Register Login

sloganpng

top title background image

Fnvtdhenapsfwu.exe

Status: finished

Submission Time: 2023-09-05 22:19:48 +02:00

Malicious

Ransomware

Trojan

Spyware

Exploiter

Evader

Remcos, DBatLoader

Comments

Tags

Details

Analysis ID:
1303888
API (Web) ID:
1303888
Analysis Started:

2023-09-05 22:19:48 +02:00
Analysis Finished:

2023-09-05 22:31:00 +02:00
MD5:
cffe529403460c6affe0f52c1e7de602
SHA1:
3e03898f87c2cc47d57893c3dd55302281e9f2b5
SHA256:
56a3dc5c90ade897e349ba0fd0433770dcdda32b5bd2a1c6608b2af2f9b34c05
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 15/24

malicious

IPs

IP	Country	Detection
81.161.229.9	Germany
193.42.32.61	Germany

Domains

Name	IP	Detection
orifak.ydns.eu	193.42.32.61
wsvdyhrgebwhevawe.ydns.eu	81.161.229.9
tornado.ydns.eu	193.42.32.61

URLs

Name	Detection
http://wsvdyhrgebwhevawe.ydns.eu/goofeeewsvd/FnvtdhenapsDLL
http://wsvdyhrgebwhevawe.ydns.eu/goofeeewsvd/Fnvtdhenaps
http://wsvdyhrgebwhevawe.ydns.eu/
Click to see the 9 hidden entries
http://wsvdyhrgebwhevawe.ydns.eu/goofeeewsvd/Fnvtdhenapsll&=
http://wsvdyhrgebwhevawe.ydns.eu/goofeeewsvd/Fnvtdhenapsf
http://wsvdyhrgebwhevawe.ydns.eu/goofeeewsvd/FnvtdhenapsDLLq/
tornado.ydns.eu
http://geoplugin.net/json.gp
http://://t.exet.exen
http://://t.exet.exe
http://geoplugin.net/json.gp/C
http://www.pmail.com

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\remcos\logs.dat	data	#
C:\Users\Public\Libraries\Fnvtdhen.PIF	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\Public\Fnvtdhen.url	MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Fnvtdhen.PIF">), ASCII text, with CRLF line terminators	#