rFRgieWgV9.exe

Status: finished

Submission Time: 2022-07-26 09:29:07 +02:00

Malicious

Ransomware

Trojan

Evader

Comments

Details

Analysis ID:
673360
API (Web) ID:
1040865
Analysis Started:

2022-07-26 09:30:28 +02:00
Analysis Finished:

2022-07-26 09:41:52 +02:00
MD5:
ad62332b9fc5fb70fa1cc2913812154a
SHA1:
e3fd29cbbefcae39190af5262852446533642daa
SHA256:
4728a3fa4f94d7a09e2dbe21d12ae84543042ce88ba4ea11f3fb3f27490a4933
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 49/71

malicious

Score: 24/26

IPs

IP	Country	Detection
158.69.65.151	Canada
148.251.234.83	Germany

Domains

Name	IP	Detection
geoiptool.com	158.69.65.151
www.geodatatool.com	158.69.65.151
iplogger.org	148.251.234.83

URLs

Name	Detection
https://geodatatool.com/en/
https://www.wiroos.com
HTTPS://GEODATATOOL.COM/FR/
Click to see the 39 hidden entries
HTTPS://TWITTER.COM/SHARE
https://iplogger.org/1I0jB.torrent
http://iplogger.org/1I0jB.torrent3
HTTPS://WWW.GEODATATOOL.COM/
HTTPS://CODE.JQUERY.COM/JQUERY-2.1.1.MIN.JS
https://geodatatool.com/pt/
HTTPS://GEODATATOOL.COM/JA/
https://iplogger.org/A
HTTPS://GEODATATOOL.COM/IT/
http://iplogger.org/1I0jB.torrent
https://geodatatool.com/it/
https://geodatatool.com/fr/
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://iplogger.org/1I0jB.torrentC
https://twitter.com/share
HTTPS://GEODATATOOL.COM/PT/
https://www.geodatatool.com/
https://geodatatool.com/ja/
https://iplogger.org/1I0jB.torrent)
HTTPS://GEODATATOOL.COM/ZH/
HTTPS://GEODATATOOL.COM/ES/
https://maps.google.com/maps/api/js?sensor=true
https://geodatatool.com/de/
https://geodatatool.com/ru/
https://apis.google.com/js/plusone.js
https://iplogger.org/d
https://iplogger.org/
http://geoiptool.com/
HTTPS://WWW.WIROOS.COM
HTTPS://APIS.GOOGLE.COM/JS/PLUSONE.JS
HTTPS://MAPS.GOOGLE.COM/MAPS/API/JS?SENSOR=TRUE
https://geodatatool.com/es/
https://geodatatool.com/zh/
HTTPS://GEODATATOOL.COM/DE/
HTTPS://GEODATATOOL.COM/RU/
HTTPS://MAXCDN.BOOTSTRAPCDN.COM/BOOTSTRAP/3.2.0/JS/BOOTSTRAP.MIN.JS
HTTPS://GEODATATOOL.COM/EN/
https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js
https://code.jquery.com/jquery-2.1.1.min.js

Dropped files

Name	File Type	Hashes
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	ASCII text, with CRLF line terminators	#
C:\$Recycle.Bin\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	ASCII text, with CRLF line terminators	#
C:\$Recycle.Bin\S-1-5-18\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	ASCII text, with CRLF line terminators	#
Click to see the 3 hidden entries
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	ASCII text, with CRLF line terminators	#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	ASCII text, with CRLF line terminators	#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	ASCII text, with CRLF line terminators	#

Deep Malware Analysis

rFRgieWgV9.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

rFRgieWgV9.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

rFRgieWgV9.exe