Register Login

sloganpng

top title background image

PasswordStealer.NET.exe

Status: finished

Submission Time: 2022-02-22 09:21:37 +01:00

Malicious

Trojan

Spyware

Evader

HawkEye MailPassView

Comments

Tags

Details

Analysis ID:
576204
API (Web) ID:
943731
Analysis Started:

2022-02-22 09:21:39 +01:00
Analysis Finished:

2022-02-22 09:29:55 +01:00
MD5:
fb2ca93f987313108abdd4a6d687783a
SHA1:
0783b8327a88aff87c627497d4333fd778da59be
SHA256:
b9561f35b2fa188ed20de24bb67956e15858aeb67441fb31cbcfe84e1d4edc9a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 58/68

Open Full Report

malicious

Score: 24/35

malicious

Score: 26/29

malicious

malicious

Domains

Name	IP	Detection
202.200.1.0.in-addr.arpa	0.0.0.0
bot.whatismyipaddress.com	0.0.0.0

URLs

Name	Detection
https://a.pomf.cat/
http://pomf.cat/upload.php&https://a.pomf.cat/
http://pomf.cat/upload.php
Click to see the 6 hidden entries
http://pomf.cat/upload.phpCContent-Disposition:
http://bot.whatismyipaddress.com
http://www.nirsoft.net/
http://bot.whatismyipaddress.com4
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://bot.whatismyipaddress.com/

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PasswordStealer.NET.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\5c9e99f0-aed9-08b2-ba3c-8df8e171ab02	ASCII text, with no line terminators	#