top title background image
flash

takumin.exe

Status: finished
Submission Time: 2023-06-29 11:58:06 +02:00
Malicious
Trojan
Evader
GhostRat, Nitol

Comments

Tags

  • exe

Details

  • Analysis ID:
    896197
  • API (Web) ID:
    1263167
  • Analysis Started:
    2023-06-29 11:58:06 +02:00
  • Analysis Finished:
    2023-06-29 12:10:46 +02:00
  • MD5:
    24bc29301059a1ceb4ecce433440cba2
  • SHA1:
    e1db3ebff33a534fef4250bfc694232fac809940
  • SHA256:
    6f03741eb6362adf2360b93159c1e9f254a51682cecfe7f41c0c6c98a2581a74
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 10/71
malicious

IPs

IP Country Detection
188.114.97.7
European Union
104.21.11.88
United States
172.67.34.170
United States
Click to see the 2 hidden entries
47.246.24.82
United States
27.124.34.142
Singapore

Domains

Name IP Detection
cf-slb.jscdn.cn
0.0.0.0
news.cookielive.top
0.0.0.0
link.jscdn.cn
188.114.97.7
Click to see the 5 hidden entries
ji.kunkunonline.top
27.124.34.142
workers.2studio.cn
104.21.11.88
pastebin.com
172.67.34.170
bbs.cookielive.top.w.kunlunhuf.com
47.246.24.82
j02dra.bl.files.1drv.com
0.0.0.0

URLs

Name Detection
http://crl.startssl.com/sfsca.crl0
https://pastebin.com/raw/6TLYbUVp
http://www.wosign.com/policy/0
Click to see the 36 hidden entries
http://dev.romzj.com?rommd5=checkshuamekey_manual_step1checkshuamekey_manual_step2checkshuamekey_tab
https://api1.shuame.com/v2/client/redirect/usbmode.html?versionCode=500&versionName=generalopenusbde
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://client.shuame.com/popup/course/authorizetutorialwnd_title_text_1authorizetutorialwnd_title_t
http://www.symauth.com/rpa00
http://aia.wosign.com/wosign.cer0.
http://ocsp.wosign.com/class3/code/ca04
http://www.wosign.com/policy/02
http://aia.startssl.com/certs/ca.crt02
http://aia.wosign.com/class3.code.ca.cer0
http://www.winimage.com/zLibDll
https://cf-slb.jscdn.cn/1drv/aHR0cHM6Ly8xZHJ2Lm1zL3UvcyFBa0ZQRnBaT2Q2d0FiMV9xOUpVajBQNlRyVDg_ZT05MEdIcGQ.zip
http://sv.sy
https://link.jscdn.cn/1drv/aHR0cHM6Ly8xZHJ2Lm1zL3UvcyFBa0ZQRnBaT2Q2d0FiMV9xOUpVajBQNlRyVDg_ZT05MEdIc
https://j02dra.bl.files.1drv.com/y4mhM4IctwVXMS9FtRk3b6QVjmsQSBDNo8ZWg_Fm4yAXYrfYz6P5yRO2yfxas6Fb74Z
http://crls.wosign.com/code-3.crl0w
http://agent.cs0309.3g.qq.com/agent/query.dohttp://agent.sj.qq.com/query.doAndroidServerSwitch.ini1
https://api1.shuame.com
http://www.shuame.com
http://www.shuame.com/shuajibao/?ref=shuame_client_feature_close_buttonFrame
https://pastebin.com/raw/6TLYbUVpue
http://www.wosign.com/0
http://ocsp.thawte.com0
http://ocsp.wosign.com/ca0
http://ocsp.startssl.com/ca00
http://www.shuame.com/faq/other/15438-contract.htmlhttp://www.shuame.com
https://api1.shuame.comrestorewnd_close_button%s(%s)restorewnd_finish_buttonrestorewnd_result_textre
https://api1.shuame.com/v2/client/redirect/usbmode.html?versionCode=500&versionName=general
http://www.symauth.com/cps0(
http://crls.wosign.com/ca.crl0E
https://curl.haxx.se/docs/http-cookies.html
https://curl.haxx.se/docs/http-cookies.html#
http://www.jiwohuishou.com/?shuame_pcmenu
https://link.jscdn.cn/1drv/aHR0cHM6Ly8xZHJ2Lm1zL3UvcyFBa0ZQRnBaT2Q2d0FiMV9xOUpVajBQNlRyVDg_ZT05MEdIcGQ.zip
http://curl.haxx.se/docs/http-cookies.html
http://www.shuame.com/features/changelog.html?shuame_client_about_offical_website_about_version5.0.0

Dropped files

Name File Type Hashes Detection
C:\Users\Public\WinZip\ypager.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#