZkV6PJ_2F_2B/T_2FBOZzzLom_2BccXK2f_/2B4napL_2F34z/ZunofQOB/e8FUQk93KOWF2nr5L7lasmZ/NJz0CTr65M/vqC70qv5uFkSE3WWV/uzLbKezipUQb/EiDVCVAB9rI/YTJRJOijIzHReN/lOWZ3chpUTxk47un6IsE8/fGRw3zIlPFEXwpmw/KXHYTQF2fkI3XOU/3s8f8mWLipjSZC2MeH/eanpmASqD48wQWqOn/qyD.jlk
http://194.76.226.200/drew/HzhM5fP5x43l7rSkYr8Y/jYk_2FxetzKCt9WlQ60/DHr3pyDc_2BukVZ7K3nBXi/MEA2Xn3fXlFfO/GgBWR09O/Z1DKEGLlegReZBua8Nnmy16/fhqdF_2Beg/hrDVYSGiYpSkF5kA7/KsGOnRLVKqBx/xsw07jdGhl6/opBuLWprNFNT7s/OVJpMrjpCjISLpLDnGaGt/ixsS7exYYQrwdM8F/_2FgW9_2FjtCahO/8Yp45dJrj8Sd2mVa6W/QapGna.jlk
http://194.76.226.200/drew/m0QZKcj4ankL3W/8FVzGu6iQpcBkrTN5v3eZ/A6WzaqZBs9gogbdq/m8YEYG_2B_2FLSM/NM7
http://194.76.226.200/M
http://194.76.226.200/mA
http://194.76.226.200/drew/S0hO4k1kNWmaIbAIKk6J/C6ltlnn67F9zU4319Wq/SHohWMCDfW7oiPhqwsiIKI/bmU8FVW7o
http://194.76.226.200/BFA
http://194.76.226.200/drew/q2MoEGVRNe15Nk60/LDrmU6_2F0GkU3d/_2F0Knrw_2BLeOfpGj/fbCS28O8a/HzEmaSZQ4r2
http://https://file://USER.ID%lu.exe/upd
http://constitution.org/usdeclar.txtC:
http://194.76.226.200/drew/GVxzdEn3rJxHPgJaE/ckcbKS4onbSJ/ZdlWFtgOHAM/pJGsS1vTtWNP8h/yNsXRCxcvAA6AXQ
http://curlmyip.netJv1GYc8A8hCBIeVDfile://c:
http://194.76.226.200/drew/qj8KFpDyUAB/xQ_2FW_2FRVQUR/xo7UR19sTv1fTteFGwviu/H1QAugjBS9BAganl/OqUmHFd
http://constitution.org/usdeclar.txt
http://ipinfo.io/ip
http://194.76.226.200/
http://curlmyip.net

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\sjfy431f.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\oeprcmty.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\oeprcmty.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
Click to see the 55 hidden entries
C:\Users\user\AppData\Local\Temp\oyq1c2cj.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\oyq1c2cj.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\oyq1c2cj.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\oyq1c2cj.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\pqvogmwc.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\pqvogmwc.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\pqvogmwc.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\pqvogmwc.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\pwlcj2cu.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\pwlcj2cu.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\pwlcj2cu.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\pwlcj2cu.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\oeprcmty.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\sjfy431f.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\sjfy431f.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\sjfy431f.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\tpt0a0ul.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\tpt0a0ul.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\tpt0a0ul.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\tpt0a0ul.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\ugg3o5nf.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\ugg3o5nf.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\ugg3o5nf.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\ugg3o5nf.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\Documents\20220126\PowerShell_transcript.124406.aljG3MvD.20220126102824.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20220126\PowerShell_transcript.124406.bcfkRUYJ.20220126102824.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\RES3848.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols	#
C:\Users\user\AppData\Local\Temp\0hsihch1.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\0hsihch1.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\0hsihch1.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\0hsihch1.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\CSC176C1CB9788E4426ACAF7B271AB13B4.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSC1CA052A85412AB8DCD9B872B5234E.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSC2A73DB97C702412EB695E62356797BBE.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSC38F7C9333840429F8E926B6BB254946E.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSC7E62D986CCD14293A1B1D71B70775B41.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSC8BAF1FC523B466D86EA8211DF896A.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSCA98C8C663682422BB3F042EAAC3AA5FC.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSCCBF2AAC487274BF4B5441EA2B445AE92.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\RES105D.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols	#
C:\Users\user\AppData\Local\Temp\RES2E65.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Temp\RES4A3A.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols	#
C:\Users\user\AppData\Local\Temp\RESEA8.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols	#
C:\Users\user\AppData\Local\Temp\RESEEEB.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols	#
C:\Users\user\AppData\Local\Temp\RESF563.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x47e, 9 symbols	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_02dez10h.oni.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5fuoontv.beq.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_npkgel2o.x34.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sb4tfs3y.gr4.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vpvcqr5c.u5n.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vwgoeqp4.lue.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wuzmjj4s.5no.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhaj02ra.0xw.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\oeprcmty.0.cs	UTF-8 Unicode (with BOM) text	#

61f113091fd0c.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

URLs

Dropped files

61f113091fd0c.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

URLs

Dropped files

Search started

61f113091fd0c.dll