Invoice_for_your_shipment.exe

Status: finished

Submission Time: 2023-04-16 13:09:31 +02:00

Malicious

Ransomware

Spreader

Trojan

Spyware

Evader

BluStealer, ThunderFox Stealer, a310Logg

Comments

Details

Analysis ID:
847552
API (Web) ID:
1214628
Analysis Started:

2023-04-16 13:09:34 +02:00
Analysis Finished:

2023-04-16 13:28:25 +02:00
MD5:
76a953005611843cca8ba94dc2ffbfcf
SHA1:
af634f838961dbeb328c9fb09ab23cb1aca2affe
SHA256:
8673653b4e2feb2342836fa526e90d2412ff6f61d77e693efb0172827f45c135
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 22/70

malicious

Score: 6/37

malicious

IPs

IP	Country	Detection
72.26.218.86	United States
63.251.235.76	United States
63.251.106.25	United States
Click to see the 21 hidden entries
63.251.126.10	United States
173.231.184.122	United States
173.231.189.15	United States
206.191.152.37	United States
173.231.184.124	United States
107.6.74.76	United States
206.191.152.58	United States
167.99.35.88	United States
199.21.76.77	United States
72.251.233.245	United States
72.5.161.12	United States
162.217.98.146	United States
199.21.76.81	United States
103.224.182.251	Australia
165.160.15.20	United States
199.59.243.223	United States
35.205.61.67	United States
85.214.228.140	Germany
169.50.13.61	United States
82.112.184.197	Russian Federation
149.154.167.220	United Kingdom

Domains

Name	IP	Detection
mnjmhp.biz	173.231.189.15
yauexmxk.biz	199.21.76.77
oshhkdluh.biz	173.231.184.122
Click to see the 50 hidden entries
gnqgo.biz	199.21.76.77
deoci.biz	199.21.76.77
brsua.biz	72.26.218.86
nqwjmb.biz	72.251.233.245
cvgrf.biz	206.191.152.58
qaynky.biz	63.251.126.10
bumxkqgxu.biz	63.251.106.25
yhqqc.biz	107.6.74.76
qpnczch.biz	162.217.98.146
gvijgjwkh.biz	199.21.76.81
vcddkls.biz	72.5.161.12
acwjcqqv.biz	72.5.161.12
vyome.biz	162.217.98.146
gytujflc.biz	0.0.0.0
ww25.uhxqin.biz	0.0.0.0
iuzpxe.biz	0.0.0.0
wllvnzb.biz	0.0.0.0
ww25.anpmnmxo.biz	0.0.0.0
zlenh.biz	0.0.0.0
ssbzmoy.biz	0.0.0.0
yunalwv.biz	0.0.0.0
saytjshyf.biz	173.231.184.124
jpskm.biz	107.6.74.76
ftxlah.biz	206.191.152.37
pywolwnvd.biz	173.231.184.122
ifsaia.biz	63.251.126.10
ytctnunms.biz	199.21.76.81
oflybfv.biz	173.231.189.15
vrrazpdh.biz	107.6.74.76
tbjrpv.biz	63.251.235.76
jhvzpcfg.biz	173.231.184.124
xlfhhhm.biz	173.231.189.15
dwrqljrr.biz	173.231.184.122
przvgke.biz	167.99.35.88
fwiwk.biz	167.99.35.88
typgfhb.biz	63.251.126.10
npukfztj.biz	63.251.106.25
sxmiywsfv.biz	63.251.126.10
esuzf.biz	107.6.74.76
dlynankz.biz	85.214.228.140
vjaxhpbji.biz	82.112.184.197
knjghuig.biz	35.205.61.67
anpmnmxo.biz	103.224.182.251
uhxqin.biz	103.224.182.251
lejtdj.biz	169.50.13.61
api.telegram.org	149.154.167.220
lrxdmhrr.biz	169.50.13.61
myups.biz	165.160.15.20
74378.bodis.com	199.59.243.223
lpuegx.biz	82.112.184.197

URLs

Name	Detection
http://nqwjmb.biz/kkhv
http://deoci.biz/tnhedtl
http://saytjshyf.biz/yvbogwlnwyob
Click to see the 97 hidden entries
http://nqwjmb.biz/pifkxwljmehdo
http://brsua.biz/vmtn
http://saytjshyf.biz/losjmuva
http://ftxlah.biz/pgmtltrgossif
http://pywolwnvd.biz/k
http://acwjcqqv.biz/vyptgmcdvhoxr
http://typgfhb.biz/dbfdtscoifggce
http://yauexmxk.biz/nyn
http://cvgrf.biz/fqlgrgwighk
http://82.112.184.197/m
http://vyome.biz/gopnvfcf
http://przvgke.biz/hsasneahhubclvh
http://dwrqljrr.biz/domsidkascnsr
http://oflybfv.biz/veycwpvyfn
http://ww25.uhxqin.biz/ybrl?subid1=20230416-2110-54f7-a320-e28a1d2c7c8bx
http://brsua.biz/bgi
http://sxmiywsfv.biz/yyoi
http://ifsaia.biz/somt
http://oshhkdluh.biz/wtmwby
http://qpnczch.biz/bjqosyjcxeedtuu
http://fwiwk.biz/cbvt
http://oshhkdluh.biz/nurtrnxx
http://vrrazpdh.biz/tpko
http://ftxlah.biz/mkbrxj
http://ytctnunms.biz/hcwu
http://vyome.biz/srg
http://82.112.184.197/Y
http://173.231.189.15/pfxwvdevslded)
http://vyome.biz/vd
http://ww25.anpmnmxo.biz/suurctwpqnkqow?subid1=20230416-2110-544b-85ba-e51525027392
http://173.231.189.15/.
http://ww25.uhxqin.biz/ybrl?subid1=20230416-2110-54f7-a320-e28a1d2c7c8b
http://173.231.189.15/veycwpvyfn
http://myups.biz/jtodmk
http://107.6.74.76/bwbieqoskeebh)
http://dlynankz.biz/nfkpu
http://63.251.106.25/r
http://107.6.74.76/
http://www.autoitscript.com/autoit3/8
http://uhxqin.biz/libs
http://206.191.152.58/fqlgrgwighk
http://72.251.233.245:80/kkhv4f
http://brsua.biz/
http://165.160.15.20:80/tmykhmauj
http://165.160.15.20/
https://api.telegram.org/
http://72.5.161.12/
http://162.217.98.146:80/srg
http://63.251.106.25/v
http://myups.biz/aoxqxu
http://63.251.126.10:80/iendu
http://63.251.106.25/knm
http://107.6.74.76/cbofmwqt
http://169.50.13.61/byyqroqsp
http://173.231.189.15/lmtplmgkrvae
http://ww2112.184.197/
https://mail.google.com/
http://schemas.microsoft.
http://199.21.76.81/jhnjq
http://anpmnmxo.biz/suurctwpqnkqow
http://jhvzpcfg.biz/
http://anpmnmxo.biz/paihdrkypibk
http://72.5.161.12/I
http://72.251.233.245/
http://169.50.13.61:80/brot7
http://173.231.189.15/lmtplmgkrvaed/
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter
http://63.251.126.10:80/kv
http://63.251.106.25/
https://javadl-esd-secure.oracle.com/update/%s/map-%s.xml
http://es5.github.io/#x15.4.4.21
http://anpmnmxo.biz/qismhduwaeyi
http://173.6.74.76/
http://knjghuig.biz/auqfrb
http://103112.184.197/
http://85.214.228.140:80/nfkpuy
http://63..231.184.124/
http://knjghuig.biz/mkmmrjolsuahe
http://103.224.182.251/
http://72.251.106.25/
http://ww25.uhxqin.biz/libs?subid1=20230416-2110-564e-aceb-d48a611e08e2ab-4e80-9a8d-499e937439a7
http://www.computerhope.com/forum/index.php?topic=76293.0
http://173.231.184.122:80/ykg
http://schemas.datacontract.org/2004/07/Microsoft.Office.LicensingService.Common
http://173.231.184.124/yvbogwlnwyob
http://ww25.anpmnmxo.biz/sxhqvetphvedawe?subid1=20230416-2110-578e-acef-c6d37320aae4
http://173.231.184.124:80/ypucurrags
http://82.112.184.197/
http://107.6.74.76/pkeyttdvgvosvgi
http://63.251.126.10/v:
http://199.21.76.81:80/yhebidewgoyfggwb
http://169.50.13.61/
http://63.251.235.76/qajwhxsejffc
http://qaynky.biz/
https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessageFB716
http://85..231.189.15/
http://82.112.184.197/euyfnficopgpe

Dropped files

Name	File Type	Hashes
C:\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Invoice_for_your_shipment.exe.log	ASCII text, with CRLF line terminators	#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 91 hidden entries
C:\Program Files\Windows Media Player\wmpnetwk.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\Google\Chrome\Application\104.0.5112.81\notification_helper.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\Google\Chrome\Application\104.0.5112.81\elevation_service.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\Google\Chrome\Application\104.0.5112.81\chrome_pwa_launcher.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\setup.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ChromeSetup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files\Common Files\microsoft shared\OFFICE16\CMigrate.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Program Files (x86)\Google\Update\1.3.36.131\GoogleUpdateSetup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Google\Update\1.3.36.131\GoogleUpdateOnDemand.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Google\Update\1.3.36.131\GoogleUpdateCore.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Google\Update\1.3.36.131\GoogleUpdateComRegisterShell64.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files (x86)\Google\Update\1.3.36.131\GoogleUpdateBroker.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Google\Update\1.3.36.131\GoogleUpdate.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Google\Update\1.3.36.131\GoogleCrashHandler64.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files (x86)\Google\Update\1.3.36.131\GoogleCrashHandler.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Windows\System32\SensorDataService.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Windows\System32\xbgmsvc.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Windows\System32\wbengine.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\System32\wbem\WmiApSrv.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\System32\vds.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\System32\snmptrap.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Windows\System32\msiexec.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\System32\msdtc.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\System32\alg.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\System32\VSSVC.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\System32\TieringEngineService.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\System32\Spectrum.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Windows\System32\SearchIndexer.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\System32\OpenSSH\ssh-agent.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Windows\System32\Locator.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Windows\System32\FXSSVC.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\System32\AppVClient.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Windows\System32\AgentService.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\SysWOW64\perfhost.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\CR_94EB1.tmp\setup.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\OneDriveSetup[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files (x86)\AutoIt3\Au3Info.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\AutoIt3\Au3Check.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe	PE32+ executable (GUI) x86-64, for MS Windows	#

Deep Malware Analysis