=

We are hiring! Windows Kernel Developer (Remote), apply here!

SecuriteInfo.com.Variant.Jaik.72878.10638.exe

Status: finished

Submission Time: 2022-05-13 19:42:11 +02:00

Malicious

Trojan

Evader

FormBook

Comments

Tags

Details

Analysis ID:
626276
API (Web) ID:
993783
Analysis Started:

2022-05-13 19:42:12 +02:00
Analysis Finished:

2022-05-13 19:53:44 +02:00
MD5:
69250f55fbfe48822c838b4eeaf33a0a
SHA1:
3e4e1dd9dbeb98ec354f7a03d455a0a38ccea4e5
SHA256:
752d0155c769033832d6845eabba29bce2b9d0eedff734b31a49c879ed08ff72
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports

				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211		100/100
						26/62
						18/41

IPs

IP	Country	Detection
170.75.150.177	United States
35.186.238.101	United States

Domains

Name	IP	Detection
www.qzbozhijy.com	170.75.150.177
www.lume24.com	0.0.0.0
www.cryptocurrenciesmarketcaps.com	35.186.238.101

URLs

Name	Detection
www.worklifefirewalls.com/m9y5/
http://www.qzbozhijy.com/m9y5/?GDHDO=orMzR/RfXnMhfSAyBjBjnR1lGR+TvkHzuwdFBkAhJBLh1eKTDfMMMN4zoKLE4Jh6elIQ&2d0tk4=7nxxAXLHM4
https://zz.bdstatic.com/linksubmit/push.js
Click to see the 2 hidden entries
http://nsis.sf.net/NSIS_ErrorError
http://push.zhanzhang.baidu.com/push.js

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\fdvucso.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\kk2f9zwlwvo3ghi9f9	data	#
C:\Users\user\AppData\Local\Temp\nsmCEB5.tmp	data	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\wqqynoeqp	data	#